Flash Cookies and Consumer Privacy
Update: I should apologize to Adobe since I knew they had written to the FTC but didn’t mention it when I originally published this post. If you’re interested in this topic you should definitely download and read Adobe’s letter to the Secretary of the FTC regarding the use of Flash Local Shared Objects to re-spawn cookies. They cite my BPA white paper and do a great job outlining the company’s position on this particular use of their technology. I am writing to Adobe now to see if I can get someone on the phone to discuss in greater depth but if you know anyone there please ask them to email me directly.
A few weeks back we published a white paper with our client BPA Worldwide on the use of Flash Local Shared Objects in web analytics practices. The paper, titled “Flash LSOs: Is Your Privacy at Risk?” is available for download at BPA Worldwide and does require a tiny bit of information (name, company, email.) We wrote the paper with BPA Worldwide because we are seeing a resurgence in the use of Flash LSO as a back-up mechanism for browser cookies and frankly I personally worry about the practice.
Cookie deletion is what it is, and nothing anyone has done in the past five years has seemed to do anything to lessen (or worsen) the rate at which consumers clear cookie and history files. And yes, cookie deletion has a confounding effect on a variety of metrics web analytics professionals consider important, we’ve covered this more or less ad nasuem, although I certainly wonder how comScore’s recent reversal on the value of cookies will play out across combined web analytics + audience measurement efforts.
My concern is that companies are increasingly using cookies to over-ride consumer preferences regarding cookie deletion. Documented by Soltani, et al. in their paper “Flash Cookies and Privacy”, companies are actively using Flash LSO, which are much more difficult to block and delete than their browser-based counterparts, to essentially “reset” browser cookie values and thusly “remember” information that consumers are either implicitly or explicitly asking the web browser to forget.
If you’re doing this, or even considering this, I would encourage you to download the white paper as we provide what I believe to be sound guidance regarding the use of Flash LSO in a measurement practice. You might also want to check out this post over at the Adobe web site which details how Adobe Flash 10.1 will begin to support the “private browsing” feature in most browsers. While I don’t blame Adobe particularly for how companies are using LSO in digital measurement practices, this update is an excellent response from the company and shows their commitment to consumer privacy.
As always your thoughts and feedback are welcome.