Flash Cookies and Consumer Privacy

SEARCH BLOG

Originally written by Eric Peterson on February 5, 2010

Update: I should apologize to Adobe since I knew they had written to the FTC but didn’t mention it when I originally published this post. If you’re interested in this topic you should definitely download and read Adobe’s letter to the Secretary of the FTC regarding the use of Flash Local Shared Objects to re-spawn cookies. They cite my BPA white paper and do a great job outlining the company’s position on this particular use of their technology. I am writing to Adobe now to see if I can get someone on the phone to discuss in greater depth but if you know anyone there please ask them to email me directly.

A few weeks back we published a white paper with our client BPA Worldwide on the use of Flash Local Shared Objects in web analytics practices. The paper, titled “Flash LSOs: Is Your Privacy at Risk?” is available for download at BPA Worldwide and does require a tiny bit of information (name, company, email.) We wrote the paper with BPA Worldwide because we are seeing a resurgence in the use of Flash LSO as a back-up mechanism for browser cookies and frankly I personally worry about the practice.

Cookie deletion is what it is, and nothing anyone has done in the past five years has seemed to do anything to lessen (or worsen) the rate at which consumers clear cookie and history files. And yes, cookie deletion has a confounding effect on a variety of metrics web analytics professionals consider important, we’ve covered this more or less ad nasuem, although I certainly wonder how comScore’s recent reversal on the value of cookies will play out across combined web analytics + audience measurement efforts.

My concern is that companies are increasingly using cookies to over-ride consumer preferences regarding cookie deletion. Documented by Soltani, et al. in their paper “Flash Cookies and Privacy”, companies are actively using Flash LSO, which are much more difficult to block and delete than their browser-based counterparts, to essentially “reset” browser cookie values and thusly “remember” information that consumers are either implicitly or explicitly asking the web browser to forget.

If you’re doing this, or even considering this, I would encourage you to download the white paper as we provide what I believe to be sound guidance regarding the use of Flash LSO in a measurement practice. You might also want to check out this post over at the Adobe web site which details how Adobe Flash 10.1 will begin to support the “private browsing” feature in most browsers. While I don’t blame Adobe particularly for how companies are using LSO in digital measurement practices, this update is an excellent response from the company and shows their commitment to consumer privacy.

As always your thoughts and feedback are welcome.

ABOUT Eric Peterson

Eric T. Peterson is author of Web Analytics Demystified, Web Site Measurement Hacks and The Big Book of Key Performance Indicators and a long-time member of the web analytics community. He frequently presents on web analytics and is often cited in articles about digital measurement. In the past Mr. Peterson has worked with well-known brands like Microsoft, HP, Cisco, Best Buy, Disney, LEGO, CBS and CBS News, and ESPN. More recently, Mr. Peterson has founded The Analysis Exchange, a completely new way to gain experience with digital measurement. As an employee of Analytics Demystified Eric is a member of the Digital Analytics Association (DAA), an Adobe Business Partner, and a Google Analytics Certified Partner.

SEARCH BLOG

Flash Cookies and Consumer Privacy

SEARCH BLOG

ABOUT Eric Peterson

SEARCH BLOG