Adobe finally admit Flash ‘cookie’ privacy violation

Adobe have finally admitted in a blog post that there is a ‘weakness' in the implementation of Flash cookies, or as Adobe call them ‘local shared objects (LSOs).

This issue allowed other websites, not Adobe, to track user behaviour, even after a user has cleared the traditional web cookie. This has been a privacy violation now for a while and an unpleasant issue many people have had to deal with, even without knowing about it.

The company are “collaborating with browser vendors to integrate LSO management with the browser UI”. WHich should give users an easier and locally based way to purge the LSOs of third party information and prevent a reoccurrence. An API called NPAPI ClearSiteData has already been approved for implementation in Firefox and will be added to Chrome at a later date. Emmy Huang, the Adobe blogger has also indicated that a system preference setting for Windows, Mac and Linux platforms would give users local control over LSO management, with the option to disable it completely.

No time frame has been announced yet, however Fortune 500 companies such as Apple and Microsoft are expected to be involved. Safari browsers running in Private Browsing Mode and using Flash 10.1 or higher can already clear LSOs, but many people don't use this feature as it can be impractical for routine internet use.

This has been brought to a head by recent lawsuits involving the misuse of LSO's with filings against Quantcast, Clearsprint, the Walt Disney Company, Warner Brothers Records and Specific Media. All of these companies have been accused of misusing LSO's to restore the ability to track customers who deliberately deleted ‘regular' cookies for privacy protection. California Berkeley researched discovered that 50 percent of the websites they sampled were using LSOs to track users.

KitGuru says: This is a positive move, but is it long overdue?

Become a Patron!