It’s fairly common knowledge that our daily activities online (and off) are tracked, analyzed, and sold — to an extent that would make most of us blush if we really knew all the details.
But as Wired.com reported last week, researchers at the University of California, Berkeley have found a particular nasty practice by Flash cookies, a piece of technology becoming widespread in ads, videos and widgets around the Web.
First of all, Flash cookies — unlike the more ubiquitous and better-known HTML variety — cannot be regulated or deleted through Web browsers’ privacy settings. They can only be controlled by the end user through an obscure, downright confusing page on Adobe’s web site. (And Flash cookies can hold up to 100Kb of data, dwarfing HTML cookies which are usually limited by browsers to 4Kb.)
More dubiously, Flash can “re-spawn” traditional cookies that the user has already deleted, creating a new cookie using the original’s unique ID and filling it in with other data captured by Flash. That’s right, it brings them back from the dead. Thus: ZOMBIE cookies!
Third-party advertisers are the worst offenders found by UC Berkley researchers. Also named is Clearspring, makers of the popular AddThis widget. The AddThis button (pictured) makes it easy for publishers to add many social bookmarking links to any page or post. Apparently it also was found to resintate deleted cookies from AOL.com, Answers.com, and Mapquest.com.
Furthermore, all publishers should be reminded that many great copy & paste third party widgets like AddThis — from video and feed embeds to bookmarking and analytics — may be free, but that does not mean they do not come without a cost. In exchange for expedience, you’re allowing outside companies to run code through your site and on the computers of your visitors. While their intentions may not be nefarious, you should at least know what they’re doing. Are you comfortable with all that happens? If your readers knew, would they be comfortable too?
The same suspicions apply especially to outside advertising.
However, journalists must be worthy of their readers’ trust, not only in reporting but in the technology that they use to deliver it. Thinking through how you treat your readers’ privacy is essential.
You can read the full UC Berkley report here. (It’s only 4 pages long). Their methodology is simple enough that you could repeat the tests on your site to find out what all those little Flash buggers are really up to.