CoPress

It’s fairly common knowledge that our daily activities online (and off) are tracked, analyzed, and sold — to an extent that would make most of us blush if we really knew all the details.

But as Wired.com reported last week, researchers at the University of California, Berkeley have found a particular nasty practice by Flash cookies, a piece of technology becoming widespread in ads, videos and widgets around the Web.

First of all, Flash cookies — unlike the more ubiquitous and better-known HTML variety — cannot be regulated or deleted through Web browsers’ privacy settings. They can only be controlled by the end user through an obscure, downright confusing page on Adobe’s web site. (And Flash cookies can hold up to 100Kb of data, dwarfing HTML cookies which are usually limited by browsers to 4Kb.)

More dubiously, Flash can “re-spawn” traditional cookies that the user has already deleted, creating a new cookie using the original’s unique ID and filling it in with other data captured by Flash. That’s right, it brings them back from the dead. Thus: ZOMBIE cookies!

Third-party advertisers are the worst offenders found by UC Berkley researchers. Also named is Clearspring, makers of the popular AddThis widget. The AddThis button (pictured) makes it easy for publishers to add many social bookmarking links to any page or post. Apparently it also was found to resintate deleted cookies from AOL.com, Answers.com, and Mapquest.com.

Clearspring did not deny the practice when contacted by Wired, saying it speeds up surfing and is disclosed in their privacy policy. It’s still a shady move, however; Web editors who use AddThis should strongly consider discontinuing it.

Furthermore, all publishers should be reminded that many great copy & paste third party widgets like AddThis — from video and feed embeds to bookmarking and analytics — may be free, but that does not mean they do not come without a cost. In exchange for expedience, you’re allowing outside companies to run code through your site and on the computers of your visitors. While their intentions may not be nefarious, you should at least know what they’re doing. Are you comfortable with all that happens? If your readers knew, would they be comfortable too?

The same suspicions apply especially to outside advertising.

Few college news sites have their own formal, written privacy policy. That’s understandable; they’re a very small cog in the very big machine of behavior tracking. We all implicitly accept a little loss of privacy for the conveniences of the modern Web, and your college rag is hardly a big reason why Google knows you better than your mother.

However, journalists must be worthy of their readers’ trust, not only in reporting but in the technology that they use to deliver it. Thinking through how you treat your readers’ privacy is essential.

You can read the full UC Berkley report here. (It’s only 4 pages long). Their methodology is simple enough that you could repeat the tests on your site to find out what all those little Flash buggers are really up to.