Adobe has finally taken some public steps to ameliorate the privacy problem exposed by the zombie cookie debacle five months ago
Five months after a string of lawsuits unveiled Flash’s complicity in restoring zombie cookies, Adobe Systems has finally promised to do something about it. The operative word is “promised.”
Back in August I wrote about Adobe Flash’s Local Stored Objects (LSOs, or “Flash cookies“) and how they were being used to keep regular cookies alive, even after a user deleted them. The zombie cookie approach landed Disney, ABC, ESPN, MTV, Warner Brothers, MySpace, and NBC Universal, among others, in court for their boorish behavior.
At its heart the trick’s pretty simple. A website that wanted to maintain tenacious cookies only needed one extra step. In addition to placing a cookie on the user’s PC, they also used the good services of Adobe Flash to keep a backup copy of the cookie. That way, if the user deleted a particular site’s cookie, the site could rummage around in Flash’s storage to see if there was a backup. Few users are savvy enough to clear Flash cookies in addition to regular cookies. Browser settings that control regular cookies don’t have any sway at all over Flash. It’s a technique perfected and promulgated by two data-gathering companies, Quantcast and Clearspring, which also deservedly landed in court.
Adobe has known about the potential of LSO abuse for years. The zombie cookie debacle five months ago merely publicized a technique that was well-known and widely used in privacy-busting circles — and had been used for quite some time.
I’m happy to say that Adobe has finally taken some public steps to ameliorate the problem. Hey, it only took ‘em five months. Writing on the official Adobe blog, Flash Group Product Manager Emmy Huang says that Adobe is pursuing the problem in three different ways.
Article source: http://www.infoworld.com/t/privacy/adobe-finally-promises-help-rein-in-flash-cookies-601?source=rss_security_central
Category: Security News