Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Privacy Advertising The Courts

Lawsuit Hits Companies Using 'Zombie' Flash Cookies 140

A privacy activist has filed a lawsuit targeting eight corporate users of Quantcast's "zombie" Flash cookies, in addition to Quantcast itself. The suit alleges that MTV, ESPN, MySpace, Hulu, ABC, Scribd, and others used Quancast's Flash-based cookies to recreate browser tracking cookies that users had taken the trouble to delete. "At issue is technology from Quantcast, also targeted in the lawsuit. Quantcast created Flash cookies that track users across the web, and used them to re-create traditional browser cookies that users deleted from their computers. These 'zombie' cookies came to light last year, after researchers at UC Berkeley documented deleted browser cookies returning to life. Quantcast quickly fixed the issue, calling it an unintended consequence of trying to measure web traffic accurately. ... The lawsuit (PDF)... asks the court to find that the practice violated eavesdropping and hacking laws, and that the practice of secretly tracking users also violated state and federal fair trade laws. The lawsuit alleges a 'pattern of covert online surveillance' and seeks status as a class action lawsuit."
This discussion has been archived. No new comments can be posted.

Lawsuit Hits Companies Using 'Zombie' Flash Cookies

Comments Filter:
  • primo (Score:4, Funny)

    by Anonymous Coward on Tuesday July 27, 2010 @08:46PM (#33052812)

    I hate how Slashdot uses zombie flash cookies to try to keep from getting what the Italians call il primo post.

  • And forgot to delete those cookies from that porn site I didn't go to.
  • Save games (Score:1, Informative)

    by Dwedit ( 232252 )

    Flash Sharedobjects aren't the same as cookies. They are often used as save files for Flash games. Then we have badly behaving programs like CCleaner which aggressively try to delete them all until you notice that it's about to delete all your save files, and stop it before it wipes them away.

    • Re:Save games (Score:4, Insightful)

      by Runaway1956 ( 1322357 ) on Tuesday July 27, 2010 @10:14PM (#33053234) Homepage Journal

      CCleaner behaves badly? I beg to differ. CCleaner cleans trash. It ASKS you if you want to clean trash, then it TELLS you about the trash it finds, then ASKS again if you want to delete the trash.

      Those who are to stupid to follow directions and/or to examine the results before taking out the trash deserve what they get.

      As for those flash game files - big deal if all of them are deleted. The wife plays online flash games. Her files have been deleted by one or another privacy software. She logs back in to the site, and all her "important" saved stuff is loaded back onto her computer. Geez - that's a real burden isnt' it?

      After the first time, she learned how to delete those super cookies without deleting the files she wanted saved.

      Terrible learning curve, that. It took her all of 30 seconds of cussing and bitching, plus another 90 seconds of reading, and then ten more seconds to change the settings.

      Meanwhile, Better Privacy routinely deletes all the asshattery of flash cookies that she didn't specifically authorize on her machine, and everyone is happy. Except the asshats, of course.

      As for the lawsuit - yes, Super Cookies are a hack, and should be subject to hacking laws that are meant to protect the average user. Burn Quantcast for developing and using it, and burn everyone who has bought the damned thing. I don't care WHAT business you are in - you have no right to track people unless they specifically opt-in to a tracking program, with full knowledge and understanding of what they are doing.

      • SuperDuperCrapCleaner has found potential malware on your computer: NTOSKRNL Delete? y/n $

        • Re: (Score:1, Funny)

          by Anonymous Coward

          SuperDuperCrapCleaner has found potential malware on your computer: NTOSKRNL Delete? y/n $

          $ y
          $ System liberation successful

      • Meanwhile, Better Privacy routinely deletes all the asshattery of flash cookies that she didn't specifically authorize on her machine, and everyone is happy. Except the asshats, of course.

        This, folks, is the important bit. Better Privacy [mozilla.org] is as essential as adblock and flashblock.
    • From TFA:
      The lawsuit (.pdf), filed in U.S. district court in San Francisco, asks the court to find that the practice violated eavesdropping and hacking laws, and that the practice of secretly tracking users also violated state and federal fair trade laws.

      Why hasn't anyone been led away in handcuffs? Are all the broken laws misdemeanors with a small fine, or what? Is it that no rich and powerful man goes to prison unless a richer and more powerful man wants him there? It sure seems so; Sony's XCP, the mine

      • "Are we back to feudalism?" I think you misunderstood the term feudalism. That's the period where knights fought for their kingdoms and princess got stuck in towers. Not the period where offshore oil platform exploded killing eleven people. The more you know...
      • From TFA:
        The lawsuit (.pdf), filed in U.S. district court in San Francisco, asks the court to find that the practice violated eavesdropping and hacking laws, and that the practice of secretly tracking users also violated state and federal fair trade laws.

        Why hasn't anyone been led away in handcuffs? Are all the broken laws misdemeanors with a small fine, or what? Is it that no rich and powerful man goes to prison unless a richer and more powerful man wants him there? It sure seems so; Sony's XCP, the mine disaster several months ago where there had been repeated fines for the safety violations that ultimately led to two dozen deaths? Someone should have been charged with negligent manslaughter, and from what I've read, so should someone from BP.

        Are we back to feudalism?

        Please expand on & explain "back to" in this context.

  • by Anonymous Coward on Tuesday July 27, 2010 @08:53PM (#33052840)

    You can't change the !@#$%^& Flash settings on your own computer. You have to go to a Flash website. And you can't manage your flash cookies without going to some obscure website.

    It would be the easiest programming thing in the world to let people manage all the Flash settings and cookies right on the computer (no internet).

    But noooo... that isn't the way the snoopy Flash people want things to be.

    • by sphealey ( 2855 ) on Tuesday July 27, 2010 @09:15PM (#33052986)

      At least for the Flash cookies on Wintel, the BetterPrivacy plug-in seems to be doing a good job of deleting them for me.

      sPh

      • by mlts ( 1038732 ) * on Tuesday July 27, 2010 @10:42PM (#33053384)

        +1 on BetterPrivacy. Install that as an add-on, and it works on Windows and OS X. No more worries about Flash shared objects because it can be set to zap them at very short time intervals, as well as when you open or close the browser.

        Firefox + BetterPrivacy + AdBlock + NoScript probably do as much for keeping a Windows machine clear of malicious software as most AV programs.

        • I also use Cookie Monster for managing cookies. The only problem with NoScript is that it causes a lot of problems for people who aren't techies, like the date-picker not working, some submits not working, etc, since they don't know when to add a site to the white list. So I tend to install only AdBlock and BetterPrivacy for the non-techies.
      • BetterPrivacy also works great for me on Ubuntu.

    • by psyclone ( 187154 ) on Tuesday July 27, 2010 @09:19PM (#33053010)

      http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html [macromedia.com]

      Noscript users must temporarily allow adobe.com as well. (But at least you don't need to allow real cookies for either domain.)

      You can set the flash plugin to not store any data, but it sure gets annoying on some sites when the volume controls don't work. You can also set it to ask, but it's even more annoying to try and hit the "cancel" button 15 times with choppy video behind it.

      • by Animats ( 122034 ) on Tuesday July 27, 2010 @09:54PM (#33053146) Homepage

        Yes. If you tighten up the privacy controls enough on Flash, many video sites won't play, and some play badly. YouTube's player, for example, will display the "Press ESC to exit full screen mode" for the duration of play. There's absolutely no reason why that feature should depend on storing persistent information. It would be interesting to subpoena the developer and the documentation during development to determine if that was willfully put in to discourage users from using strict privacy settings.

        • by cynyr ( 703126 )

          most of my youtube viewing now shows "html5 ${spinner}" in the middle now. Granted I don't use FF anymore really.

      • Adobe sucks. If I have one more company send me a form in PDF format I'm going to scream.
      • Yeah, I wish there were a way to deal with all the crappy aspects of Flash. I mean, besides just deleting the POS. Hmmm, that's not such a bad idea...
    • > It would be the easiest programming thing in the world to let people manage
      > all the Flash settings and cookies right on the computer (no internet).

      It's your computer. You are free to program it to do whatever you want it to do.

  • How ironic... (Score:1, Flamebait)

    by SOULFLAYER ( 1865632 )
    Does anybody else see the irony in the -government- slapping the hands of businesses who -spy- on us?
    • Does anybody else see the irony in the -government- slapping the hands of businesses who -spy- on us?

      No but that's probably because if I spied on somebody the Gov't is who I imagine would bust me. Now if Google slapped the hands of businesses collecting data...

    • Not really. Monopolies always try to smack down their competitors.

  • sudo chown root::root ~yourusername/.adobe/Flash_Player
    sudo chmod 0000 ~yourusername/.adobe/Flash_Player

    • by 0123456 ( 636235 )

      Better yet, use Apparmor or SELinux to stop it accessing anything it shouldn't access. When I created an Apparmor profile for Flash player I was amazed by all the places it tries to read from and write to.

    • Re: (Score:3, Interesting)

      by John Hasler ( 414242 )

      rm -rf ~/.adobe/Flash_Player/* ~/.macromedia/Flash_Player/*
      ln -s /dev/null ~/.adobe/Flash_Player/AssetCache
      ln -s /dev/null ~/.macromedia/Flash_Player/#SharedObjects
      ln -s /dev/null ~/.macromedia/Flash_Player/macromedia.com

      Or just get rid of Adobe Flash entirely.

    • Re: (Score:2, Informative)

      by izomiac ( 815208 )
      On Windows, in an elevated command prompt:
      icacls "%APPDATA%\Macromedia\Flash Player" /setowner SYSTEM
      icacls "%APPDATA%\Macromedia\Flash Player" /inheritance:r /deny everyone:F

      Though I'd recommend a simple:
      icacls "%APPDATA%\Macromedia\Flash Player" /inheritance:d /deny everyone:(WD,AD)
  • Use better privacy (Score:1, Informative)

    by Anonymous Coward

    Use Better privacy [mozilla.org].

    I whitelist all the flash LSOs I want to keep, and have better privacy delete the others when I quit firefox.

    Flashblock [mozilla.org] can also help.

    I find noscript annoying.

    I also accept all normal cookies for session only, and whitelist sites I want to stay logged in on using Cookie monster [mozilla.org].

    • > and have better privacy delete the others when I quit firefox.

      I still can't believe, the Mozilla Devs removed the fabulous Clear History Popup window on exit. That was one of the best features of the browser, IMHO (friends and family agree)!!

      (Yes, I know about askforsanitize...it works but looks very ugly.)

  • by Anne_Nonymous ( 313852 ) on Tuesday July 27, 2010 @09:05PM (#33052920) Homepage Journal

    Zombie Flash Cookies. I'm sure they're bad for you, but you have to admit they sound like they'd be tasty.

  • DMCA (Score:2, Interesting)

    by giorgist ( 1208992 )
    Doesn't this fall under the unticircumvention law.
    I protect my privacy
    You circumvent it

    Can we not use their own laws against them ?
    • Tattoo this to your forehead and go from there "© 2010 Me"
    • Re:DMCA (Score:4, Insightful)

      by nacturation ( 646836 ) * <nacturation@gmAUDENail.com minus poet> on Tuesday July 27, 2010 @09:56PM (#33053172) Journal

      If your theory holds, the French could sue the Germans under the DMCA for circumventing the Maginot line [wikipedia.org]. Here's a pro tip: there are some circumventions which have jack all to do with copyright law.

      • > If your theory holds, the French could sue the Germans under the DMCA for circumventing the Maginot line.

        Ohh...zis is a most wundervoll idea!! We will implement zis immediately!

      • ...circumventing the Maginot line.

        In France's defense: who could have predicted that Germany knew about Belgium?

        • In France's defense: who could have predicted that Germany knew about Belgium?

          Well, the French could, as this is what Germany already did to them in WW I [wikipedia.org].

    • Re: (Score:1, Troll)

      by MikeFM ( 12491 )

      Except it isn't circumventing anything. If you are dumb enough to install Flash on your computer then you've given your permission. Uninstall Flash if you're so paranoid. Gawd knows Flash is a lot more of a danger to your computer experience than cookies are.

  • This isn't worthy of a lawsuit, this is worthy of a browser extension or plug-in, in-built browser function to manage flash cookies or simply an addition to the flash settings panel.

    Oh, wait, this is the US... never mind.
    • Re: (Score:3, Insightful)

      by wealthychef ( 584778 )
      Yes, lawyers are interested in getting money. It's not about justice, or consumer rights, or privacy. It's about greedy lawyers always and forever.
    • by mlts ( 1038732 ) *

      I agree with you though. This is a problem solved by a technological solution (BetterPrivacy, a shell script that runs and zaps the Flash directory, or something along those lines), than having it be litigated.

      Litigation may even backfire, and a judge might rule that removing Flash cookies is considered circumventing DRM on Flash objects, and may make it even more difficult for utilities like BetterPrivacy or CCleaner to even exist.

      • > Litigation may even backfire, and a judge might rule that removing Flash
        > cookies is considered circumventing DRM on Flash objects,

        That's an "amazing" interpretation of the DMCA even for Slashdot.

        • by mlts ( 1038732 ) *

          This isn't far fetched. Anyone remember a few years back, a verdict against a P2P site where they were ordered to log every single change that happened even in RAM on a machine?

          I can see a defendant arguing that the "DRM" for a flash game is the Flash shared objects, and if the judge isn't aware about issues, he or she might render a very punishing verdict which would take millions of dollars to appeal.

    • Oh, fuck that. This is worthy of some serious competition to Adobe in the form of Flash Player Replacement [wikipedia.org] options. SVG and Canvas are nice and all, but there must be alternate ways to view the same content similar to competing web browsers for viewing the same HTML.

  • Could be interesting for a passive law enforcement tracking id?
    You flush them out, they seem like ads?
  • flash cookies are old news, at least as old as the habbo hotel raids
  • by AnAdventurer ( 1548515 ) on Wednesday July 28, 2010 @12:01AM (#33053696)
    Are we on Apple's side again for being anti-Flash? (I lose track so easily)
    • Well, this sort of thing is the reason why so many content providers are reluctant to move to HTML5 and away from Flash. When they talk about the additional capabilities that Flash has, this is what they mean. The ability to track your usage and gather information about you. (and the back room deals Adobe cuts along the way to deliver this data) Yet people clamor for Flash on their mobile phones.

      Say what you will about Apple, in this case they're absolutely right. Perhaps not for the right reasons, but

      • The ability to track your usage and gather information about you.

        Web browsers also support cookies natively, and it is possible to use these with html5 without explicitly requiring Flash to 'track your usage and gather information about you', and many, many advertising and other such companies do so. Flash sharedobjects are just a piece of technology. They aren't any more evil or suspicious than normal cookies. All this company does is store a copy of your cookies in a flash cookie so if you delete the one, they can restore it from the other.

      • by KDR_11k ( 778916 )

        Say what you will about Apple, in this case they're absolutely right. Perhaps not for the right reasons, but still. The enemy of my enemy is my friend and all that.

        The enemy of my enemy is my enemy's enemy. No more, no less.

    • by tehcyder ( 746570 ) on Wednesday July 28, 2010 @04:12AM (#33054268) Journal

      Are we on Apple's side again for being anti-Flash? (I lose track so easily)

      It's now Wednesday, so yes.

    • by selven ( 1556643 )

      Again? We've always been at war with Adobe.

  • by Anonymous Coward

    Place this code into your crontab to run every day.

    rm -rf ${HOME}/.macromedia/*

    Flash cookies are handled perfectly. You may need to use ${LOGNAME} instead. I've added these lines to the beginning of my daily backup job. Simple. Effective.

    Adobe AIR probably does something similar, so check for that crap in a similar manner, if you still have AIR installed. I removed it after 7 days of use. Take about crap. It is slower than Java and bloated even more than iTunes + Outlook + Java, IMHO.

  • Maybe there are some good reasons to not allow Flash on your platform?
  • This is sort of a backup and restore activity but there is no way to control what is restored.

    A cookie could be inserted that you never had.

    I can see the defense in court -- the Keebler Elves made me do it. They kept giving me those cookies and now I am 5000# and in jail.

"There is no statute of limitations on stupidity." -- Randomly produced by a computer program called Markov3.

Working...