Lawsuit Hits Companies Using 'Zombie' Flash Cookies 140
A privacy activist has filed a lawsuit targeting eight corporate users of Quantcast's "zombie" Flash cookies, in addition to Quantcast itself. The suit alleges that MTV, ESPN, MySpace, Hulu, ABC, Scribd, and others used Quancast's Flash-based cookies to recreate browser tracking cookies that users had taken the trouble to delete. "At issue is technology from Quantcast, also targeted in the lawsuit. Quantcast created Flash cookies that track users across the web, and used them to re-create traditional browser cookies that users deleted from their computers. These 'zombie' cookies came to light last year, after researchers at UC Berkeley documented deleted browser cookies returning to life. Quantcast quickly fixed the issue, calling it an unintended consequence of trying to measure web traffic accurately. ... The lawsuit (PDF)... asks the court to find that the practice violated eavesdropping and hacking laws, and that the practice of secretly tracking users also violated state and federal fair trade laws. The lawsuit alleges a 'pattern of covert online surveillance' and seeks status as a class action lawsuit."
primo (Score:4, Funny)
I hate how Slashdot uses zombie flash cookies to try to keep from getting what the Italians call il primo post.
Re: (Score:2)
Well, at least zombie flash cookies are better than zombie flesh cookies...I guess
And here I thought I must have been drunk. (Score:2, Funny)
Serious note (with experiment!) (Score:2)
On a serious note, I wonder if browsers with private browsing modes sandbox flash cookies? When you go back to normal browsing mode, will the flash cookies from tentaclerapecentral.com still be mixed in with your other flash cookies? Let's find out!
I'm going to clear my flash cookies, disable BetterPrivacy, then mess around in the Adobe Flash settings page in private browsing mode. This will cause my browser to pick up flash cookies.
Then I'll go back into normal browsing mode and look in my flash cookie fol
Re: (Score:3, Funny)
I have more bad news. It is a website now.
Re:And here I thought I must have been drunk. (Score:5, Funny)
Re: (Score:2)
Damn, that's the funniest thing I've read in a month.
Re: (Score:1, Offtopic)
A post like that certainly deserves a karma boost.
Re: (Score:1)
Re: (Score:1)
Re: (Score:1)
He used "grill" to mean "teeth". I chose to not interpret it that way.
Re:And here I thought I must have been drunk. (Score:4, Insightful)
Accurate though, because they
don't mention seasons!
Winter Snowfall (Score:1, Funny)
Your father unzips
Hot semen blankets your face
Like winter snowfall
(now that's how you write a Haiku, you other anonymous coward retards)
Re: (Score:2)
Doesn't it count
that the GP was reminiscent
of spring time?
Re: (Score:1)
Yes:
A proper haiku :(
Has to mention a season.
Nothing springs to mind
Re: (Score:2)
i have read your post
and i see what you did there
fall down some stairs please
Re: (Score:2)
Don't worry about it now
Summer harder than others
just have to think hard
Save games (Score:1, Informative)
Flash Sharedobjects aren't the same as cookies. They are often used as save files for Flash games. Then we have badly behaving programs like CCleaner which aggressively try to delete them all until you notice that it's about to delete all your save files, and stop it before it wipes them away.
Re:Save games (Score:4, Insightful)
CCleaner behaves badly? I beg to differ. CCleaner cleans trash. It ASKS you if you want to clean trash, then it TELLS you about the trash it finds, then ASKS again if you want to delete the trash.
Those who are to stupid to follow directions and/or to examine the results before taking out the trash deserve what they get.
As for those flash game files - big deal if all of them are deleted. The wife plays online flash games. Her files have been deleted by one or another privacy software. She logs back in to the site, and all her "important" saved stuff is loaded back onto her computer. Geez - that's a real burden isnt' it?
After the first time, she learned how to delete those super cookies without deleting the files she wanted saved.
Terrible learning curve, that. It took her all of 30 seconds of cussing and bitching, plus another 90 seconds of reading, and then ten more seconds to change the settings.
Meanwhile, Better Privacy routinely deletes all the asshattery of flash cookies that she didn't specifically authorize on her machine, and everyone is happy. Except the asshats, of course.
As for the lawsuit - yes, Super Cookies are a hack, and should be subject to hacking laws that are meant to protect the average user. Burn Quantcast for developing and using it, and burn everyone who has bought the damned thing. I don't care WHAT business you are in - you have no right to track people unless they specifically opt-in to a tracking program, with full knowledge and understanding of what they are doing.
Re: (Score:2)
SuperDuperCrapCleaner has found potential malware on your computer: NTOSKRNL Delete? y/n $
Re: (Score:1, Funny)
SuperDuperCrapCleaner has found potential malware on your computer: NTOSKRNL Delete? y/n $
$ y
$ System liberation successful
Re: (Score:1)
This, folks, is the important bit. Better Privacy [mozilla.org] is as essential as adblock and flashblock.
What I don't understand... (Score:2)
From TFA:
The lawsuit (.pdf), filed in U.S. district court in San Francisco, asks the court to find that the practice violated eavesdropping and hacking laws, and that the practice of secretly tracking users also violated state and federal fair trade laws.
Why hasn't anyone been led away in handcuffs? Are all the broken laws misdemeanors with a small fine, or what? Is it that no rich and powerful man goes to prison unless a richer and more powerful man wants him there? It sure seems so; Sony's XCP, the mine
Re: (Score:1)
Re: (Score:1)
From TFA:
The lawsuit (.pdf), filed in U.S. district court in San Francisco, asks the court to find that the practice violated eavesdropping and hacking laws, and that the practice of secretly tracking users also violated state and federal fair trade laws.
Why hasn't anyone been led away in handcuffs? Are all the broken laws misdemeanors with a small fine, or what? Is it that no rich and powerful man goes to prison unless a richer and more powerful man wants him there? It sure seems so; Sony's XCP, the mine disaster several months ago where there had been repeated fines for the safety violations that ultimately led to two dozen deaths? Someone should have been charged with negligent manslaughter, and from what I've read, so should someone from BP.
Are we back to feudalism?
Please expand on & explain "back to" in this context.
Re: (Score:2)
You may be right; feudalism may have never died.
And the other big Flash problem... (Score:5, Insightful)
You can't change the !@#$%^& Flash settings on your own computer. You have to go to a Flash website. And you can't manage your flash cookies without going to some obscure website.
It would be the easiest programming thing in the world to let people manage all the Flash settings and cookies right on the computer (no internet).
But noooo... that isn't the way the snoopy Flash people want things to be.
BetterPrivacy plug-in (Score:5, Informative)
At least for the Flash cookies on Wintel, the BetterPrivacy plug-in seems to be doing a good job of deleting them for me.
sPh
Re:BetterPrivacy plug-in (Score:5, Informative)
+1 on BetterPrivacy. Install that as an add-on, and it works on Windows and OS X. No more worries about Flash shared objects because it can be set to zap them at very short time intervals, as well as when you open or close the browser.
Firefox + BetterPrivacy + AdBlock + NoScript probably do as much for keeping a Windows machine clear of malicious software as most AV programs.
Re: (Score:2)
Re: (Score:2)
BetterPrivacy also works great for me on Ubuntu.
Here is the shitty site (Score:5, Informative)
http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html [macromedia.com]
Noscript users must temporarily allow adobe.com as well. (But at least you don't need to allow real cookies for either domain.)
You can set the flash plugin to not store any data, but it sure gets annoying on some sites when the volume controls don't work. You can also set it to ask, but it's even more annoying to try and hit the "cancel" button 15 times with choppy video behind it.
Re:Here is the shitty site (Score:5, Interesting)
Yes. If you tighten up the privacy controls enough on Flash, many video sites won't play, and some play badly. YouTube's player, for example, will display the "Press ESC to exit full screen mode" for the duration of play. There's absolutely no reason why that feature should depend on storing persistent information. It would be interesting to subpoena the developer and the documentation during development to determine if that was willfully put in to discourage users from using strict privacy settings.
Re: (Score:2)
most of my youtube viewing now shows "html5 ${spinner}" in the middle now. Granted I don't use FF anymore really.
Re: (Score:2)
Re: (Score:2)
Standard-conformant XHTML 1.1 would be fine, thanks (and use less bandwidth, and be easier to fill in, and work on a character-cell terminal).
Re: (Score:2)
Good luck making a program that can export that format reliably from pretty much any given program in the way that pdfs can be. And when you're done, can you explain to the people I work with why it's better having an xhtml file and all the separate image files rather than one combined, portable file? Don't get wrong, I hate them too but there's a reason that they're so popular.
Re: (Score:1)
Re: (Score:2)
> It would be the easiest programming thing in the world to let people manage
> all the Flash settings and cookies right on the computer (no internet).
It's your computer. You are free to program it to do whatever you want it to do.
How ironic... (Score:1, Flamebait)
Re: (Score:2)
Does anybody else see the irony in the -government- slapping the hands of businesses who -spy- on us?
No but that's probably because if I spied on somebody the Gov't is who I imagine would bust me. Now if Google slapped the hands of businesses collecting data...
Re: (Score:2)
Not really. Monopolies always try to smack down their competitors.
On LInux: (Score:2)
sudo chown root::root ~yourusername/.adobe/Flash_Player
sudo chmod 0000 ~yourusername/.adobe/Flash_Player
Re: (Score:2)
Better yet, use Apparmor or SELinux to stop it accessing anything it shouldn't access. When I created an Apparmor profile for Flash player I was amazed by all the places it tries to read from and write to.
Re: (Score:3, Interesting)
rm -rf ~/.adobe/Flash_Player/* ~/.macromedia/Flash_Player/* /dev/null ~/.adobe/Flash_Player/AssetCache /dev/null ~/.macromedia/Flash_Player/#SharedObjects /dev/null ~/.macromedia/Flash_Player/macromedia.com
ln -s
ln -s
ln -s
Or just get rid of Adobe Flash entirely.
Re: (Score:2, Informative)
icacls "%APPDATA%\Macromedia\Flash Player"
icacls "%APPDATA%\Macromedia\Flash Player"
Though I'd recommend a simple:
icacls "%APPDATA%\Macromedia\Flash Player"
Re: (Score:2)
You're right, I mistakenly assumed that ~ would be aliased to /root when sudo'ing, but the shell expands the tilde, not sudo. So:
sudo chown root::root ~/.adobe/Flash_Player
sudo chmod 0000 ~/.adobe/Flash_Player
I did this and it sort of broke Flash for me on a lot of sites, so YMMV.
Re: (Score:2)
Actually, my original command would have worked, but the above is cleaner.
Re: (Score:1)
~/.adobe/Flash_Player ?
If you're running the command as root, you'll want to select your non-root account home directory.
Re: (Score:2)
In my case there's nothing in .adobe/Flash_Player anyway, it's all in .macromedia/Flash_Player.
Use better privacy (Score:1, Informative)
Use Better privacy [mozilla.org].
I whitelist all the flash LSOs I want to keep, and have better privacy delete the others when I quit firefox.
Flashblock [mozilla.org] can also help.
I find noscript annoying.
I also accept all normal cookies for session only, and whitelist sites I want to stay logged in on using Cookie monster [mozilla.org].
Re: (Score:2)
> and have better privacy delete the others when I quit firefox.
I still can't believe, the Mozilla Devs removed the fabulous Clear History Popup window on exit. That was one of the best features of the browser, IMHO (friends and family agree)!!
(Yes, I know about askforsanitize...it works but looks very ugly.)
Zombie Flash Cookies (Score:3, Funny)
Zombie Flash Cookies. I'm sure they're bad for you, but you have to admit they sound like they'd be tasty.
Re: (Score:1)
Re: (Score:2)
Re: (Score:1)
And there's some aspect of this experience that doesn't sound both tasty and exhilarating?
Re: (Score:1)
Do they taste like chicken?
Re: (Score:1)
Re: (Score:1)
Re: (Score:2)
DMCA (Score:2, Interesting)
I protect my privacy
You circumvent it
Can we not use their own laws against them ?
Re: (Score:1)
Re:DMCA (Score:4, Insightful)
If your theory holds, the French could sue the Germans under the DMCA for circumventing the Maginot line [wikipedia.org]. Here's a pro tip: there are some circumventions which have jack all to do with copyright law.
Re: (Score:2)
> If your theory holds, the French could sue the Germans under the DMCA for circumventing the Maginot line.
Ohh...zis is a most wundervoll idea!! We will implement zis immediately!
Re: (Score:2)
In France's defense: who could have predicted that Germany knew about Belgium?
Re: (Score:1)
Well, the French could, as this is what Germany already did to them in WW I [wikipedia.org].
Re: (Score:2)
Troubles with that are two-fold:
1) You can't prosecute for a crime that was not a crime at the time of commission (DMCA was passed after WWII).
2) France != USA and doesn't have the DMCA
I know it's called an analogy, but please don't take those four characters so literally.
Re: (Score:1, Troll)
Except it isn't circumventing anything. If you are dumb enough to install Flash on your computer then you've given your permission. Uninstall Flash if you're so paranoid. Gawd knows Flash is a lot more of a danger to your computer experience than cookies are.
Lawsuit for *this*? (Score:2)
Oh, wait, this is the US... never mind.
Re: (Score:3, Insightful)
Re: (Score:2)
I agree with you though. This is a problem solved by a technological solution (BetterPrivacy, a shell script that runs and zaps the Flash directory, or something along those lines), than having it be litigated.
Litigation may even backfire, and a judge might rule that removing Flash cookies is considered circumventing DRM on Flash objects, and may make it even more difficult for utilities like BetterPrivacy or CCleaner to even exist.
Re: (Score:2)
> Litigation may even backfire, and a judge might rule that removing Flash
> cookies is considered circumventing DRM on Flash objects,
That's an "amazing" interpretation of the DMCA even for Slashdot.
Re: (Score:2)
This isn't far fetched. Anyone remember a few years back, a verdict against a P2P site where they were ordered to log every single change that happened even in RAM on a machine?
I can see a defendant arguing that the "DRM" for a flash game is the Flash shared objects, and if the judge isn't aware about issues, he or she might render a very punishing verdict which would take millions of dollars to appeal.
Re: (Score:2)
Oh, fuck that. This is worthy of some serious competition to Adobe in the form of Flash Player Replacement [wikipedia.org] options. SVG and Canvas are nice and all, but there must be alternate ways to view the same content similar to competing web browsers for viewing the same HTML.
OS X can use this program to delete flash cookies (Score:2, Informative)
Re:OS X can use this program to delete flash cooki (Score:4, Informative)
Re:OS X can use this program to delete flash cooki (Score:4, Funny)
Re: (Score:3, Funny)
I think it would have been funnier if you had said "bash terminal".
Re: (Score:1)
Re: (Score:2)
Or, as an above poster suggested, substitute the folder with a link to /dev/null.
deleted browser cookies returning to life? (Score:2)
You flush them out, they seem like ads?
habbo (Score:2)
Hello World, er Apple (Score:5, Funny)
Re: (Score:2)
Well, this sort of thing is the reason why so many content providers are reluctant to move to HTML5 and away from Flash. When they talk about the additional capabilities that Flash has, this is what they mean. The ability to track your usage and gather information about you. (and the back room deals Adobe cuts along the way to deliver this data) Yet people clamor for Flash on their mobile phones.
Say what you will about Apple, in this case they're absolutely right. Perhaps not for the right reasons, but
Re: (Score:1)
The ability to track your usage and gather information about you.
Web browsers also support cookies natively, and it is possible to use these with html5 without explicitly requiring Flash to 'track your usage and gather information about you', and many, many advertising and other such companies do so. Flash sharedobjects are just a piece of technology. They aren't any more evil or suspicious than normal cookies. All this company does is store a copy of your cookies in a flash cookie so if you delete the one, they can restore it from the other.
Re: (Score:1)
Say what you will about Apple, in this case they're absolutely right. Perhaps not for the right reasons, but still. The enemy of my enemy is my friend and all that.
The enemy of my enemy is my enemy's enemy. No more, no less.
Re: (Score:2)
For many of us non-programmers (but techies anyways) Flash is a glorified codec. I use flash for:
A) Watching video online
and
B) Nothing else.
Hell, if a site has a flash splash page I close it instantly, no matter what's behind it. Flash based slideshow? Close window. Flash based games? You kidding me? What am I... nine? Close window.
I very much look forward to the day that I don't have to use Flash anymore to watch videos, I'll uninstall it at that point and never look back.
Adobe is in a backwards slid
Re:Hello World, er Apple (Score:4, Funny)
It's now Wednesday, so yes.
Re: (Score:2)
Again? We've always been at war with Adobe.
Manage Flash Cookies the easy way (Score:1, Informative)
Place this code into your crontab to run every day.
rm -rf ${HOME}/.macromedia/*
Flash cookies are handled perfectly. You may need to use ${LOGNAME} instead. I've added these lines to the beginning of my daily backup job. Simple. Effective.
Adobe AIR probably does something similar, so check for that crap in a similar manner, if you still have AIR installed. I removed it after 7 days of use. Take about crap. It is slower than Java and bloated even more than iTunes + Outlook + Java, IMHO.
iPhone/iPad are unaffected (Score:1)
Aw just recreate cookies you never had. (Score:1)
A cookie could be inserted that you never had.
I can see the defense in court -- the Keebler Elves made me do it. They kept giving me those cookies and now I am 5000# and in jail.
Re:Not Quantcast's fault (Score:4, Informative)
You logic is flawed. If I kill a human with a Samurai sword, would you blame the maker of the sword?
Do you mean Dell computers with Windows? Maybe, but no version of Windows ever came with Flash.
Re: (Score:1, Informative)
Windows XP did. It's what they used to display the "Welcome to Windows XP" intro (the big one) when you installed it. But that was a while back.
Re:Not Quantcast's fault (Score:4, Informative)
Actually this is not a troll. Take a look in the C:\windows\help\tours\mmtour folder of a new windows XP 32-bit installation and you will find that the tour is SWF based.
Among other dlls pre-installed on the system is a flash 3 or flash 4, or some similar early version dll (I forget the version or exact file name, but a search for 'flash' or 'swf' in file names on a brand new XP install (you might need to run the tour first to have it appear) should probably find it. I don't believe the browser plug-in ever came pre-installed, but the core DLL most definitely did.
Re: (Score:3, Insightful)
You're kidding, right?
Re: (Score:3, Interesting)
Don't blame Quantcast. They're using the technology as Macromedia intended - to violate your privacy.
So, as you say they are purposely using software designed to violate your privacy. Why exactly shouldn't we blame them for that again?
Internet Users (Score:1)
Re: (Score:1)
USE A RAMDISK! (Score:2)
This needs repeating.
USE A RAMDISK and learn about MKLink. Use it for any temp data you can get away with.
I run Windows 7 x64, I have 4GB of memory and I dedicate 512MB to a RAMDisk. I point Flash, IE and Chrome temp directories to the disk.
I've found that unless I'm running multiple VM's I can give up the memory with no negative side effects. In fact, browsing is slightly quicker.