Adobe condemns cookie respawning in comments to FTC

In comments submitted to the Federal Trade Commission (FTC) last week, Adobe said it condemns the practice known as cookie respawning, which uses a Flash storage device to back up browser cookies and restore them after users delete them.

Cookie deletion is a major problem for web publishers, leading to multiple cookies being issued to the same computer – thus inflating audience counts. The use of Flash storage as a form of ‘super-cookie’ has been viewed as a way round this, but risks flying in the face of consumer privacy preferences.

Web analytics consultant Eric Peterson previously warned that companies “making inappropriate or irresponsible use of Flash technology are very likely asking for trouble” – including those who do not respawn cookies but utilise Flash storage as a form of consumer tracking without the privacy notices and controls that typically accompany the use of browser cookies.

Adobe chief privacy officer MeMe Jacobs Rasmussen told the FTC: “Adobe believes it is important to get a better understanding of the landscape in order to have a basis to decide on the range of ‘bad’ and ‘good’ uses of [Flash] storage, and whether there are any actions that companies that own these technologies can take to address those misuses.”

In the meantime, she said, the firm was in discussions with browser companies “to determine whether there is an efficient way to provide users the opportunity to control their Flash Local Storage when they set their browser privacy settings”.

Currently, local storage settings have to be managed through the Flash Player settings manager, but Rasmussen said the newest version of the Flash Player, currently in beta testing, will make it “easier for users to find and change their privacy settings”. Version 10.1 will also support the new private browsing modes which have been recently introduced in a number of web browsers.

• Never mind Flash and browser cookies: digital rights organisation the Electronic Frontier Foundation (EFF) has flagged a potential new privacy menace – the User Agent. The User Agent is a little bit of code that tells a website which operating system and web browser a computer is using, and is often used as a means of counting website visitor numbers. By itself, a User Agent is fairly anonymous. “Only one person in about 1,500 will have the same User Agent as you,” says the EFF. “That isn’t enough to recreate cookies and track people perfectly, but in combination with another detail like geolocation to a particular ZIP code or having an uncommon browser plug-in installed, the User Agent string becomes a real privacy problem.” Read more here.