NEWS23 February 2011

EU warns of privacy threats from new kinds of cookies

Europe News Technology

EUROPE— The European Union’s online security agency has warned of the threats to online privacy from the next generation of cookies.

“These privacy-invasive marketing practices need greater scrutiny,” says the European Network and Information Security Agency (Enisa) in a policy paper entitled ‘Bittersweet cookies’.

The possibilities for misusing cookies “are very real and are being exploited”, Enisa warns, and the privacy implications of new types of cookies such as Flash cookies are “not easily quantifiable”.

Cookies are tiny text files that websites can place on an internet user’s computer, in order to recognise them and record information about them. They can be used to help a site provide tailored content and to save the user from having to repeatedly log in, but also to track behaviour and to deliver targeted advertising based on a user’s profile.

Standard cookies can be controlled using the settings in internet browsers, and many users now alter their internet settings or regularly clear cookies to prevent anyone from tracking their activity online.

But Enisa warns that “new and more persistent types of cookies”, whose development has been driven by the online ad industry, can get round this, taking control out of users’ hands. These include Flash cookies, which run in Adobe’s Flash plug-in, meaning they can’t be controlled directly through a browser. Users are not informed when such cookies are created, and they never expire. Flash cookies, Enisa’s report says, “are extensively used by popular sites, often to circumvent users’ HTTP cookie policies and privacy preferences.”

Even traditional cookies are usually difficult to manage, Enisa said, and the legal framework on how they should be used is not always respected. There is often no real choice for users on whether to accept cookies, because many online services can only be accessed if they are accepted.

Member states of the European Union are in the process of incorporating a new data protection directive into national law, and Enisa is calling for a review once that process is complete to make sure that users have real choice about cookie use. It also called for developers of browsers and internet apps to do more.

@RESEARCH LIVE

2 Comments

14 years ago

For people who read this and are concerned about their privacy, there's a browser add-on for FF and IE that blocks these "new and more persistent types of cookies." It's called PrivacySuite: http://www.abine.com/apps.php

Like Report

14 years ago

Indeed, not to worry, there are many add-ons that allow internet users to manage their privacy settings. But let's not forget that most cookies are actually useful. It's just how they are used that should be regulated.

Like Report