Flash cookie respawning ‘on the wane', say Carnegie Mellon researchers

In a paper published this week, Aleecia McDonald and Lorrie Faith Cranor reported that they found “no instances at all” of respawning in a randomly-selected group of 500 websites, and only two instances among the most popular 100 websites.

The results are not directly comparable to a study published 18 months ago by another team of Carnegie Mellon researchers, which first drew attention to the problem of respawning, however McDonald and Cranor say: “Our results suggest respawning is not increasing, and may be waning.”

Such a development is to be expected given the weight of attention being paid to the issue of respawning since that first paper. Privacy groups expressed outrage that Flash local shared objects (LSOs – but colloquially referred to as ‘cookies’) could be used to circumvent a web user’s privacy by recreating previously deleted cookies to continue monitoring their behaviour.

The practice drew the ire of Flash developer Adobe, which has since developed an easier way for users to delete LSOs. Web analytics experts also warned companies off using Flash technology as a form of ‘super cookie’, while lawsuits were filed against companies suspected of infringing privacy.

Websites continue to use LSOs as a way of tracking visitor behaviour, according to McDonald and Cranor – at most, 9% of the top 100 and 3.4% of the random 500 sites studied.