NEWS15 January 2010

Web analytics expert warns against ‘risky’ use of Flash cookies

Data analytics North America

US— Flash cookies are emerging as a more reliable web audience measurement alternative to traditional HTTP cookies – but a leading analytics expert has warned companies they risk trouble if they use these “super-cookies” to override consumer privacy preferences.

While many web users are au fait with HTTP cookies and how they are used for measuring website traffic, there is little public awareness of Flash cookies, or ‘local shared objects’ (LSOs) as they are technically known, says Eric Peterson.

This lack of awareness means few people know how to manage and delete Flash cookies as they are not stored on a person’s computer in the same place as HTTP cookies.

Peterson, the CEO of consultancy Web Analytics Demystified, says Flash cookies also appear to be “impervious” to the private browsing modes recently deployed by Firefox, Microsoft and Apple.

Though this makes Flash cookies a more reliable means of accurately counting website visitors, Peterson says: “The use of Flash LSOs is unfortunately a risky business. There is strong evidence that more and more companies are using LSOs in direct conflict with consumer preferences and existing systems designed to control access to information and protect a user’s privacy online.”

LSOs first emerged as a way for Adobe’s Flash player to keep track of a user’s personalised settings – audio levels, for instance – across different browser sessions and even different browsers.

Their use as measurement tool has come about as high consumer awareness of HTTP cookies has led to high cookie deletion rates, meaning websites are often placing more than one cookie on each computer – thus inflating unique browser figures.

Peterson says: “While there are many appropriate and beneficial uses for Flash LSOs… it is increasingly clear that in some cases the data contained in the Flash object are being used for consumer tracking purposes.” This in itself wouldn’t be a problem – except Peterson notes that “disclosure about the use of Flash LSO for tracking purposes is rare on the internet today”.

Aside from the disclosure issue, Flash cookies have also been found to be used to re-spawn HTTP cookies where they have been deleted by a web user – clearly going against web users’ wishes not to be tracked.

Peterson says: “With the attention given to consumer privacy on the internet at both individual and government levels, we believe that companies making inappropriate or irresponsible use of the Flash technology are very likely asking for trouble (and potentially putting the rest of the online industry at risk of additional government regulation).”

In a report commissioned by media auditor BPA Worldwide, Peterson recommends that companies do not use Flash to reset browser cookies, that the use of LSOs is properly disclosed and that site visitors are given the option to disable LSOs.

@RESEARCH LIVE

2 Comments

14 years ago

While Flash cookies are a more reliable way of using cookies to track usage - at least they are currently - ALL cookies are still fundamentally flawed as an audience measurement tool. For any users which access the Internet in multiple locations - home and work, home and school etc - you STILL get cookie duplication leading to overall audience inflation. In order to track "people counts" more accurately you need a hybrid combination of both client-side panel measurement and server-side cookie tracking. To track "people as individuals" ... well, good luck as the underlying inherent assumption that correlates a cookie to an individual is flawed.

Like Report

14 years ago

Hi, Adobe Flash Player 10.1, currently in beta on Adobe Labs (labs.adobe.com/technologies/flashplayer10), does support private browsing mode. For more information, see http://www.adobe.com/devnet/flashplayer/articles/privacy_mode_fp10.1.html Regards, Emmy Huang Group Product Manager, Adobe Flash Player blogs.adobe.com/emmy

Like Report