[Owasp-singapore] Study: Adobe Flash cookies pose vexing privacy questions

Wong Onn Chee ocwong at usa.net
Thu Aug 13 00:23:17 EDT 2009


Many Web sites do not disclose their use of Flash in their privacy
policies, they wrote. "Since users do not know about Flash cookies, it
stands to reason that users lack knowledge to properly manage them," the
paper said.

Flash cookies can hang around longer, too. They have no expiration date
by default, they're stored in a different location than HTTP cookies and
can contain up to 100KB of information, whereas HTTP cookies can only
have 4KB.

"These differences make Flash cookies a more resilient technology for
tracking than HTTP cookies and creates an area of uncertainty for user
privacy control," the researchers wrote.

Online advertising companies, however, have embraced Flash cookies since
many people regularly delete HTTP cookies. Since those cookies are used
to detect repeat visitors to Web site, they're important to getting
accurate traffic counts. False traffic counts -- or the counting of
repeat visitors as unique visitors -- results in advertisers overpaying.

More information about the Owasp-singapore mailing list