As more and more consumers utilize the Internet for information, commerce, and entertainment, there is an ever increasing push on the part of business and advertisers to enhance and monetize the browsing experience. One tool used by companies and third-party advertisers to help accomplish these goals is “cookies,” small pieces of text stored on an Internet browser or computer. Cookies have long been the subject of privacy concerns, which concerns have largely been assuaged by the ability of computer users to change browser settings to block or clear cookies. However, the recent evolution of the “cookie” has again raised concerns on the part of privacy advocates and both consumers and website operators need to be aware of these changes.
The type of cookie most familiar to Internet users is the "browser cookie," a small piece of text stored in Internet browsers that can be used for storing site preferences, shopping cart contents, and authentications, among other uses. These cookies are designed to enhance the browsing experience and the information contained in this type of cookie is inputted by the user. In addition to browser cookies, computer users may also be familiar with "tracking cookies," which are placed on computers by third-party ad servers when users visit a webpage. These cookies track the internet surfing habits of computer users and provide valuable data to website operators and advertisers. Both the "browser cookies" and the "tracking cookies" are largely under the control of the computer user such that users may decide not to enter information that would be stored in a cookie and/or delete or block these cookies through changes to the user's browser settings. However, a new type of cookie recently emerged that has caught the attention of consumers and privacy advocates, leading to a class action lawsuit.
“Flash cookies” are a type of cookie that works with Adobe’s Flash player, which is software installed on a large number of personal computers—it is the most popular method of watching videos online. Using Flash, the technology is able to save a small file on a user’s hard drive containing all of the information in a tracking cookie, but is not deleted when a user deletes or clears cookies as this cookie is not housed in the browser’s temporary files. As a result, a cookie previously thought to be cleared comes back to life through the Flash program -- thereby earning the name “zombie cookies.” This type of cookie is used by many popular websites to do things such as control volume level preferences on online videos and track site users.
Many consumer advocates and technology experts are concerned about the use of flash cookies. By storing user information, tracking users, and resisting deletion, flash cookies are able to track users across the web. In fact, the issue is so much of a concern to privacy advocates and consumers that multiple law suits have been filed over the matter. Of the most notable, a class action lawsuit was filed in the US District Court for the Central District of California. The plaintiffs accuse defendants such as MTV, Hulu, MySpace, and others, of eavesdropping and hacking through the use of flash cookies. The actual tracking was done by Quantcast, an online tracking firm. Recently, however, Quantcast agreed to a $2.4 million settlement that would release itself and the other defendants from the suit.
Moreover, the common computer user believes that his or her web surfing habits are private—that no one not present in the room or checking the individual computer's history can view the sites that have been visited. This is not the case. The World Wide Web is not a private space and users should be aware of the concerns associated with Internet use and the advancements in technologies and cookies. To block Flash cookies, computer users can go to Adobe's Flash Player Settings Manager site and adjust the settings in the image at the top of the page. The image appears to be a simple screen shot, but it actually works to control the settings on the computer that accesses the site. Firefox users can prevent or delete Flash cookies using a free add-on called BetterPrivacy. Still, "flash cookies" may just be the tip of the iceberg as technology changes open up new and unique means to track user activities.
We are seeing the next generation of cookies emerge in the face of HTML 5 and the evercookie. HTML 5 is considered the new computer language. It facilitates downloads, off-line capabilities, and will even help make mobile devices more compatible with the web. With all of the benefits associated with HTML 5, computer users should also be aware of the privacy concerns due to the large amounts of data the new web language stores on hard drives, facilitating consumer tracking. The stored information can include users’ location, photographs, and even emails. A lawsuit over the use of HTML 5 on mobile devices to track iPhone and iPad users is pending in the US District Court for the Central District of California. The plaintiffs allege that an HTML 5 tracker, named RLDGUID, gives each user an ID number that allows the user’s web viewing habits to be tracked. Additionally, even where a user opts out of being tracked, all past tracking remains saved.
Also using the HTML 5 code, one enterprising computer programmer has created the “evercookie,” a cookie that stores information in as many as 10 different spaces on the computer and is not easily deleted—even by experts. He created it to demonstrate how easily consumers could be tracked across the Internet, collecting information such as location, photographs, and e-mails. The creator states that he had no intention to sell his advanced cookie, but merely created it so that consumers could use it as a "litmus test for preventing tracking." However, in making it available to Internet users, the evercookie is out and available to hackers and others who want to use it for improper purposes. And, consumers can be certain that even the evercookie is not the last in a long line of cookie and tracking advancements.
Advancements in cookies and consumer tracking technologies will continue to affect consumer privacy. The best consumer defense is a good offense; therefore, consumers must remain aware and informed to protect themselves from unwanted cookies. They must strike a necessary balance between the desire for new advancements and the need for privacy. Likewise, in light of the recent class action lawsuits involving the "flash cookies" and "evercookies," website operators need to be aware of these developments and ensure that their privacy policies and practices are designed to address these technological advances.