So I’ve seen at least 200 tweets in the past couple days linking to some article like this one titled…
Study: Adobe Flash cookies pose vexing privacy questions
Wow, that pasted in bold, but lets keep it that way for unnecessary emphasis. In fact, lets break it down in chunks….
refers to a very short study by the Social Science Research Network. Their motto: Tomorrow’s Research Today. I have some Futurama tin signs that say the same thing. Yesterdays Research Posted Today would be more accurate. If you want to download this short PDF on Flash cookies and privacy its right here…. http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1446862 . Short story shorter, if you delete or disable your HTTP (or regular) cookies, you MIGHT still encounter a Flash cookie, that MIGHT also be used again as an HTTP cookie. Here’s how the article finishes…
“to make browser tools effective, users need some warning that Flash cookies are present. Disclosures about their presence, the types of uses employed, and information about controls, are necessary first steps to addressing the privacy implications of Flash cookies.”
I wouldn’t call that an effective browsing experience if I get a popup message on every site that says…
“Hey mate, before ye goes yonder on this site, we’ll be saving your preferred VOLUME LEVEL as COOKIE ID VOLUME, in case ye returns.”
I’d call that a very annoying popup message. Because NO ONE cares if a Flash file saves their volume preferences for the next time they visit. And if anyone remembers, a major complaint of Flash back in 1999 or so, was that the volume on Flash sites was way too damn loud. So if I turn down the volume on your site once, I probably want it turned down again and again. Saving my volume preference has no a privacy implications, but it has serious ear-pleasure implications.
And for those that read the study, of the Top 100 websites which were sampled in their privacy study, the cookie that ranked most frequent was named…. drumroll… volume with 21 occurrences. Shocking!!!!! Its shocking because I’m surprised 21 of the top 100 sites were actually on the ball enough to keep a Flash cookie for volume. Thank YOU. Oh but wait. Thats just the cookie variable’s name. According to the study, ” volume could suggest settings for a music or video player” . So what they are saying is, that cookie could be used for something else too. Ah-ha! Those Top 100 sites are sneaky like that too. That volume var could equal what type computer I’m using… “OS X-something-something”. Which could be used to delivery me an ad for an iPod. Scary stuff.
The rest of the most frequently occurring names are below…
“….Adobe Flash Cookies….”
Lets define those a bit better. They aren’t in every Flash file first off. A programmer has to specify that they want to store a variable as a Flash cookie, which doesn’t happen that often. Well what kind of crazy private info does a Flash programmer want to know about me?!?! …You’re gonna tell him or her. Yeah, you. You could level up in a Flash game, and then level=2 for the next time you visit the site. Or worse, you might give the programmer…your name.
I taught this tutorial on using Flash cookies in an email form, so if you enter your name, or email, or comments in the form, and the browser crashes or you need to go do something else, the form saves that info so you don’t have to retype it. But that info isn’t getting in there by itself. If someone didn’t feel comfortable filling out this form in the first place for a privacy reason, then that personal info is never getting stored. But what if they did fill out this form? Where does the info get saved? Its on that user’s computer. Not online somewhere in the internet-ether. If you return to a site that uses a Flash cookie its accessing it from your HD. Its not transmitting it from somewhere else. Can I scriptify this…
Joe goes to a website he’s been at before where he entered his name for something.
Joe sees his name in the header of the website, it reads “Welcome back Joe”
Joe flips out. “How the **** does this website know my name?!?! Thats PRIVATE!!! “
That type reaction would be as overblown as telling a new neighbor your name, then freaking out when they remembered it the next day.
“….pose vexing privacy questions”
hfghfklyugdfg hdghjfdsgffg dfhghjhhh dfgdfadhh… that was my head banging against the keyboard. The Social Science Research Network article really doesn’t pose any vexing question at all. It does talk about user tracking, but it doesn’t say how user tracking is a vexing problem. In a worst case scenario implies you might get an ad tailored to you. And it does mention that a privacy-sensitive individual might have trouble deleting their cookies, but it doesn’t at all explain what info that person is trying to hide, and how or why it might come back to haunt them. Is this article going to be continued in Unibomber Magazine or what? It wants to imply something terrible about Flash cookies but it just can’t.
End of story, You’re on the internet. You are connected to a network of computers. To be here, you have exist a little less privately than hiding in your closet all day long. Imagine walking into Hogwarts with Harry’s invisibility cloak, but then someone slaps a name tag on the outside of the cloak. Thats you with your computer’s IP address on the internet. You’re hidden enough.