40 likes | 223 Views
Privacy of Flash Cookies. Quentin Mayo, Chris Hoofnagle , JD Ashkan Soltani , MIMS. Abstract.
E N D
Privacy of Flash Cookies Quentin Mayo, Chris Hoofnagle, JD AshkanSoltani, MIMS Abstract Flash cookies are emerging as a new consumer tracking technology. Flash cookies, also known as Local Shared Objects, are similar to HTML cookies, but they can store more information and they are more persistent. Privacy issues are intensified by Flash cookies because they are not controlled by the browser, and because consumers are likely to be unaware of their presence. This study focuses on the presence and operation of Flash cookies on the top 100 websites. Overlapping Cookies? Means that some of the same key values/tags inside the Flash Cookies also are found in HTML Cookies. These values could include user IDs or unique strings Research and Purpose • Determine how flash cookies are being used on the web • What were the most frequently appearing ad companies that are using flash • Check if any companies use flash to bypass user settings or to contravene user expectations Conclusions Cookie Respawning • Flash cookies are present on more than half of the top 100 sites, and instead of being used to store preferences, some appear to be tracking individuals because they have settings mirroring ordinary HTML . • We demonstrated some of top 100 sites are using Flash cookies to respawn deleted HTML cookies, from both first party and third party domains. This circumvents user attempts to prevent tracking. Data Collected • Data came from QuantcastTop 100 July 1, 2009 • 5 five additional “Government Websites” were studied • LSO files stored Set by Adobe, Domain, and Third Party Companies in the macromedia folder. Holds IDs, preferences and other values • Cache Temporary storage for data needed to be frequently access. • SWF (small web files) files Embedded into WebPages for multimedia and advertisements. • Standard Cookies • Basic string values access bya domain 3.Visited same webpage. Two HTML Cookies created. Both contained different values. 1. No Data Modified. One HTML Cookie contains same string value as Clearspring’s LSO. Future Work and Importance • Raise awareness of the emergence of Flash's tracking capabilities. Analyze more domains for cookie respawning or other tracking activities Results: 2.HTML Cookies deleted but left Clearspring’s LSO file 4. After surfing domain, the HTML cookie is rewritten, establishing the original flash cookie value July 30, 2009