Court Says No Harm, No Foul With Flash Cookies

from the what's-the-harm? dept

There were some articles a few months back about the use of "flash cookies," which could potentially record more information about visitors than regular cookies, and were much more difficult to turn off. As with pretty much every new privacy fear, class action lawsuits quickly followed. However, a judge in one of them has pointed out that there's no evidence of harm, at least not enough harm to matter to the court under the law. While some people are quick to jump on every privacy scare, it seems like the courts are pointing out that just because people freak out about privacy issues, it doesn't mean any real harm occured. This is probably a good thing. While privacy is important, all too often we see people freak out about issues they claim are "privacy" issues when they're really just more "well, I don't like this" issues.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: flash cookies, privacy


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    :Lobo Santo (profile), 19 Aug 2011 @ 3:52pm

    Where

    At what point does personal responsibility come in?

    Anybody can learn how to block such things from ever reaching their computer in the first place.

    link to this | view in chronology ]

    • icon
      Pitabred (profile), 19 Aug 2011 @ 4:06pm

      Re: Where

      You should read more about the issue. There's really nothing you can do to block those cookies, not without basically removing all plugins and turning off all scripts and so on.

      http://www.wired.com/epicenter/2011/07/undeletable-cookie/
      http://en.wikipedia.org/wiki/Zomb ie_cookie

      link to this | view in chronology ]

      • identicon
        Anonymous Coward, 19 Aug 2011 @ 4:47pm

        Re: Re: Where

        ...turning off all scripts and so on.


        If you're promiscuous about running any script on the 'net, then you should expect to get pwn3d.

        No, you're not “asking for it”. Very few people want their computers compromised. And I agree that in a civilized culture any drunken girl wearing a miniskirt should be able to walk down a random dark alley in the worst part of town—absolutely fearlessly.

        If you're promiscuous about running any script on the 'net, then you should expect to get pwn3d.

        link to this | view in chronology ]

        • icon
          sheenyglass (profile), 19 Aug 2011 @ 5:09pm

          Re: Re: Re: Where

          And in an imperfect world you should also expect the legal system to punish your rapist.

          I think that the more knowledgeable one becomes on a technology and its dangers, the less qualified they are to opine about what security measures average people should be expected to take. The vast majority of people I know over 35 probably haven't even heard of JavaScript. And if they have they probably think its Java.

          link to this | view in chronology ]

          • identicon
            Anonymous Coward, 19 Aug 2011 @ 6:01pm

            Re: Re: Re: Re: Where

            I think that the more knowledgeable one becomes on a technology and its dangers, the less qualified they are to opine about what security measures average people should be expected to take.


            Great. Glad you have an opinion.

            The current state of the art is not capable of delivering the features that the market wants coupled together with acceptable security. The system is being driven towards an non-optimal outcome. That's actually kinda predictable when there's an information gap.

            If you are an average person who takes average measures today then you run a high risk of getting pwn3d.

            If you're a little bit smarter than average, you can reduce your risk.

            link to this | view in chronology ]

            • icon
              sheenyglass (profile), 19 Aug 2011 @ 6:28pm

              Re: Re: Re: Re: Re: Where

              If you are an average person who takes average measures today then you run a high risk of getting pwn3d.
              If you're a little bit smarter than average, you can reduce your risk.


              I apologize for my tone - it was more snotty than warranted (although more appropriate to the preceding comment that "[a]nybody can learn how to block such things" which implied a lack of expertise was some kind of person failure on the part of victims).

              However, I do think people who are promiscuous about running scripts generally don't know that they are doing so. Its a mistake to expect people to take precautions against dangers they don't know exist and to give them no recourse if they don't. That's basically a darwinian approach - only the strong/savvy have a right to privacy.

              link to this | view in chronology ]

              • identicon
                Anonymous Coward, 19 Aug 2011 @ 6:45pm

                Re: Re: Re: Re: Re: Re: Where

                I apologize for my tone

                I've spent enough time in some of the worst hell-holes of usenet to grow a thick skin.

                Its a mistake to expect people...

                You got a better word than “expect” to use for “a predictable outcome” ?

                Look, you seem to be arguing normatively, and I'm describing what I see happening. If I could drive the system in a better direction, then I would. But right now, the best I can do is a warning to sauve qui peut.

                link to this | view in chronology ]

              • identicon
                Anonymous Coward, 19 Aug 2011 @ 6:47pm

                Re: Re: Re: Re: Re: Re: Where

                I apologize for my tone

                I've spent enough time in some of the worst hell-holes of usenet to grow a thick skin.

                Its a mistake to expect people...

                You got a better word than “expect” to use for “a predictable outcome” ?

                Look, you seem to be arguing normatively, and I'm describing the market failure that I see happening. If I could drive the system in a better direction, then I would. But right now, the best I can do is a warning to sauve qui peut.

                link to this | view in chronology ]

                • icon
                  sheenyglass (profile), 19 Aug 2011 @ 7:22pm

                  Re: Re: Re: Re: Re: Re: Re: Where

                  I'm not sure you can draw a clean line between descriptive and normative statements in this situation. Should is, generally, a normative word as it implies a duty or obligation when used in conjunction with human action. Promiscuous is a normative word as it describes actions outside of the acceptable bounds prescribed by a group's norms. In that context "expect" can mean both/either that the outcome can be predicted and/or that the individual bears some responsibility for predicting it.

                  If we are talking about individual actions, then no there is not much we can do and the statement can be mostly descriptive. If we are talking about collective societal actions, acquiescence in the face of market failure is choosing the norms of the free market over the norms of privacy protection through political action. One way to drive the system towards protection of privacy is to allow lawsuits for its violation. Or to allow legislation or regulation.

                  link to this | view in chronology ]

                  • identicon
                    Anonymous Coward, 19 Aug 2011 @ 8:10pm

                    Re: Re: Re: Re: Re: Re: Re: Re: Where

                    If we are talking about collective societal actions...

                    The first fact to keep in mind is that we now have an estimated global internet userbase of about 2 billion people worldwide.

                    While the rate of growth in the userbase is flattening, we expect to eventually reach close to universal access. So, maybe eight or nine billion people spread out across every nation on the planet. And as the userbase has grown, and as it's expected to grow, the average level of education and technical sophistication drops.

                    link to this | view in chronology ]

                    • icon
                      sheenyglass (profile), 19 Aug 2011 @ 8:20pm

                      Re: Re: Re: Re: Re: Re: Re: Re: Re: Where

                      And as the userbase has grown, and as it's expected to grow, the average level of education and technical sophistication drops

                      So the market failure cause by information asymmetry will worsen. This weighs more strongly in favor of non-market solutions, such as through legislation, regulation and litigation.

                      link to this | view in chronology ]

                      • identicon
                        Anonymous Coward, 19 Aug 2011 @ 9:49pm

                        Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Where

                        This weighs more strongly in favor of non-market solutions


                        That's the conventional answer.

                        But that conventional answer is limited by problems of international cooperation. International diplomacy is... s...l...o...w.

                        Further out in time, as the userbase approaches the total world population, then it's possible that the average user's experience with the built, technological environment increases faster than new users are acquired. However, we do not expect computing and communications technology to remain static and frozen. So instead, it's possible that the average user will continue to adopt technology that they understand less and less well. It's awfully difficult to make predictions that far out. Anything beyond about five years out is a guess in the dark.

                        link to this | view in chronology ]

      • icon
        Jeffry Houser (profile), 20 Aug 2011 @ 3:24pm

        Re: Re: Where

        As a point of clarification here are instructions on how to prevent Flash Cookies from being set:

        http://kb2.adobe.com/cps/526/52697ee8.html

        link to this | view in chronology ]

    • identicon
      Anonymous Coward, 28 Aug 2011 @ 12:34pm

      Re: Where

      BetterPrivacy addon for Firefox all the way.

      link to this | view in chronology ]

  • identicon
    Sebastian, 19 Aug 2011 @ 4:06pm

    If they inform about the use of them and the purpose it maybe will be ok but otherwise it seems very suspect.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 19 Aug 2011 @ 4:19pm

    It pains me to say this but I don't believe courts should be involved in this case, if it was something being done secretly, Adobe should be punished, but since it is common knowledge and every one who has an interest knows about it, this is much more a case of people starting to use their freewill and don't do business with Adobe, or take measures to stop it from collecting that data.
    Now if this was an evercookie undeletable and difficult to detect then I think people have a very legitimate concern.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 19 Aug 2011 @ 4:26pm

    Also most of the evercookies depend on scripts to be create, if you don't allow them that takes care of most of them, with the others being easily erased if you just clean the browser cache and history.

    People should be worried about the next HTML 5 standard that the W3C putting out, there is apparently no considerations about privacy issues they just don't care about that stuff, and that is the place to pressure if people want somethings to change.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 19 Aug 2011 @ 4:32pm

    WebGL the danger to privacy

    Almost forgot the 3D standard for a 3D web is a problem, because 3D depends on system drivers to operate and that opens possibilities not only for security breaches but for privacy ones.

    link to this | view in chronology ]

  • identicon
    abc gum, 19 Aug 2011 @ 4:41pm

    What is it about these perverted websites anyways?

    Why do they need to execute their code on your computer? There is no compelling need to run foreign code in order to render a web page, stating such is pure horse hockey. If you knew exactly what they were doing on your computer with their code, you would probably avoid them at all costs. I sincerely doubt they have any regard for your well being at all and are only in it for the money they get from selling information gleaned from your computer.

    Anything for a buck eh? To hell with self respect. If this is how one must make a living then I really do not need to visit that pathetic website.

    FWIW, I routinely surf with javascript turned off. It is not a big hindrance. If I really need the services provided by such a website, I may turn it on - or then again, I may go elsewhere.

    Lazy web site designers that rely upon javascript and their ilk are only doing themselves and everyone else a disservice.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 19 Aug 2011 @ 4:41pm

    Made me think of Cookie Monster

    link to this | view in chronology ]

  • icon
    sheenyglass (profile), 19 Aug 2011 @ 4:52pm

    Court did find plaintiff alleged harm

    However, a judge in one of them has pointed out that there's no evidence of harm, at least not enough harm to matter to the court under the law.


    I would recommend reading the decision itself (http://www.scribd.com/doc/62531370/Bose-v-Interclick) in addition to the commentary, as this is statement is inaccurate.

    The court dismissed plaintiff's claims under 18 USC 1030 because Congress has mandated that civil claims are only authorized by this statute when the plaintiff has suffered at least $5,000 in economic harm. This is a much narrower articulation of "harm" than that implied by the article.

    The court found plaintiff's allegations of deceptive business practices (NY GBL Sec. 349) and trespass to chattel to be sufficient (dismissing against Interclick's Adertiser clients, but not Interclick itself) stating that "courts have recognized similar privacy violations as injuries for the purposes of section 349" (at 21)

    Also, to be pedantic, no decision was made as to whether there was evidence to support the allegations. A motion to dismiss addresses only whether the allegations, if true, create a valid cause of action.

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 19 Aug 2011 @ 5:01pm

    Blocking cookies, flash cookies, and silverlight cookies aren't a big deal. However this issue changes when it comes time to block Nevercookies. According to what I've read on Nevercookie, they were designed not to be deleted once on a computer. Hidden in up to 15 different places, they can resort a deleted cookie and continue to track user info despite what the user might not want.

    There was and I don't know if there still is, an app for Firefox to deal with this Nevercookie. Last I saw of it was it was not updated with the last update version of Firefox.

    link to this | view in chronology ]

  • icon
    NotMyRealName (profile), 19 Aug 2011 @ 5:04pm

    I'm curious as to how a court decides the value of privacy.

    My browsing history is worth a fair bit to me personally. I'm sure there are companies who collate many people's history as market research and may pay as little as a few pennies per. Is market value == value of harm caused?

    link to this | view in chronology ]

  • identicon
    out_of_the_blue, 19 Aug 2011 @ 5:34pm

    No corporation has a right to track anyone, only the power,

    and they mostly do it by stealth, which alone tells you a great deal. By stealth I mean you techdroids may know that it's done and how to avoid, but the unwashed masses don't -- heck, even techy types barely speculate on what's done with that tracking, or the massive collation of it that's tied into the national surveillance network.

    ANY information gleaned without informed consent is an injury, doubly so when sold commercially for profit, doubled again when fed to national security. Just the potential for misuse is plenty justification for the people to put an end to it. My opinion is that once widely known, there'll be plenty of outrage at "free", "do no evil" Google and all others.

    And note that yet again, "libertarian" Mike isn't concerned with actual tracking. Long as the discussion stays theoretical, he's libertarian, but when it comes to putting liberty into practice by arresting the lying criminals at Standard & Poor, or preventing the tracking of /natural persons/, he's a staunch defender of corporate rights.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 19 Aug 2011 @ 6:09pm

      Re: No corporation has a right to track anyone, only the power,

      You see, the stealth part I agree, if it is not being disclaimed that is an issue but if it is and in the case of Adobe it is, then that is a consumer problem not the company.

      http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.h tml

      I don't like it but I like the legal system even less, this could cause also collateral damage into research being done on things that could be useful for society.

      As long as there is disclosure and people can remove those damn things if they do research on it, I'm willing to accept any harm done to privacy to people ignorant on the tech aspects of it.

      link to this | view in chronology ]

    • identicon
      Anonymous Coward, 19 Aug 2011 @ 6:26pm

      Re: No corporation has a right to track anyone, only the power,

      https://addons.mozilla.org/en-US/firefox/addon/ghostery/

      Whatch the watchers with Ghostery and similar addons.

      Also if you know anything about javascript and CSS one could use JSView to get a hang of what the website is doing.

      link to this | view in chronology ]

  • identicon
    Anonymous Coward, 19 Aug 2011 @ 5:51pm

    Seriously? You have to wait until the lack of privacy harms you in the amount of $5,000 or more before it's a concern? What the fuck is wrong with you?

    link to this | view in chronology ]

  • identicon
    Anonymous Coward, 19 Aug 2011 @ 7:04pm

    Virtual the future.

    Dell's virtual appliance that you can reset to an original state.
    http://www.kace.com/products/freetools/secure-browser/

    Sandboxing Firefox using Fedora/SeLinux
    http://www.bress.net/blog/archives/195-Firefox-in-a-sandbox-with-Fedora.html

    BitB ox sandbox
    http://translate.google.com/translate?hl=en&ie=UTF8&prev=_t&rurl=translate.goog le.com&sl=de&tl=en&twu=1&u=http://www.sirrix.de/content/pages/57064.htm

    Making a virtual appliance using Vmware/Qemu, DamnSmallLinux and Firefox
    http://howto.gumph.org/content/build-a-lightweight-browser-appliance/

    Browser appliance.
    http://wiki.rpath.com/wiki/Appliance:Browser_Appliance

    For those that don't want to create a browser appliance from scratch there are many on the internet that others have done the hard work.

    link to this | view in chronology ]

  • identicon
    Steve, 5 Feb 2012 @ 9:25am

    browsing security

    Ask your self who has interest to track user online EVERBODY for so ever purposes !
    Just that the tech is available doesnt meant it will not be used for illegal purposes and saying no harm done but we track you all ready is nonsense !!! Just to the point when someone harm the same judge who say that ''no harm done'' and he is approving it ! Its getting even worse:
    http://www.laquadrature.net/en/softpedia-google-admits-handing-over-european-user-data-to-us -intelligence-agencies
    Do you approve this kind of behavior now for all users on the world with ip cop on every computer even on yours ???

    link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.