Court Says No Harm, No Foul With Flash Cookies
from the what's-the-harm? dept
There were some articles a few months back about the use of "flash cookies," which could potentially record more information about visitors than regular cookies, and were much more difficult to turn off. As with pretty much every new privacy fear, class action lawsuits quickly followed. However, a judge in one of them has pointed out that there's no evidence of harm, at least not enough harm to matter to the court under the law. While some people are quick to jump on every privacy scare, it seems like the courts are pointing out that just because people freak out about privacy issues, it doesn't mean any real harm occured. This is probably a good thing. While privacy is important, all too often we see people freak out about issues they claim are "privacy" issues when they're really just more "well, I don't like this" issues.Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: flash cookies, privacy
Reader Comments
Subscribe: RSS
View by: Time | Thread
Where
Anybody can learn how to block such things from ever reaching their computer in the first place.
[ link to this | view in chronology ]
Re: Where
http://www.wired.com/epicenter/2011/07/undeletable-cookie/
http://en.wikipedia.org/wiki/Zomb ie_cookie
[ link to this | view in chronology ]
Re: Re: Where
If you're promiscuous about running any script on the 'net, then you should expect to get pwn3d.
No, you're not “asking for it”. Very few people want their computers compromised. And I agree that in a civilized culture any drunken girl wearing a miniskirt should be able to walk down a random dark alley in the worst part of town—absolutely fearlessly.
If you're promiscuous about running any script on the 'net, then you should expect to get pwn3d.
[ link to this | view in chronology ]
Re: Re: Re: Where
I think that the more knowledgeable one becomes on a technology and its dangers, the less qualified they are to opine about what security measures average people should be expected to take. The vast majority of people I know over 35 probably haven't even heard of JavaScript. And if they have they probably think its Java.
[ link to this | view in chronology ]
Re: Re: Re: Re: Where
Great. Glad you have an opinion.
The current state of the art is not capable of delivering the features that the market wants coupled together with acceptable security. The system is being driven towards an non-optimal outcome. That's actually kinda predictable when there's an information gap.
If you are an average person who takes average measures today then you run a high risk of getting pwn3d.
If you're a little bit smarter than average, you can reduce your risk.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Where
I apologize for my tone - it was more snotty than warranted (although more appropriate to the preceding comment that "[a]nybody can learn how to block such things" which implied a lack of expertise was some kind of person failure on the part of victims).
However, I do think people who are promiscuous about running scripts generally don't know that they are doing so. Its a mistake to expect people to take precautions against dangers they don't know exist and to give them no recourse if they don't. That's basically a darwinian approach - only the strong/savvy have a right to privacy.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Where
I've spent enough time in some of the worst hell-holes of usenet to grow a thick skin.
You got a better word than “expect” to use for “a predictable outcome” ?
Look, you seem to be arguing normatively, and I'm describing what I see happening. If I could drive the system in a better direction, then I would. But right now, the best I can do is a warning to sauve qui peut.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Where
I've spent enough time in some of the worst hell-holes of usenet to grow a thick skin.
You got a better word than “expect” to use for “a predictable outcome” ?
Look, you seem to be arguing normatively, and I'm describing the market failure that I see happening. If I could drive the system in a better direction, then I would. But right now, the best I can do is a warning to sauve qui peut.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Where
If we are talking about individual actions, then no there is not much we can do and the statement can be mostly descriptive. If we are talking about collective societal actions, acquiescence in the face of market failure is choosing the norms of the free market over the norms of privacy protection through political action. One way to drive the system towards protection of privacy is to allow lawsuits for its violation. Or to allow legislation or regulation.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re: Where
The first fact to keep in mind is that we now have an estimated global internet userbase of about 2 billion people worldwide.
While the rate of growth in the userbase is flattening, we expect to eventually reach close to universal access. So, maybe eight or nine billion people spread out across every nation on the planet. And as the userbase has grown, and as it's expected to grow, the average level of education and technical sophistication drops.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re: Re: Where
So the market failure cause by information asymmetry will worsen. This weighs more strongly in favor of non-market solutions, such as through legislation, regulation and litigation.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Where
That's the conventional answer.
But that conventional answer is limited by problems of international cooperation. International diplomacy is... s...l...o...w.
Further out in time, as the userbase approaches the total world population, then it's possible that the average user's experience with the built, technological environment increases faster than new users are acquired. However, we do not expect computing and communications technology to remain static and frozen. So instead, it's possible that the average user will continue to adopt technology that they understand less and less well. It's awfully difficult to make predictions that far out. Anything beyond about five years out is a guess in the dark.
[ link to this | view in chronology ]
Re: Re: Where
http://kb2.adobe.com/cps/526/52697ee8.html
[ link to this | view in chronology ]
Re: Where
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Now if this was an evercookie undeletable and difficult to detect then I think people have a very legitimate concern.
[ link to this | view in chronology ]
People should be worried about the next HTML 5 standard that the W3C putting out, there is apparently no considerations about privacy issues they just don't care about that stuff, and that is the place to pressure if people want somethings to change.
[ link to this | view in chronology ]
WebGL the danger to privacy
[ link to this | view in chronology ]
Why do they need to execute their code on your computer? There is no compelling need to run foreign code in order to render a web page, stating such is pure horse hockey. If you knew exactly what they were doing on your computer with their code, you would probably avoid them at all costs. I sincerely doubt they have any regard for your well being at all and are only in it for the money they get from selling information gleaned from your computer.
Anything for a buck eh? To hell with self respect. If this is how one must make a living then I really do not need to visit that pathetic website.
FWIW, I routinely surf with javascript turned off. It is not a big hindrance. If I really need the services provided by such a website, I may turn it on - or then again, I may go elsewhere.
Lazy web site designers that rely upon javascript and their ilk are only doing themselves and everyone else a disservice.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Court did find plaintiff alleged harm
I would recommend reading the decision itself (http://www.scribd.com/doc/62531370/Bose-v-Interclick) in addition to the commentary, as this is statement is inaccurate.
The court dismissed plaintiff's claims under 18 USC 1030 because Congress has mandated that civil claims are only authorized by this statute when the plaintiff has suffered at least $5,000 in economic harm. This is a much narrower articulation of "harm" than that implied by the article.
The court found plaintiff's allegations of deceptive business practices (NY GBL Sec. 349) and trespass to chattel to be sufficient (dismissing against Interclick's Adertiser clients, but not Interclick itself) stating that "courts have recognized similar privacy violations as injuries for the purposes of section 349" (at 21)
Also, to be pedantic, no decision was made as to whether there was evidence to support the allegations. A motion to dismiss addresses only whether the allegations, if true, create a valid cause of action.
[ link to this | view in chronology ]
There was and I don't know if there still is, an app for Firefox to deal with this Nevercookie. Last I saw of it was it was not updated with the last update version of Firefox.
[ link to this | view in chronology ]
Re:
Unle ss you are using a mobile phone as primary browsing tool, evercookies are not a problem.
Disable scripts and clear history and cache.
Mobile users on the other hand are screwed unless they have root privileges there is little they can do about it.
[ link to this | view in chronology ]
My browsing history is worth a fair bit to me personally. I'm sure there are companies who collate many people's history as market research and may pay as little as a few pennies per. Is market value == value of harm caused?
[ link to this | view in chronology ]
Re:
more also, I believe http://www.hotcleaner.com/clickclean_firefox.html will fully clear evercookies.
[ link to this | view in chronology ]
Re: Re:
http://www.sandboxie.com/
[ link to this | view in chronology ]
No corporation has a right to track anyone, only the power,
ANY information gleaned without informed consent is an injury, doubly so when sold commercially for profit, doubled again when fed to national security. Just the potential for misuse is plenty justification for the people to put an end to it. My opinion is that once widely known, there'll be plenty of outrage at "free", "do no evil" Google and all others.
And note that yet again, "libertarian" Mike isn't concerned with actual tracking. Long as the discussion stays theoretical, he's libertarian, but when it comes to putting liberty into practice by arresting the lying criminals at Standard & Poor, or preventing the tracking of /natural persons/, he's a staunch defender of corporate rights.
[ link to this | view in chronology ]
Re: No corporation has a right to track anyone, only the power,
http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.h tml
I don't like it but I like the legal system even less, this could cause also collateral damage into research being done on things that could be useful for society.
As long as there is disclosure and people can remove those damn things if they do research on it, I'm willing to accept any harm done to privacy to people ignorant on the tech aspects of it.
[ link to this | view in chronology ]
Re: No corporation has a right to track anyone, only the power,
Whatch the watchers with Ghostery and similar addons.
Also if you know anything about javascript and CSS one could use JSView to get a hang of what the website is doing.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Virtual the future.
http://www.kace.com/products/freetools/secure-browser/
Sandboxing Firefox using Fedora/SeLinux
http://www.bress.net/blog/archives/195-Firefox-in-a-sandbox-with-Fedora.html
BitB ox sandbox
http://translate.google.com/translate?hl=en&ie=UTF8&prev=_t&rurl=translate.goog le.com&sl=de&tl=en&twu=1&u=http://www.sirrix.de/content/pages/57064.htm
Making a virtual appliance using Vmware/Qemu, DamnSmallLinux and Firefox
http://howto.gumph.org/content/build-a-lightweight-browser-appliance/
Browser appliance.
http://wiki.rpath.com/wiki/Appliance:Browser_Appliance
For those that don't want to create a browser appliance from scratch there are many on the internet that others have done the hard work.
[ link to this | view in chronology ]
browsing security
Just that the tech is available doesnt meant it will not be used for illegal purposes and saying no harm done but we track you all ready is nonsense !!! Just to the point when someone harm the same judge who say that ''no harm done'' and he is approving it ! Its getting even worse:
http://www.laquadrature.net/en/softpedia-google-admits-handing-over-european-user-data-to-us -intelligence-agencies
Do you approve this kind of behavior now for all users on the world with ip cop on every computer even on yours ???
[ link to this | view in chronology ]