Block 'Flash cookies' to thwart zombies
Those who fail to block Flash Local Shared Objects -- so-called flash cookies -- make themselves vulnerable to cookie-like snooping
Follow @woodyleonhard
With two high-profile class-action lawsuits filed in the past month against such heavyweights as Disney, MySpace, and NBC Universal, "zombie cookies" have entered the water cooler lexicon.
Many organizations block, restrict, or otherwise manage cookies on company computers. But if users aren't protected against Adobe Flash's Local Shared Objects, they're exposed to all of the data snooping problems inherent in third-party cookies -- with none of the protections.
[ For the original analysis of Flash cookie security, see Jeremy Kirk's "Adobe Flash cookies pose vexing privacy questions." | Check out today's review on InfoWorld.com: Microsoft Silverlight 4 vs. Flash 10.1. | Stay up to date on the latest security developments with InfoWorld's Security Central newsletter. ]
Last month, a lawsuit filed in California against Quantcast and MySpace, ABC, ESPN, Hulu, JibJab, MTV, and NBC Universal brought the concept of "zombie cookies" into the public eye. A similar lawsuit last week from the same attorneys, also seeking class-action status, took on Clearspring, Disney, and Warner Brothers, among others.
Quantcast and Clearspring helped popularize the technique used to create and perpetuate zombie cookies and plant them on computers all over the world. They have made, and continue to make, enormous profits mining and peddling information about Web users' browsing proclivities. That's why they've been singled out. The other high-profile companies targetted in the lawsuits bought into the zombie cookie technique, apparently with Quantcast and Clearspring's help.
It's important for you to understand that blocking or controlling your users' browser cookies won't automatically nullify Flash cookies: The zombie technique persists, if only for a short period of time.
