Recently, there has been a series of class-action lawsuits involving flash cookies filed against Internet, digital media, marketing and advertising companies. Flash cookies are used by Adobe’s Flash Player to display content and store user preferences, among other uses. Adobe’s Flash Player is one of the most popular video players, and therefore the use of flash cookies is widespread across the Internet.
Some websites use flash cookies to track users and store information about them. Flash cookies are particularly good at this because they have much larger capacity than browser cookies (the default is 100 kb compared to 4 kb in a browser cookie), and thus can store 25 times more data. Unlike browser cookies, flash cookies have no expiration dates and remain on a computer even after the cookie folder is emptied. A central issue among some of the filed lawsuits is the use of flash cookies to store traditional browser cookies and then re-install them after they are deleted from a computer, a practice known as “re-spawning” (Adobe condemns this practice).
The genesis for this series of flash cookie lawsuits is likely a 2009 study by researchers at the University of California at Berkeley. The study found that over 50% of the websites in their sample of the Internet’s most popular websites used flash cookies to store user information, and a subset of these websites also practiced re-spawning. The Berkeley study was specifically referenced in two of the flash cookie lawsuits.
Any company that delivers online video using Adobe’s Flash software is at risk of being drawn into this litigation. Companies should consider examining their use of flash cookies as a result of these lawsuits.
This post was authored by Ian Engstrand.