Feeds

Disney sued for spying on kids with 'zombie cookies'

Snooping with 'little available redress for users'

Top 5 reasons to deploy VMware with Tegile

Walt Disney's internet subsidiary and several of its partners have been sued for allegedly using cookies based on Adobe's Flash Player to track highly personal information about their users, many of whom were minors.

The LSOs, or locally shared objects are better known as Flash Cookies, and their ability to gather detailed user information over long periods of time without a trace has been understood since at least 2007. Now, attorneys representing people who browsed websites that employed the technology claim it was used to track them in ways that violate the sites' privacy policies.

For instance, the habits of one individual who browsed articles on depression, were uniquely tracked across a network of partners, according to the complaint.

The suit was filed in US District Court in Los Angeles against Walt Disney Internet Group, Clearspring Technologies, Warner Bros. Records, and several other companies that shared the cookies. The affiliates fail to adequately warn users about the information-sharing arrangement, which according to the complaint, allows “zombie cookies” to be restored even after a user has gone through the trouble of deleting them.

“Using Flash cookies to re-identify users overrides this control, with little available redress for users,” the complaint, which seeks class-action status, states. “Although users may arguably protect themselves by periodically deleting their Flash cookies as well, the means for doing so are extremely obscure and difficult even for savvy consumers to use. Flash specifically attempts to obfuscate data within each LSO by controlling the format and forcing a binary serialization of any stored data, thus bypassing the web browser's same-origin security policy, allowing an application hosted on one domain to read data or code hosted on another.”

A research paper (abstract here) released last year by UC Berkeley researchers famously exposed the ability of Flash cookies to surreptitiously “respawn” deleted cookies. It served as a wakeup call about the uncanny persistence of the tracking files. What's more, Flash cookies can store up to 100 KB of data, 25 times more than normal cookies.

The suit alleges the companies violated a raft of laws, including the federal Computer Fraud and Abuse Act, the California Computer Crime Law, the California Invasion of Privacy Act and trespass and personal property statutes. The complaint is here. ®

Bootnote

To Adobe's defense, company officials have stated in comments (PDF) submitted to the FTC that their policy “condemns the practice of using Local Storage to back up browser cookies for the purpose of restoring them later without user knowledge and express consent.” That's a great first step. Now the company should release a free consumer tool that makes it easy to manage and delete the new-fangled cookies.

Remote control for virtualized desktops

More from The Register

next story
UK smart meters arrive in 2020. Hackers have ALREADY found a flaw
Energy summit bods warned of free energy bonanza
DRUPAL-OPCALYPSE! Devs say best assume your CMS is owned
SQLi hole was hit hard, fast, and before most admins knew it needed patching
Knock Knock tool makes a joke of Mac AV
Yes, we know Macs 'don't get viruses', but when they do this code'll spot 'em
Feds seek potential 'second Snowden' gov doc leaker – report
Hang on, Ed wasn't here when we compiled THIS document
Mozilla releases geolocating WiFi sniffer for Android
As if the civilians who never change access point passwords will ever opt out of this one
Why weasel words might not work for Whisper
CEO suspends editor but privacy questions remain
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
The Heartbleed Bug: how to protect your business with Symantec
What happens when the next Heartbleed (or worse) comes along, and what can you do to weather another chapter in an all-too-familiar string of debilitating attacks?