CYBERSPACE – A little-known surfer-tracking technique that uses Adobe Flash technology to spy on users’ habits has been documented by academics, who warn that most sites do not inform consumers about the potential privacy invasion.In a research paper called “Flash Cookies and Privacy,” a team of five computer scientists and attorneys noted so-called “Flash cookies” can be used as “secondary, redundant unique identifiers that enable advertisers to circumvent user preferences and self-help.”

The researchers discovered a significant number of websites—including U.S. federal government websites that are prohibited from tracking user behaviors—employ Flash cookies despite privacy policies indicating users may elect not to be tracked. The Flash code snippets often are used to “undelete” information in traditional browser-based cookies users may have cleared from their computers.

“We find that more than 50 percent of the sites in our sample are using Flash cookies to store information about the user,” the team noted in its paper. “Some are using it to ‘re-spawn’ or re-instantiate HTTP cookies deleted by the user. Flash cookies often share the same values as HTTP cookies, and are even used on government websites to assign unique values to users. Privacy policies rarely disclose the presence of Flash cookies, and user controls for effectuating privacy preferences are lacking.”

According to the researchers, Flash cookies are both more insidious and more effective than HTTP cookies because few Web surfers are aware the technology exists and even fewer know how to disable it. In addition, Flash cookies are difficult to detect. By default, they have no expiration date, and browser settings like “privacy mode” and cookie acceptance policies have no effect on the Flash code.

Previous studies have indicated about 30 percent of internet users delete browser-based cookies monthly. Flash cookies help publishers and advertisers avoid the ensuing difficulty in identifying unique website visitors and tracking customers “owned” by affiliates.

The current research indicates third-party advertising networks are the most likely to use Flash cookies. Surprisingly, among the top 100 websites that employ the technology, Whitehouse.gov is one of only four that admits the practice.

Anti-tracking tools to block Flash cookies are not widely available. The most effective way to rid one’s system of the pests is to delete them in Flash Player, but the player must be opened separately from a browser in order to accomplish the task.

The researchers concluded Flash cookie deletion mechanisms should be built into browsers, and the technology should be incorporated into ongoing internet privacy discussions in Congress.

The research team included representatives from the computing department at University of California, Berkeley; Berkeley’s school of law; Clemson University; Jacksonville State University and Louisiana State University.