If are a frequent visitor to YouTube or just stopped by Scribid to check it out just once, or any other Flash site the odds are you have zombie cookies lurking on computer that you thought were long gone according to Helium. The following sites have recently been named in a lawsuit for installing zombie cookies on computers.
ABC- ESPN
- HULU
- MySpace
- MTV
- NBC
- Scribid
- YouTube
- Most other site utilizing Flash
When you visit a web-site they generally place a cookie on your computer, which you can delete. But you delete a zombie cookie it comes back to life in sense – hence the cool name. The problem was first identified at UC Berkley. They noticed that they were deleting cookies, but they kept coming back over and over again. No amount of deleting them would kill the nasty little buggers off. After tracking down their location the only fix that was easily available at that time was deleting the cookies and Adobe Flash Player (NASDAQ: ADBE). It is reported that Flash is installed on about 98% of all personal computers and the odds are almost all of those computers have 
visited a site that planted a zombie cookie. Quantcast created zombie cookies and the firms calls them “unintended consequence.”
Wired reports the lawsuit (PDF), filed in U.S. district court in Central California, asks the court to find that the Quantcast Zombie Cookie practice violated eavesdropping and hacking laws, and that the practice of secretly tracking users also violated state and federal fair trade laws. The lawsuit alleges a “pattern of covert online surveillance” and seeks status as a class action lawsuit. Privacy activist lawyer Joseph Malley filed the lawsuit. Maller also played key roles in other high-profile privacy lawsuits with Facebook and Netflix. “The objective of this scheme was the online harvesting of consumers’ personal information for Defendants’ use in online marketing activities,” wrote Malley, who called the technique “as simple as it was deceptive and devious.”
Zombie cookies are bad if you care about maintaining your privacy. Zombie cookies are forced upon your system and cannot be deleted by normal means. Zombie cookies are made pretty simply. When a zombie cookies from Quantcast is deleted, the QuantCast program goes back to the storage bin and retrieves your user id in HTML format. It then re-applies that user id, but hides it in the Flash application where you can do almost nothing about it. It really is that simple. Getting rid of zombie cookies is a pain, but definitely can be done. Helium suggest that short of ditching Adobe completely, you can go to Adobe’s webpage and set controls on the Global Privacy Settings page. If you use Firefox you can get rid of Flash cookies – including zombie cookies by using the BetterPrivacy add-on.
rb-
No wonder there is a growing chorus to abandon Adobe for security reasons. What other surprises does Adobe have coming?
Related articles
- The Evercookie: Like trying to kill Steven Seagal (go.theregister.com)
- Congressmen blast “supercookies” as privacy menace (arstechnica.com)
