Court Says No Harm, No Foul With Flash Cookies

from the what's-the-harm? dept

There were some articles a few months back about the use of "flash cookies," which could potentially record more information about visitors than regular cookies, and were much more difficult to turn off. As with pretty much every new privacy fear, class action lawsuits quickly followed. However, a judge in one of them has pointed out that there's no evidence of harm, at least not enough harm to matter to the court under the law. While some people are quick to jump on every privacy scare, it seems like the courts are pointing out that just because people freak out about privacy issues, it doesn't mean any real harm occured. This is probably a good thing. While privacy is important, all too often we see people freak out about issues they claim are "privacy" issues when they're really just more "well, I don't like this" issues.


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    icon
    :Lobo Santo (profile), Aug 19th, 2011 @ 3:52pm

    Where

    At what point does personal responsibility come in?

    Anybody can learn how to block such things from ever reaching their computer in the first place.

     

    reply to this | link to this | view in thread ]

  2.  
    icon
    Pitabred (profile), Aug 19th, 2011 @ 4:06pm

    Re: Where

    You should read more about the issue. There's really nothing you can do to block those cookies, not without basically removing all plugins and turning off all scripts and so on.

    http://www.wired.com/epicenter/2011/07/undeletable-cookie/
    http://en.wikipedia.org/wiki/Zomb ie_cookie

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    Sebastian, Aug 19th, 2011 @ 4:06pm

    If they inform about the use of them and the purpose it maybe will be ok but otherwise it seems very suspect.

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    Anonymous Coward, Aug 19th, 2011 @ 4:19pm

    It pains me to say this but I don't believe courts should be involved in this case, if it was something being done secretly, Adobe should be punished, but since it is common knowledge and every one who has an interest knows about it, this is much more a case of people starting to use their freewill and don't do business with Adobe, or take measures to stop it from collecting that data.
    Now if this was an evercookie undeletable and difficult to detect then I think people have a very legitimate concern.

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    Anonymous Coward, Aug 19th, 2011 @ 4:26pm

    Also most of the evercookies depend on scripts to be create, if you don't allow them that takes care of most of them, with the others being easily erased if you just clean the browser cache and history.

    People should be worried about the next HTML 5 standard that the W3C putting out, there is apparently no considerations about privacy issues they just don't care about that stuff, and that is the place to pressure if people want somethings to change.

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    Anonymous Coward, Aug 19th, 2011 @ 4:32pm

    WebGL the danger to privacy

    Almost forgot the 3D standard for a 3D web is a problem, because 3D depends on system drivers to operate and that opens possibilities not only for security breaches but for privacy ones.

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    abc gum, Aug 19th, 2011 @ 4:41pm

    What is it about these perverted websites anyways?

    Why do they need to execute their code on your computer? There is no compelling need to run foreign code in order to render a web page, stating such is pure horse hockey. If you knew exactly what they were doing on your computer with their code, you would probably avoid them at all costs. I sincerely doubt they have any regard for your well being at all and are only in it for the money they get from selling information gleaned from your computer.

    Anything for a buck eh? To hell with self respect. If this is how one must make a living then I really do not need to visit that pathetic website.

    FWIW, I routinely surf with javascript turned off. It is not a big hindrance. If I really need the services provided by such a website, I may turn it on - or then again, I may go elsewhere.

    Lazy web site designers that rely upon javascript and their ilk are only doing themselves and everyone else a disservice.

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    Anonymous Coward, Aug 19th, 2011 @ 4:41pm

    Made me think of Cookie Monster

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    Anonymous Coward, Aug 19th, 2011 @ 4:47pm

    Re: Re: Where

    ...turning off all scripts and so on.


    If you're promiscuous about running any script on the 'net, then you should expect to get pwn3d.

    No, you're not “asking for it”. Very few people want their computers compromised. And I agree that in a civilized culture any drunken girl wearing a miniskirt should be able to walk down a random dark alley in the worst part of town—absolutely fearlessly.

    If you're promiscuous about running any script on the 'net, then you should expect to get pwn3d.

     

    reply to this | link to this | view in thread ]

  10.  
    icon
    sheenyglass (profile), Aug 19th, 2011 @ 4:52pm

    Court did find plaintiff alleged harm

    However, a judge in one of them has pointed out that there's no evidence of harm, at least not enough harm to matter to the court under the law.


    I would recommend reading the decision itself (http://www.scribd.com/doc/62531370/Bose-v-Interclick) in addition to the commentary, as this is statement is inaccurate.

    The court dismissed plaintiff's claims under 18 USC 1030 because Congress has mandated that civil claims are only authorized by this statute when the plaintiff has suffered at least $5,000 in economic harm. This is a much narrower articulation of "harm" than that implied by the article.

    The court found plaintiff's allegations of deceptive business practices (NY GBL Sec. 349) and trespass to chattel to be sufficient (dismissing against Interclick's Adertiser clients, but not Interclick itself) stating that "courts have recognized similar privacy violations as injuries for the purposes of section 349" (at 21)

    Also, to be pedantic, no decision was made as to whether there was evidence to support the allegations. A motion to dismiss addresses only whether the allegations, if true, create a valid cause of action.

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    Anonymous Coward, Aug 19th, 2011 @ 5:01pm

    Blocking cookies, flash cookies, and silverlight cookies aren't a big deal. However this issue changes when it comes time to block Nevercookies. According to what I've read on Nevercookie, they were designed not to be deleted once on a computer. Hidden in up to 15 different places, they can resort a deleted cookie and continue to track user info despite what the user might not want.

    There was and I don't know if there still is, an app for Firefox to deal with this Nevercookie. Last I saw of it was it was not updated with the last update version of Firefox.

     

    reply to this | link to this | view in thread ]

  12.  
    icon
    NotMyRealName (profile), Aug 19th, 2011 @ 5:04pm

    I'm curious as to how a court decides the value of privacy.

    My browsing history is worth a fair bit to me personally. I'm sure there are companies who collate many people's history as market research and may pay as little as a few pennies per. Is market value == value of harm caused?

     

    reply to this | link to this | view in thread ]

  13.  
    icon
    sheenyglass (profile), Aug 19th, 2011 @ 5:09pm

    Re: Re: Re: Where

    And in an imperfect world you should also expect the legal system to punish your rapist.

    I think that the more knowledgeable one becomes on a technology and its dangers, the less qualified they are to opine about what security measures average people should be expected to take. The vast majority of people I know over 35 probably haven't even heard of JavaScript. And if they have they probably think its Java.

     

    reply to this | link to this | view in thread ]

  14.  
    icon
    NotMyRealName (profile), Aug 19th, 2011 @ 5:11pm

    Re:

    also, http://noscript.net/

    more also, I believe http://www.hotcleaner.com/clickclean_firefox.html will fully clear evercookies.

     

    reply to this | link to this | view in thread ]

  15.  
    icon
    NotMyRealName (profile), Aug 19th, 2011 @ 5:19pm

    Re: Re:

    more also, Part II:
    http://www.sandboxie.com/

     

    reply to this | link to this | view in thread ]

  16.  
    identicon
    out_of_the_blue, Aug 19th, 2011 @ 5:34pm

    No corporation has a right to track anyone, only the power,

    and they mostly do it by stealth, which alone tells you a great deal. By stealth I mean you techdroids may know that it's done and how to avoid, but the unwashed masses don't -- heck, even techy types barely speculate on what's done with that tracking, or the massive collation of it that's tied into the national surveillance network.

    ANY information gleaned without informed consent is an injury, doubly so when sold commercially for profit, doubled again when fed to national security. Just the potential for misuse is plenty justification for the people to put an end to it. My opinion is that once widely known, there'll be plenty of outrage at "free", "do no evil" Google and all others.

    And note that yet again, "libertarian" Mike isn't concerned with actual tracking. Long as the discussion stays theoretical, he's libertarian, but when it comes to putting liberty into practice by arresting the lying criminals at Standard & Poor, or preventing the tracking of /natural persons/, he's a staunch defender of corporate rights.

     

    reply to this | link to this | view in thread ]

  17.  
    identicon
    Anonymous Coward, Aug 19th, 2011 @ 5:51pm

    Seriously? You have to wait until the lack of privacy harms you in the amount of $5,000 or more before it's a concern? What the fuck is wrong with you?

     

    reply to this | link to this | view in thread ]

  18.  
    identicon
    Anonymous Coward, Aug 19th, 2011 @ 6:00pm

    Re:

    http://threatpost.com/en_us/blogs/researchers-find-methods-kill-persistent-evercookie-101910

    Unle ss you are using a mobile phone as primary browsing tool, evercookies are not a problem.

    Disable scripts and clear history and cache.

    Mobile users on the other hand are screwed unless they have root privileges there is little they can do about it.

     

    reply to this | link to this | view in thread ]

  19.  
    identicon
    Anonymous Coward, Aug 19th, 2011 @ 6:01pm

    Re: Re: Re: Re: Where

    I think that the more knowledgeable one becomes on a technology and its dangers, the less qualified they are to opine about what security measures average people should be expected to take.


    Great. Glad you have an opinion.

    The current state of the art is not capable of delivering the features that the market wants coupled together with acceptable security. The system is being driven towards an non-optimal outcome. That's actually kinda predictable when there's an information gap.

    If you are an average person who takes average measures today then you run a high risk of getting pwn3d.

    If you're a little bit smarter than average, you can reduce your risk.

     

    reply to this | link to this | view in thread ]

  20.  
    identicon
    Anonymous Coward, Aug 19th, 2011 @ 6:09pm

    Re: No corporation has a right to track anyone, only the power,

    You see, the stealth part I agree, if it is not being disclaimed that is an issue but if it is and in the case of Adobe it is, then that is a consumer problem not the company.

    http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.h tml

    I don't like it but I like the legal system even less, this could cause also collateral damage into research being done on things that could be useful for society.

    As long as there is disclosure and people can remove those damn things if they do research on it, I'm willing to accept any harm done to privacy to people ignorant on the tech aspects of it.

     

    reply to this | link to this | view in thread ]

  21.  
    identicon
    Anonymous Coward, Aug 19th, 2011 @ 6:26pm

    Re: No corporation has a right to track anyone, only the power,

    https://addons.mozilla.org/en-US/firefox/addon/ghostery/

    Whatch the watchers with Ghostery and similar addons.

    Also if you know anything about javascript and CSS one could use JSView to get a hang of what the website is doing.

     

    reply to this | link to this | view in thread ]

  22.  
    icon
    sheenyglass (profile), Aug 19th, 2011 @ 6:28pm

    Re: Re: Re: Re: Re: Where

    If you are an average person who takes average measures today then you run a high risk of getting pwn3d.
    If you're a little bit smarter than average, you can reduce your risk.


    I apologize for my tone - it was more snotty than warranted (although more appropriate to the preceding comment that "[a]nybody can learn how to block such things" which implied a lack of expertise was some kind of person failure on the part of victims).

    However, I do think people who are promiscuous about running scripts generally don't know that they are doing so. Its a mistake to expect people to take precautions against dangers they don't know exist and to give them no recourse if they don't. That's basically a darwinian approach - only the strong/savvy have a right to privacy.

     

    reply to this | link to this | view in thread ]

  23.  
    identicon
    Anonymous Coward, Aug 19th, 2011 @ 6:45pm

    Re: Re: Re: Re: Re: Re: Where

    I apologize for my tone

    I've spent enough time in some of the worst hell-holes of usenet to grow a thick skin.

    Its a mistake to expect people...

    You got a better word than “expect” to use for “a predictable outcome” ?

    Look, you seem to be arguing normatively, and I'm describing what I see happening. If I could drive the system in a better direction, then I would. But right now, the best I can do is a warning to sauve qui peut.

     

    reply to this | link to this | view in thread ]

  24.  
    identicon
    Anonymous Coward, Aug 19th, 2011 @ 6:47pm

    Re: Re: Re: Re: Re: Re: Where

    I apologize for my tone

    I've spent enough time in some of the worst hell-holes of usenet to grow a thick skin.

    Its a mistake to expect people...

    You got a better word than “expect” to use for “a predictable outcome” ?

    Look, you seem to be arguing normatively, and I'm describing the market failure that I see happening. If I could drive the system in a better direction, then I would. But right now, the best I can do is a warning to sauve qui peut.

     

    reply to this | link to this | view in thread ]

  25.  
    identicon
    Anonymous Coward, Aug 19th, 2011 @ 7:04pm

    Virtual the future.

    Dell's virtual appliance that you can reset to an original state.
    http://www.kace.com/products/freetools/secure-browser/

    Sandboxing Firefox using Fedora/SeLinux
    http://www.bress.net/blog/archives/195-Firefox-in-a-sandbox-with-Fedora.html

    BitB ox sandbox
    http://translate.google.com/translate?hl=en&ie=UTF8&prev=_t&rurl=translate.goog le.com&sl=de&tl=en&twu=1&u=http://www.sirrix.de/content/pages/57064.htm

    Making a virtual appliance using Vmware/Qemu, DamnSmallLinux and Firefox
    http://howto.gumph.org/content/build-a-lightweight-browser-appliance/

    Browser appliance.
    http://wiki.rpath.com/wiki/Appliance:Browser_Appliance

    For those that don't want to create a browser appliance from scratch there are many on the internet that others have done the hard work.

     

    reply to this | link to this | view in thread ]

  26.  
    icon
    sheenyglass (profile), Aug 19th, 2011 @ 7:22pm

    Re: Re: Re: Re: Re: Re: Re: Where

    I'm not sure you can draw a clean line between descriptive and normative statements in this situation. Should is, generally, a normative word as it implies a duty or obligation when used in conjunction with human action. Promiscuous is a normative word as it describes actions outside of the acceptable bounds prescribed by a group's norms. In that context "expect" can mean both/either that the outcome can be predicted and/or that the individual bears some responsibility for predicting it.

    If we are talking about individual actions, then no there is not much we can do and the statement can be mostly descriptive. If we are talking about collective societal actions, acquiescence in the face of market failure is choosing the norms of the free market over the norms of privacy protection through political action. One way to drive the system towards protection of privacy is to allow lawsuits for its violation. Or to allow legislation or regulation.

     

    reply to this | link to this | view in thread ]

  27.  
    identicon
    Anonymous Coward, Aug 19th, 2011 @ 8:10pm

    Re: Re: Re: Re: Re: Re: Re: Re: Where

    If we are talking about collective societal actions...

    The first fact to keep in mind is that we now have an estimated global internet userbase of about 2 billion people worldwide.

    While the rate of growth in the userbase is flattening, we expect to eventually reach close to universal access. So, maybe eight or nine billion people spread out across every nation on the planet. And as the userbase has grown, and as it's expected to grow, the average level of education and technical sophistication drops.

     

    reply to this | link to this | view in thread ]

  28.  
    icon
    sheenyglass (profile), Aug 19th, 2011 @ 8:20pm

    Re: Re: Re: Re: Re: Re: Re: Re: Re: Where

    And as the userbase has grown, and as it's expected to grow, the average level of education and technical sophistication drops

    So the market failure cause by information asymmetry will worsen. This weighs more strongly in favor of non-market solutions, such as through legislation, regulation and litigation.

     

    reply to this | link to this | view in thread ]

  29.  
    identicon
    Anonymous Coward, Aug 19th, 2011 @ 9:49pm

    Re: Re: Re: Re: Re: Re: Re: Re: Re: Re: Where

    This weighs more strongly in favor of non-market solutions


    That's the conventional answer.

    But that conventional answer is limited by problems of international cooperation. International diplomacy is... s...l...o...w.

    Further out in time, as the userbase approaches the total world population, then it's possible that the average user's experience with the built, technological environment increases faster than new users are acquired. However, we do not expect computing and communications technology to remain static and frozen. So instead, it's possible that the average user will continue to adopt technology that they understand less and less well. It's awfully difficult to make predictions that far out. Anything beyond about five years out is a guess in the dark.

     

    reply to this | link to this | view in thread ]

  30.  
    icon
    Jeffry Houser (profile), Aug 20th, 2011 @ 3:24pm

    Re: Re: Where

    As a point of clarification here are instructions on how to prevent Flash Cookies from being set:

    http://kb2.adobe.com/cps/526/52697ee8.html

     

    reply to this | link to this | view in thread ]

  31.  
    identicon
    Anonymous Coward, Aug 28th, 2011 @ 12:34pm

    Re: Where

    BetterPrivacy addon for Firefox all the way.

     

    reply to this | link to this | view in thread ]

  32.  
    identicon
    Steve, Feb 5th, 2012 @ 9:25am

    browsing security

    Ask your self who has interest to track user online EVERBODY for so ever purposes !
    Just that the tech is available doesnt meant it will not be used for illegal purposes and saying no harm done but we track you all ready is nonsense !!! Just to the point when someone harm the same judge who say that ''no harm done'' and he is approving it ! Its getting even worse:
    http://www.laquadrature.net/en/softpedia-google-admits-handing-over-european-user-data-to-us -intelligence-agencies
    Do you approve this kind of behavior now for all users on the world with ip cop on every computer even on yours ???

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This