Between the Lines

Larry Dignan, Andrew Nusca and Rachel King
Home / News & Blogs / Between the Lines

Big Media sites sued over use of "zombie cookies"

By | July 28, 2010, 9:42am PDT

Summary: Media sites including Hulu, ESPN, MTV and MySpace are facing a class action suit over the use of “zombie cookies,” which allowed the sites to recreate a Web tracking cookie after the user manually deleted it.

Some of the nation’s largest media Web sites - including ABC, ESPN, Hulu, MySpace and MTV - were named in a lawsuit filed last Friday for violating federal computer intrusion laws.

At issue is the use of “zombie cookies,” a technology created by Quantcast - which is also named in the lawsuit - that allows site owners to use a storage compartment in Adobe’s Flash player to recreate Web tracking files after they’ve been manually deleted by the user.

The suit (PDF), which was filed in U.S. District Court in San Francisco, alleges that the practice of recreating the cookies violates federal eavesdropping and hacking laws. It seeks class action status. From the suit:

The collection of data by Defendants was wholesale and all-encompassing. Data passing from the user’s computer was observed without discrimination as to the kind, type, nature, or sensitivity of the data. Like the privacy one loses from an airport security body scanner, everything passing through the consumer’s Internet connection was intercepted by Defendants, claimed as their property, and traded as a commodity. Regardless of any representations to the contrary — all data – whether sensitive, financial, personal, private, complete with all identifying information, was intercepted, exposing users like a “fish in a fishbowl.”

According to a report on Wired’s Threat Level blog, Flash cookies - as they’re also known - are relatively unknown to users and are not controlled by a browser’s privacy settings and controls. From the Wired post:

Websites can store up to 100 kilobytes of information in the plug-in, 25 times what a browser cookie can hold. Sites like Pandora.com also use Flash’s storage capability to pre-load portions of songs or videos to ensure smooth playback. QuantCast was using the same user ID in its HTML and Flash cookies, and when a user got rid of the former, Quantcast would reach into the Flash storage bin, retrieve the user’s old number and reapply it so the customer’s browsing history around the net would not be cut off. Quantcast’s behavior stopped last August, after Wired.com reported on the research from then-grad student Ashkan Soltani.

Adobe’s Flash player - which was the subject of controversy when Apple killed its use for its iOS products - is installed on an estimated 98 percent of PCs and is a key element in powering online video players.

The suit was filed by Texas lawyer Joseph Malley, a privacy advocacy attorney who also was involved in other key technology privacy suit settlements, including Facebook’s $9.5 million settlement over its Beacon advertising program and a settlement with Netflix over privacy issues raised as part of a promotional contest.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Between the Lines”

Topics

Adobe Flash, Wired Inc., Settlement, Storage, Cookie, Quantcast, Sam Diaz

Sam has been a technology and business blogger for more than 18 years.

Disclosure

Sam Diaz

Sam Diaz has nothing to disclose.

Biography

Sam Diaz

Sam has been a technology and business blogger, reporter and editor at ZDNet, the Washington Post, San Jose Mercury News and Fresno Bee for more than 18 years. He's a member of the National Association of Hispanic Journalists and a graduate of California State University, Fresno.

Talkback Most Recent of 15 Talkback(s)

  • RE: Big Media sites sued over use of
    So turn off cookies in Flash Player using the flash settings app, or install the Flashblock add-on for Firefox. This is not "intrusion" or "hacking". This is just utilizing a feature of a plug-in. It's certainly no reason to sue someone, looking for a quick buck. Hopefully this lawsuit is laughed out of court.
    ZDNet Gravatar
    spatula6
    28th Jul 2010
  • RE: Big Media sites sued over use of
    @spatula6
    I don't even know where to begin to diagnose the ignorance and pompousness of that comment...
    ZDNet Gravatar
    Cyrorm
    28th Jul 2010
  • RE: Big Media sites sued over use of
    @spatula6 That renders a lot of these useless. If what you're intimating is that you shouldn't use these websites without companies taking every bit of data about you (without user knowledge, unless someone can read a long, lawyered-up TOS in only some cases), then guess what: you've shut down half of the internet.

    It is intrusion because the data that is being taken by these companies is shared via third parties, often without the user's knowledge or consent.
    ZDNet Gravatar
    superbus
    28th Jul 2010
  • Ugh, Flash
    Yet another reason not to trust Flash, or otherwise closed, proprietary software to begin with. Just recently, me and a friend were discussing how plain HTML (and CSS) web pages are inherently more trustworthy, given that you can look at its source code at any time; whereas those all-Flash pages, it seems that people make their pages all-Flash for no other reason than to hide its source, using the excuse of "visual enhancement" to cover their tracks.

    Believe me, I'm all for sprucing up pages whose content and theme would need it, so that everything doesnt look like a sheet of paper, but until we get a (roughly) equal open-source counterpart, where we can SEE what's going on when we visit, then I say, "no thanks."
    ZDNet Gravatar
    Wodenhelm
    28th Jul 2010
  • Good ol' Freetard sentiment.. gotta love it..
    @Wodenhelm -

    Then get off your ass and invest some time and money in producing a Flash replacement, release it as open source, and make sure it's better than Flash so everyone can use it..

    After all, it's just that easy, isn't it?
    ZDNet Gravatar
    daftkey
    28th Jul 2010
  • RE: Big Media sites sued over use of
    @daftkey HTML5.
    ZDNet Gravatar
    Gritztastic
    28th Jul 2010
  • RE: Big Media sites sued over use of
    @daftkey You should try calming yourself down before posting. I can picture you now, getting mad, screaming at the screen (in your head), while sipping on a cup of Fox News.

    In any case, many companies have indeed done such things, for the simple fact that they didnt want to be tied in with the competing vendor, or otherwise they'll make their money off of support, instead of product sales. Linux, OpenOffice, upcoming HTML5 will be universal, there are many other examples out there.

    My point, is that we have the right to see what's going on, just the same as any of us can easily open the hoods of our cars.
    ZDNet Gravatar
    Wodenhelm
    28th Jul 2010
  • HTML5 isn't
    @Wodenhelm -

    ..It's open standards - a small difference, but a difference nonetheless..

    It's interesting that you list three products that have been in the works for years, and are still only "kindof almost but not really" as good as the proprietary products that they are attempting to replace..

    Pattern, see, here?
    ZDNet Gravatar
    daftkey
    28th Jul 2010
  • Interesting they didn't seem to include Adobe in the suit.
    Since they apparently are at least as responsible for this as Quantcast
    ZDNet Gravatar
    cornpie
    28th Jul 2010
  • RE: Big Media sites sued over use of
    @cornpie

    Ah, but Adobe just put this into their thing and said "Here are the uses for it!" It's like blaming Microsoft if a ActiveX control that you install has something like this in it, it doesn't fly.

    The functionality has a legitimate use, these people are using it for illegitimate purposes.
    ZDNet Gravatar
    Lerianis10
    28th Jul 2010
  • I guess we now know why all the big media
    wants to keep using flash.
    ZDNet Gravatar
    frgough
    28th Jul 2010
  • I hate Flash. I wish we could be rid of it
    Yes, I want to SKIP INTRO
    ZDNet Gravatar
    HollywoodDog
    28th Jul 2010
  • RE: Big Media sites sued over use of
    @HollywoodDog

    Flash is no worse than WMP plugins and other things. In fact, Flash is much BETTER than those things when it comes down to it.
    ZDNet Gravatar
    Lerianis10
    28th Jul 2010
  • Horrified and installed Better Privacy plug-in
    I was really disgusted to discover this Flash cookie nonsense - immediately installed Fox plug-in Better Privacy that allows you to autokill flash cookies in various ways.

    The FTC could also initiate some legal proceedings against Adobe or web sites for setting these cookies.

    I think this story is going to gain a lot of traction in the blogosphere and that Adobe will have to withdraw the feature.
    ZDNet Gravatar
    Don Collins
    28th Jul 2010
  • RE: Big Media sites sued over use of
    I favorite to many thanks for this unbelievable post .I most surely beloved nfljersey each individual very little tiny little bit of it. I've you bookmarked your web web-site to research one of the most latest stuff you position.
    ZDNet Gravatar
    tomlin21-24319035676893835085146735905770
    11th Oct

Talkback - Tell Us What You Think

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources