Flashing, Respawning Cookies Lead to Privacy Suits
by Paul Springer
Online advertising inventory specialist interclick’s (ICLK) website links to a November blog post presenting a thesis that the company’s stock price could double in six months to a year. A counter thesis arose on Tuesday when the issue lost 12.41% on a huge volume in a matter of hours.
And it wasn’t a flash crash or some other inexplicable event.
It was the latest of several lawsuits alleging that various denizens of the internet have violated the privacy of internet users.
The legal dimensions of privacy on the net are currently nebulous and will take years to measure, but it’s clear what the immediate effect of a privacy lawsuit looks like, and it’s not pretty.
The civil suit was filed in U.S. District Court in New York’s Manhattan borough, where a woman is seeking class action status for allegations of unseemly sounding activities known as “browser sniffing” and “flash cookie” abuse. The suit asks the court to make interclick delete personal information and give plaintiffs profits made from use of the data.
Interclick’s browser sniffing is based on several stealthy, non-transparent functionalities according to the suit:
Interclick performed history-sniffing as follows: (a) in its code to display an advertisement to a consumer, Interclick embedded history-sniffing code invisible to the consumer; (b) the history-sniffing code contained a list of web page hyperlinks; (c) although the hyperlinks were not displayed to the consumer, the consumer’s browser automatically assigned each link a color designation based on whether the user had previously visited the web page associated with the link; (d) the history-sniffing code performed an examination of the list of color-designated hyperlinks; (e) the history-sniffing code transmitted the results of this examination to Interclick’s servers.
Also at issue is Adobe Flash local shared objects (LSOs), or flash cookies, which allow people to run the Adobe Flash program that pretty much anyone using the internet obtains for viewing videos and running other applications.
Adobe’s LSOs were designed to run Adobe programs, not to facilitate spying on users. But the suit alleges that interclick is able to take advantage of the LSOs to bring deleted cookies back from the dead.
How do people figure out these kinds of things are going on? For one thing, the suit references an academic study that found interclick and several other companies were able to achieve what the study calls “cookie respawning.”
We found that taking the privacy-conscious step of deleting HTTP cookies to prevent unique tracking could be circumvented through “respawning” (See Figures 1-3). The Flash cookie value would be rewritten in the standard HTTP cookie value, thus subverting the user’s attempt to prevent tracking.
We found HTTP cookie respawning on several sites.
On About.com, a SpecificClick Flash cookie respawned a deleted SpecificClick HTTP cookie. Similarly, on Hulu.com, a QuantCast Flash cookie respawned a deleted QuantCast HTTP cookie.
We also found HTTP cookie respawning across domains. For instance, a third-party ClearSpring Flash cookie respawned a matching Answers.com HTTP cookie. ClearSpring also respawned HTTP cookies served directly by Aol.com and Mapquest.com. InterClick respawned a HTTP cookie served by Reference.com
One academic study does not a court case make, and interclick has not responded to the suit in court. It did, however, say in a news release Monday that the law firm involved has filed several similar suits – some of which have not prevailed. (Other suits, however, have proven costly to alleged privacy invaders, according to The Wall Street Journal.)
The current suit says interclick claims it no longer uses LSOs for ad targeting.
The Seeking Alpha analysis linked on interclick’s website made a cogent argument for increasing valuations. But interclick’s success at least in part depends on its running out of sight – and mind – of end users, who are increasingly frustrated at applications that leave cookies or track browsing. What happens if a lawsuit turns the table and puts interclick out in the open, buck naked for all to see?
Maybe nothing in the long run. In the short run, it’s like a capital markets magic wand that makes 10% of your market cap disappear right before your eyes.
Related posts:
- The Blind Lead the Broke in Forex FraudA recent legal action by the Commodity Futures Trading Commission and Securities and Exchange Commission suggests a scheme...
- Plate Pleads Guilty in Criminal Insider ActionA figure in the Galleon insider trading investigation pleaded guilty to securities fraud and conspiracy charges on Friday, according...
- Roubini Dishes on Double DipDiscussing whether the recession is headed for a double-dip, with Nouriel Roubini, Roubini Global Economics chairman. Source: CNBC...
Short URL: http://www.traderdaily.com/?p=10433
