Flash Cookies Leave A Bitter Taste

by David Schuette, Catalyst Inc

Privacy is, and always has been, something that needs to be taken very seriously. People will only return to or do business with sites they trust. This means that while a website can track everything, it does not mean that it should. In fact, several large media sites have recently been sued over the use of “flash cookies,” which can be used to identify returning site visitors even after the user has deleted their standard cookies.

From a measurement perspective resetting cookies is excellent, as it creates a full view of the customer and their activity with your site. The allure of that level of information is obvious (lifecycle marketing, retargeting, etc.), but the user cleared their cookies for a reason and resetting it via a non-standard method can easily break trust. If you are thinking of trying out the use of “flash cookies” to reset browser cookies, you are in a very gray area and run a real risk of breaking the trust of your users–not to mention possible legal action.

In fact, because of the speed of change in the web analytics industry, you should review your privacy policy to make sure that it is up to date and that the appropriate information is available to your users. To take it a step further, keep an eye out for the recently published Web Analytics Association Code of Ethics; it provides a starting point for discussion around best practices within the web analytics industry.

Use these best practices to preserve the trust of your users. Always keep privacy top of mind – even when it means reduced tracking capabilities. If data collection and privacy are not handled properly they can become a lightning rod for criticism and an unnecessary distraction from the real value that web analytics can provide.

Read More…

{ 2 comments }

David J McClelland January 3, 2011 at 11:00 am

Is this really a gray area that Adobe should tighten with a truly “opt-in” security setting? Such as the way webcam and microphone enablement works?

Or is Flash working the same way virtually all websites do- you must delete cookies and turn cookies off. Flash has security settings to do that. Perhaps Adobe could key off of the user prefs for browser cookies?

I agree that sites should notify regardless. Thanks for posting.

David Schuette David Schuette January 4, 2011 at 10:59 am

@David McClelland

The starting place should really be revamping the interface in which a user interacts with the flash cookies. The current interface is horrible, to the point that it almost seems designed to not let people effectively manage these objects.

A full on opt-in should not be needed if the user is given opportunity to easily adjust settings such that they could opt-out if they wanted to, clear them after each session, etc. This would makes things more equal to traditional cookies and would avoid a, what is sure to be annoying, opt-in box for each new site a person visits.

Previous post:

Next post: