Are Flash Cookies Violating Your Privacy?

Updated: March 2, 2010
It’s important to note that flash with default settings may track you regardless of where it’s been embedded on a web page: in the post, sidebar, or comments… Source.

Track Flash-Based Media

That’s why we have added free video and widget measurement capabilities to the Quantified Publisher Program. Our new service enables web publishers to measure the use of Flash-based videos and widgets on their web sites, as well as the proliferation of their Flash-based media web-wide.

Getting rid of Flash cookies

7 thoughts on “Are Flash Cookies Violating Your Privacy?

  1. Thanks for dropping in and commenting Mark. I have checked out your website previously. It’s tracking all kinds of data that I consider to be my personal business.

  2. Hi there —

    I work for Quantcast. We are an audience measurement company, and yes, cookies are used in much the same way Omniture, Google Analytics or Hitbox uses them — to count and measure audiences in aggregate.

    You can see the data we provide on our website — check it out. It is all provided via the website.

    Publishers of all sizes use our data to broadly understand their audience.

    Feel free to contact me if you want more info… 415-738-4755.

    My best,

    Mark
    VP, Quantcast

  3. Thanks for responding options and thanks for your recommendation too.
    “I’d recommend to disable everything for all sites, as you can optionally enable a specific option for a particular site by right-clicking on a embedded flash object and pressing on the ‘Settings’ button.”

    Right on.

    When it comes to privacy online I’m firmly convinced that it does not exist and that most people haven’t a clue that: Every time they visited a page with Google ads, or used Google maps, or Google mail—even if they sent mail to a Gmail account—they collected your info.

    I think it’s best that I sign off on that note.

    Best regards :)

  4. hello TT,

    once again, sorry being late with a reply — you can’t imagine how many times I was going to comment, but every time when I thought on this topic, I also had so much to tell (type and ‘construct’ ;-) what would be asides of this particular question so I was frightened to start even and put it off…

    so, first with your original question:

    I’d recommend to disable everything for all sites, as you can optionally enable a specific option for a particular site by right-clicking on a embedded flash object and pressing on the ‘Settings’ button.

    btw, from here you can also go to the Flash Player “Global Privacy Settings Panel” by clicking on the tiny round button with a question mark (‘?’).

    not sure why Adobe made their “Global Privacy Settings Panel” so tricky to find.

    also beware of microphone (and/or camera) settings if your computer has it — Flash is a very much interactive thing, it’s kinda another browser in the browser.

    now specifically on cookies from the .wordpress.com domain:
    I can’t see any reason neither why should .com’s stats graphs, in particular, to store any amount of data on my computer, nor I have a smallest idea is why my visits of any blog on .com should also result in storing anything on my hard-drive other than the cookie used solely for the authentication.

    yes, I mean both google-analytics and quantcast cookies — I consider them as a “potentially personally-identifying information” and think this issue is contradicting to the existing Automattic’s Privacy Policy, which says:

    Protection of Certain Personally-Identifying Information

    Automattic discloses potentially personally-identifying and personally-identifying information only to those of its employees, contractors and affiliated organizations that (i) need to know that information in order to process it on Automattic’s behalf or to provide services available at Automattic’s websites, and (ii) that have agreed not to disclose it to others.

    Other than to its employees, contractors and affiliated organizations, as described above, Automattic discloses potentially personally-identifying and personally-identifying information only when required to do so by law, or when Automattic believes in good faith that disclosure is reasonably necessary to protect the property or rights of Automattic, third parties or the public at large.

    I find it difficult to believe that Google or Quantcast may be either ‘contractors’ or all the more so ‘affiliated organizations’ of Autmattic, but then again (full disclosure!) I’m really not a lawyer.

    I’ve got also an issue with the following statement:

    If you are a registered user of an Automattic website and [therefore — options] have supplied your email address . If you send us a request (for example via a support email or via one of our feedback mechanisms), we reserve the right to publish it in order […]

    but most of all I’m unhappy with the fact that any comment left by the registered (i.e. already authenticated .com) user contains both an e-mail and IP address — coupled together they constitute pretty much “personally-identifying information”.

    yeah, I know standalone WP does the same thing, but the issue is, every such blog is a private thing (i.e. where all communications are only between blog commenter and its operator), and not a public web-service, where any blog operator is really a third-party (relatively to the .com and yourself) — a .com blog operator, in fact, does not have any privacy policy (which you may accept or not), only wordpress.com does. and currently its policy effectively contradicts in this aspect to what is in the reality.

    wow, that turned to be not a comment — a full-blown blog post rather.

    finally, as far as I remember, you loved to link to Cory Doctorow, and so do I. hope you’ll enjoy (if haven’t before yet):

    ScroogledGoogle controls your e-mail, your videos, your calendar, your searches… What if it controlled your life?

  5. just to clarify a bit:

    that linked post is a good and RightThing, everyone would want to follow an advise in that post. thanks a lot, tt.

    however, information (presumably cookies) that you can see in that Flash player control panel was indeed left by the quantserve flash graphs and charts when you visited the quantserve site proper, it’s not a result of using/browsing wordpress.com’s blogs.

    so, the only of your internet surfing habits, those quantserve flash cookies said can really track, are which of the sites stats *presented on the quantserve* you happened to see most of the time, being there ;-)

    btw, as you know, wordpress.com’s inhouse stats also use flash. just curious what setting you made for this very domain?

Comments are closed.