References - Re: Quarantining an account from the Internet, or from all networking?

Fri Aug 20 09:44:46 EDT 2010

I mentioned "Warner Bros." in my re-post. That may be current news today,
but to leave a cookie crumb for later (e.g. if/when a presentation on
this subject happens), here are wayback URLs/notes. These are far from
the only news stories about Flash; they just happened to be the ones
which were current when we were discussing quarantining here. Apology
for any repetitiveness.   -b

http://www.wired.com/threatlevel/2010/07/zombie-cookies-lawsuit/

    Privacy Lawsuit Targets Net Giants Over "Zombie" Cookies
    [July 27, 2010]

    A wide swath of the net's top websites, including MTV,
    ESPN, MySpace, Hulu, ABC, NBC and Scribd, were sued in federal
    court Friday on the grounds they violated federal computer
    intrusion law by secretly using storage in Adobe's Flash
    player to re-create cookies deleted by users.

    At issue is technology from Quantcast, also targeted in the
    lawsuit. Quantcast created Flash cookies that track users
    across the web, and used them to re-create traditional browser
    cookies that users deleted from their computers. These "zombie"
    cookies came to light last year, after researchers at UC 
    Berkeley documented deleted browser cookies returning to life.
    Quantcast quickly fixed the issue, calling it an unintended
    consequence of trying to measure web traffic accurately.

        -The point here being not whether Quantcast is CYAing;
         it's that a user's installing the Flash binary opens
         her/his machine to code having unknown capabilities,
         resurrecting "zombie" cookies being one which got noticed
         by researchers. The capabilities may not even have been
         intended by Adobe (see below); all that matters is that
         the binary provides them when it's installed.

http://www.networkworld.com/community/node/65207

    The Audacity of Warner Brothers and Re-Spawning Zombie Cookies
    A lawsuit alleges that companies "steal" private user information.
    [August 18, 2010]

    A Berkeley University research team published an academic study
    titled, "Flash Cookies and Privacy." According to their research,
    even if you opt-out from having a Flash cookie set, user's Flash
    cookie preference is disregarded "as evidenced within the log
    activity as retargeting.sol." This respawning activity happens
    within five seconds! It's an interesting read; even Whitehouse.gov
    showed up in the Flash cookie and tracking report.

    According to this report (.pdf), Adobe condemns the practice of
    Local Storage to back up browser cookies for the purpose of later
    restoring them without users' consent or knowledge. Although I
    emailed with many questions about re-spawning Flash cookies, user
    settings to control/delete these zombie cookies, and several other
    questions about Local Shared Objects (LSOs), Adobe did not reply
    to any of my questions.

        -The points here being that 1) the stealing of control
         of users' PCs is on purpose, commercial, and widespread
         (ah, the White House - now we feel better); and that 2)
         Adobe "condemns the practice", which whether or not
         they are CYAing points out that a user's installing the
         Flash binary opens his/her machine to code having
         capabilities *condemned by its own author*.

         (If that isn't a clear call for quarantining, what does it take?)