References - Re: Quarantining an account from the Internet, or from all networking?
Bill Sconce
sconce at in-spec-inc.com
Fri Aug 20 09:44:46 EDT 2010
I mentioned "Warner Bros." in my re-post. That may be current news today,
but to leave a cookie crumb for later (e.g. if/when a presentation on
this subject happens), here are wayback URLs/notes. These are far from
the only news stories about Flash; they just happened to be the ones
which were current when we were discussing quarantining here. Apology
for any repetitiveness. -b
http://www.wired.com/threatlevel/2010/07/zombie-cookies-lawsuit/
Privacy Lawsuit Targets Net Giants Over "Zombie" Cookies
[July 27, 2010]
A wide swath of the net's top websites, including MTV,
ESPN, MySpace, Hulu, ABC, NBC and Scribd, were sued in federal
court Friday on the grounds they violated federal computer
intrusion law by secretly using storage in Adobe's Flash
player to re-create cookies deleted by users.
At issue is technology from Quantcast, also targeted in the
lawsuit. Quantcast created Flash cookies that track users
across the web, and used them to re-create traditional browser
cookies that users deleted from their computers. These "zombie"
cookies came to light last year, after researchers at UC
Berkeley documented deleted browser cookies returning to life.
Quantcast quickly fixed the issue, calling it an unintended
consequence of trying to measure web traffic accurately.
-The point here being not whether Quantcast is CYAing;
it's that a user's installing the Flash binary opens
her/his machine to code having unknown capabilities,
resurrecting "zombie" cookies being one which got noticed
by researchers. The capabilities may not even have been
intended by Adobe (see below); all that matters is that
the binary provides them when it's installed.
http://www.networkworld.com/community/node/65207
The Audacity of Warner Brothers and Re-Spawning Zombie Cookies
A lawsuit alleges that companies "steal" private user information.
[August 18, 2010]
A Berkeley University research team published an academic study
titled, "Flash Cookies and Privacy." According to their research,
even if you opt-out from having a Flash cookie set, user's Flash
cookie preference is disregarded "as evidenced within the log
activity as retargeting.sol." This respawning activity happens
within five seconds! It's an interesting read; even Whitehouse.gov
showed up in the Flash cookie and tracking report.
According to this report (.pdf), Adobe condemns the practice of
Local Storage to back up browser cookies for the purpose of later
restoring them without users' consent or knowledge. Although I
emailed with many questions about re-spawning Flash cookies, user
settings to control/delete these zombie cookies, and several other
questions about Local Shared Objects (LSOs), Adobe did not reply
to any of my questions.
-The points here being that 1) the stealing of control
of users' PCs is on purpose, commercial, and widespread
(ah, the White House - now we feel better); and that 2)
Adobe "condemns the practice", which whether or not
they are CYAing points out that a user's installing the
Flash binary opens his/her machine to code having
capabilities *condemned by its own author*.
(If that isn't a clear call for quarantining, what does it take?)
More information about the gnhlug-discuss
mailing list