A new battle is being waged in the online targeting wars. Privacy specialist Joseph Malley filed three lawsuits this month against online ad serving companies that use something called “zombie cookies.” Defendants include brands like MTV, Disney and Quantcast.
And while the practice might not be widespread, it could be another blow against Adobe, since it involves advertisers using Flash to track consumers, even after they have deleted their cookies.
The latest suit was filed last week against Specificmedia, one of the largest tracking and ad serving companies online. It’s a class action suit that seeks upwards of $5 million in damages. This past summer, Malley filed suits against Quantcast and Clearspring Technologies. Organizations ranging from Disney and Demand Media to NBC and ABC have partnered with these companies to reach consumers.
Considering Malley’s track record with privacy cases, the use of “zombie cookies” could be short lived.
Mailey is the same attorney who filed the privacy suit against online
tracking company NebuAd that practically put the company out of
business and won a $9.5 million settlement from Facebook over its ill-fated Beacon program.
Many of the defendants use Flash to track consumers, which is problematic because consumers are often unaware that Flash cookies persist even after browser cookies have been deleted. As I’ve written before, the effectiveness of Flash cookies is mostly dependent on users’ ignorance of their existence. That practice can’t work forever, and according to Malley, companies that use Flash cookies to track users against their knowledge are “in complete violation of federal
privacy and computer security laws.”
Beyond that, there’s this issue of “respawning.” According to Wired:
“Several services even use the surreptitious data storage to
reinstate traditional cookies that a user deleted, which is called ‘re-spawning’ in homage to video games where players come back to life
even after being ‘killed,’ the report found. So even if a user gets rid
of a website’s tracking cookie, that cookie’s unique ID will be
assigned back to a new cookie again using the Flash data as the ‘backup.'”
For what it’s worth, Adobe condemns such practices. Adobe chief privacy officer MeMe Jacobs Rasmussen told the FTC in February:
believes it is important to get a better understanding of the landscape
in order to have a basis to decide on the range of ‘bad’ and ‘good’
uses of [Flash] storage, and whether there are any actions that
companies that own these technologies can take to address those
If Adobe manages to distance itself from these respawning practices, a
win by Malley could be good for the company in this case. But it could be an uphill climb. Already, Flash has
come under fire in the mobile sphere because of Apple’s issues with it.
As more developers build mobile focused content, Flash could start to
fall out of favor for multimedia content. Add to that some
privacy concerns from advertisers and consumers and Adobe could really
start to have a problem on its hands.