A
complaint filed last week in California alleges that several companies
including Disney, Warner Bros. Records, Ustream and others have installed
illegal codes on millions of computers with the purpose of tracking online
activity. At the center of the suit, which seeks class action status, are the
so-called Flash cookies. Technically known as Local Shared Objects (LSO), these
are used by Flash-based applications to store preferences, cache files or save
state and temp data, all methods of improving user experience. However,
security experts and researchers have warned that this feature can be misused
to store tracking cookies and even re-create them if they are intentionally
deleted from the browser. This is exactly what the companies referred to
collectively as “Clearspring Flash Cookie Affiliates” in the complaint are
accused of doing, thus affecting the visitors to their respective Web sites.
The defendants are Clearspring Technologies, the company developing Flash-based
technologies and its customers, which include Walt Disney Internet Group,
Demand Media, Project Playlist, Soapnet, SodaHead, Ustream and Warner Bros.
Records. “Defendants Clearspring Flash Cookie Affiliates acted with Defendant
Clearspring, independently of one another, and hacked the computers of millions
of consumers’ computers to plant rogue, cookie-like tracking code on users’
computers. With this tracking code, Defendants circumvented users’ browser
controls for managing web privacy and security,” the complaint reads. Unlike
regular cookies, which are governed by the browser’s Same-Origin policy, making
it possible only for their creator to access them, Flash cookies can be read by
any Web site. This allowed Clearspring to build visitor profiles and sell the
data to advertisers.