I don’t concern myself too much with browser cookies, because I’m pretty conservative in my browsing habits. I spend most of my browsing time at legitimate news sites and blogs–I don’t care if the Denver Post or Project Gutenberg leaves footprints behind on my browser and my hosts file blocks most of the sites that like to drop tracking cookies. Also, since I moved to Linux, I’ve drifted away from alt.comp.virus, where the discussion is not limited strictly to viruses, but may address to any form of possible security issues (maybe I’ll resubscribe).
Consequently, I had not heard of “zombie cookies” until I saw this story on the BBC website; a privacy activist has filed a lawsuit against a number of websites, including Hulu and MySpace, for using a type of Flash-based cookie that can recreate itself after being deleted:
. . . the lawsuit, brought about by US privacy activist Joseph Malley, states that the practice of re-creating deleted cookies continues and that users were “victims of unfair, deceptive, and unlawful business practices” and “their privacy, financial interests, and computer security rights were violated”.
Graham Cluley of Sophos thinks the motivation may not necessarily be sinister. He points out that Flash cookies don’t act like regular cookies. From the BBC:
While traditional browser cookies can be deleted from a users computer, either through an automatic purge or manual removal, the security settings for Flash are hosted on Adobe’s own website, rather than your own computer.
Mr Cluley said that these settings are changed by logging onto Adobe’s website, right-clicking on a Flash object and selecting “Global Settings” and then adjusting the security settings via the “Global Privacy Settings” panel.
“It would be unfair to say that the companies running the websites are at fault, in my opinion,” he said.
“Surely if they are guilty then so are the web users who chose to run Flash with these settings, and Adobe themselves who chose such a peculiar and downright odd way to configure their software.”
The BBC story links to an abstract of the study that led to the term, “zombie cookies.”