Internet tracking via ‘zombie cookies’ may present a real danger

Halloween may be upon us, but the proliferation of “zombies” is not confined to your local theater or television. One of the biggest identity theft problems, in the news today, involves Flash cookies and “zombie” cookies. But to understand this problem, you first need to know the differences between the types of browser cookies.

What are tracking cookies?

Today, more than fifty percent of the top Internet sites employ Flash cookies. These are bits of software that are used to record website visits and other information. These sites include popular web marketing locations such as However, Flash cookies can even be found in unlikely locations such as the federal website, Yet, most online users are unfamiliar with Flash cookies.

To understand Flash cookies, you would need to first understand a standard tracking cookie. Most Internet users know that a standard tracking cookie is placed on your hard drive when you visit a website. This is especially true of websites that support a variety of commercial advertisers. For example, data can be obtained from a vendor site, search criteria that has been specified and various other Internet activities.

Standard tracking cookies can be removed by an individual’s Internet privacy control options. They can even be completely blocked. Although, there are some sites that will prohibit access to computers which are completely blocking cookies.

How are Flash cookies different?

Flash cookies, which were introduced in 2001, are quite different. This is mainly because they cannot be deleted from your computer since they are not stored there. Flash cookies are permanently stored in a remote database. This database is the property of Adobe, which is a San Francisco-based company. Adobe calls these Flash cookies “local shared objects” (LSOs). Identification and access is granted through Adobe’s popular Flash Player. This represents approximately 98% of computers, according to Adobe.

The potential issue with Flash cookies

Adobe has stated that their Flash cookies can help websites provide a more customized and personalized experience. In actuality, they can save credit card numbers, bank passwords and other key pieces of sensitive information. This makes it possible for the user to skip the step of typing in these numbers every time they visit the same website. Flash cookies can also store much larger bits of info than a standard tracking cookie, which is stored on your computer (about 25 times as much). This is designed to assist with graphics that may otherwise take a long time to download each time a site is re-visited.

However, the use of Flash cookies has been proven to assist vendors with their website tracking abilities in a very interesting manner. Flash cookies can be used to regenerate original standard, computer-stored tracking cookies. This can be done even after an individual has taken the time to delete them, thus bringing them “back from the dead”. Hence the name – “zombie cookies”. This boils down to a user being tracked, while believing that their privacy is being protected through the deletion of their cookies.

Repercussions of Flash and “zombie cookies”

Texas attorney Joseph Malley filed lawsuits against three companies for their use of Flash cookies to regenerate standard tracking cookies. The three companies named in the suit were: ClearspringQuantcast and Specificmedia. Joseph Malley is also the attorney who succeeded in winning a settlement form Facebook over privacy issues.

To be fair, Adobe Flash cookies will not allow information to be shared over different websites. This means that, for example, a pornography website is not allowed to access bank account website information. But this is not a guarantee against information misuse. Flash cookies can obviously be used for different things. The uses are dependent on the honesty of the programmer.

An example of this is that Flash cookies are often used for malicious purposes. These purposes can be for the installation of identity theft spyware and malware. The worst of these programs can track an individual’s every keystroke. This can lead directly to one’s identity being stolen. However, even at their most innocuous, they will invariably slow a computer down. This is why a technician will usually recommend deleting cookies when faced with a slow computer. There are also special programs that can specifically delete Flash cookies.

A telling remark can be found in a statement located on Adobe’s website:

“Like browser cookies, Flash Player local shared objects are used to create great Web experiences for users, but they might be misused by some advertisers and websites.”

Notify of
Inline Feedbacks
View all comments

Jump to:

Would love your thoughts, please comment.x