back to article Disney sued for spying on kids with 'zombie cookies'

Walt Disney's internet subsidiary and several of its partners have been sued for allegedly using cookies based on Adobe's Flash Player to track highly personal information about their users, many of whom were minors. The LSOs, or locally shared objects are better known as Flash Cookies, and their ability to gather detailed user …

COMMENTS

This topic is closed for new posts.
  1. Dan 55 Silver badge
    Megaphone

    There's a Firefox add-on for that...

    It's called BetterPrivacy. You can set it to delete flash cookies every time you exit the browser.

    1. adnim

      I just checked my LSO's

      and there were around 50. I have set BetterPrivacy to delete on exit... Why were they still there?

      No they weren't flash settings cookies, I have set Better Privacy to delete these too.

      I suggest those using this addon check the LSO manager.

    2. TimeMaster T
      Thumb Up

      Seamonkey

      works with Seamonkey too.

      (Seamonkey is a full web suite (Firefox+Thunderbird+HTML Composer) from Mozilla)

  2. Frederic Bloggs

    or just use the BetterPrivacy plugin

    Firefox users can use BetterPrivacy. This will automatically remove LSOs on exit as well as (say) two hours after last use.

  3. Chris Hatfield
    FAIL

    I hope Flash just dies

    I have ClicktoFlash installed on Safari, Flashblocker on Firefox.

    Safari now has extensions, you can get one called YouTube5 which loads HTML5 versions in place of the Flash.

    w.r.t this article, isn't it more likely the snot bags' parents were searching for depression stuff? I totally oppose what Disney has allegedly done, but it's absurd to sue them. They should sue Adobe for creating such a sucky platform.

    1. Anonymous Coward
      Boffin

      Apple Fanboi alert!, Apple Fanboi alert! , Apple Fanboi alert!

      Adobe didn't create FLASH, that was Macromedia. Adobe just bought Macromedia as Dreamweaver and Flash kept thumping every other platform on the Market.

      Believe it or not there was an Internet before the iPhone.

      1. Anomalous Cowherd Silver badge

        Huh?

        No mention of Apple in the article and no mention in the comments, until you turned up. Would be nice if we could go a whole story without them being mentioned. Just once.

    2. Cameron Colley

      Googlebashing much?

      "I totally oppose what Raoul Moat has allegedly done, but it was absurd to shoot him. They should have shot the manufacturer for making the gun he used."

      Adobe may be guilty of creating a "sucky platform", but that doesn't excuse its use in an immoral and illegal way.

    3. James Hughes 1

      Can't sue Abode

      They didn't do anything wrong. It was the companies using the tools who allegedly did the badness.

      Can you sue Microsoft for what people write in Word? Can you sue gunmakers because their products are used to kill people? Can you sue Ford because someone was knocked over by one? Nope.

    4. Anonymous Coward
      Anonymous Coward

      I suggest you look here

      ~/Library/Preferences/Macromedia/

  4. Sergie Kaponitovicz
    Big Brother

    Better Privacy add-on + Firefox

    Half an answer: The BetterPrivacy add-on for Firefox does a good job of removing these nasty files, but so far I haven't found a way to block them without blocking all cookies, some of which may be needed for full functionality of a visited site. Also some sol files are desirable (e.g. Skype settings), so this add-on does require some thought in how it is configured.

  5. Ole Juul

    Children's consent

    One of the hallmarks of understanding proper adult interaction with children is understanding consent. Children simply don't have the experience to be able to give it because they don't understand the implications of what they (or the adult) are doing. This puts the adult in a position of responsibility. I wonder if Disney has considered this. Is it even legal for someone other than a child's parents to track their online behaviour? It seems to me that one should get the parent's permission first.

    My thought is that if you are going to use tracking cookies, then you need to have a consenting age form upon entry. Perhaps there should also be the ability for parents to filter these "cookie" sites.

    1. Alan Barnard
      Coat

      Between a rock and a hard place

      Children simply don't have the experience to be able to give understanding consent. Parents barely understand how to work a computer.

  6. DrXym

    Adobe have a lot to answer for this

    The current situation was entirely predictable and entirely avoidable.

    People don't know about shared objects because there is no integration between flash and the browser to control them. So some sites abuse this lack of knowledge to reinstate cookies from shared objects.

    Flash does have a settings page but it is very badly arranged (it has a microscopic, non resizable panel where people might be expected to manage hundreds of shared objects) and has very poor privacy controls. If Adobe want to stop this kind of crap happening, there are several obvious choices -

    a) Provide APIs that allow browsers (or extensions to browsers) to control Flash settings, drill into shared objects etc.. Adobe could even write their own extension that did just that.

    b) Radically revamp their existing settings page making it each for people to manage their data, set their privacy settings etc. This settings page should be task centric and resizable rather than a pissy little panel.

    c) Work with NPAPI stakeholders to define a mechanism for the browser to manage shared objects. Let shared objects pass through the same security & rules for expiration & deletion as regular cookies.

  7. Anonymous Coward
    Anonymous Coward

    Deleting Flash Now

    I've used flash blockers but now I'm taking the whole plunge.

    Wish me luck!

    1. BristolBachelor Gold badge
      Thumb Up

      Deleting flash

      I used to use flash blockers, but they aren't (or weren't) that good. One still loaded the flash, and even then let it run a little before staopping it. That one and another let the web page discover that I had flash, meaning that I didn't get redirected to the non-flash site.

      Now I have 2 browsers. One that I use for almost everything and doesn't have flash installed. The other has Flash installed and I never use it unless I really want to use a site that needs flash. This works much better for me.

      But I'm still waiting for the death of flash caused by the iphone / ipad brigade.

    2. FARfetched
      Thumb Up

      Best of luck to you!

      The more my iPad demands I use it, the less I miss Flash anyway. I already have a Flashblocker on my work computer, putting one on my home computer is the next step (and that will make the Facebook-using hangers-on complain, oh well).

    3. Aaron 10
      Jobs Halo

      Flash Gordon

      Unfortunately, many websites won't allow you to visit without Flash installed. I tried the whole "f--- Flash" and deleting the plugin, but found my browsing was severely hampered. Stick with FlashBlock.

      1. LaeMing
        Megaphone

        my attitude is the opposite.

        If they (or their advertisers) want my eyeball-time, they provide a flash-free version of their site. My PC is for *my* convenience, not theirs!

  8. JaitcH
    Unhappy

    Where, oh where, has the Disney of our ...

    youth gone?

    Bambi, Cinderella. Akela, Wendy or Donald would never have approved of these tricks.

    1. Anonymous Coward
      Anonymous Coward

      You do know...?

      You know that the employees of Walt Disney used to call the place Mousewitz, don't you? Walt himself was a domineering authoritarian, and the company always kept an eye on every little thing going on in the company.

      This is par for the course....

      1. Anonymous Coward
        Happy

        In the the story I heard..

        The management stopped them calling it Mouswitz so they just started calling it Duckau instead.

        I've no idea whether it's true but it still makes me smile anyway.

    2. Blain Hamon

      Someone hasn't seen the SNL skit

      http://www.hulu.com/watch/1521/saturday-night-live-disney-vault-vt

      (Hopefully that can be seen across the pond) Okay, most of it was fake, but the HUAC bit was real, where he claimed various animators who were striking for better pay and unions were communists.

      http://filmtv.eserver.org/disney-huac-testimony.txt

    3. LaeMing
      Flame

      And remember the lemmings didn't jump, they were pushed!

      By a guy just out of shot with a big broom.

      The Disney-of-our-youth was a big violator of humaine treatment of animals in order to get all those cutsey wounded-wildcreature-makes-good stories.

  9. Deadly_NZ

    They have a settings page???

    Where oh where do they fucking hide that????

    1. Al Jones

      The title is required, and must contain letters and/or digits.

      http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager02.html

  10. Anonymous Coward
    Anonymous Coward

    FYI

    Firefox users can install an extension called "better privacy", which can manage flash supercookies, and add them to the list of things that the browser can clear as "private date" etc.. It's very effective. Doubtless there are things for users of other browsers- including external apps to sweep them from disk. A quick google will probably see you right. It's not rocket surgery to control it, though it's a shame that one must be constantly on the defensive to avoid Bad Things being done by supposedly reputable companies.

    Letting things set whatever the hell they like, and then delete all private data on startup/shutdown seems to keep all these tracking cookies at bay.

  11. Anonymous Coward
    Boffin

    Flash Settings Panel

    ''...makes it easy to manage and delete the new-fangled cookies.''

    That would be here then (direct link to your own Flash settings)

    http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html

  12. Anonymous Coward
    Stop

    BetterPrivacy 1.48.3

    https://addons.mozilla.org/en-US/firefox/addon/6623/

  13. Andy H
    Go

    Useful site

    Manage Cookies here...

    http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager.html

  14. Anonymous Coward
    Unhappy

    Walks like a duck and talks like a duck - must be a tracking cookie

    Having recently purchased a birthday present for my wife of the black & lacy variety.

    I now find a lot of websites I and my daughters visit presenting adverts for other black lacy things and sometimes red! Not really what I wanted my pre-teenage daughters seeing.

    adsense - I don't remember inviting you into my fantasy!

    1. Anonymous Coward
      Stop

      If I had pre-teenage daughters...

      ...and I let them browse the web, then I'd certainly have an ad-blocker installed. Partly to prevent such issues, but largely because I've seen a lot of inappropriate ads in unexpected places!

    2. Alan Barnard
      Alert

      Re: black lacy things

      Surely your daughters have their own accounts and do not share yours.

      1. Anonymous Coward
        FAIL

        My daughters access to the internet is supervised

        Why should they need their own accounts to go on eBay?

        I think the addition of a ad blocker is a much better idea.

  15. Anonymous Coward
    WTF?

    Adobe's stand point....

    "“condemns the practice of using Local Storage to back up browser cookies for the purpose of restoring them later without user knowledge and express consent.” "

    Well stop it happening. You write the code, you prevent it happening. FFS talk about shirking responsability.

  16. mzilikazi
    Linux

    What flash cookies?

    cd ~/.macromedia

    rm -f Flash_Player

    ln -s /dev/null Flash_Player

  17. Circadian
    Flame

    Adobe's customers...

    ...are not you. Adobe write their software and utilities for the advertisers and web-sites that want to rape your privacy, so it is any wonder that any tools provided by them for *you* to be able to control this behaviour are obtuse and under-powered?

    1. LaeMing
      Thumb Up

      exactly

      Flash Player is free, so you take what you get.

      Flash dev. tool users are the ones paying so get what they want.

  18. heyrick Silver badge

    Local storage

    Set the allowed amount of local storage to zero, and Flash will ask you for permission every time. BBC news videos prompt five or six times before getting going. It's a bit annoying, but at least I can say eff-off.

  19. Anonymous Coward
    Anonymous Coward

    you can stop flash cookies without browser extensions

    Just change the folder permissions to prevent Flash from accessing/reading the sharedObjects directory. Useful directions here:

    http://designpeo.pl/e/blog/preventingblocking-tracking-through-flash-cookies

    1. LaeMing
      Thumb Up

      Good idea

      You could even let the sites you do want cookies from (for ,say, viewing prefs) set their cookies before locking down the folder. Or just manually unlock it breifly on the rare occasions you feel the site will give value to you from setting a cookie.

      While I largely ignore flash, I have web-cookie approval set to manual and never cease to be amazed by how many sites want to set a cookie despite there being absolutely nothing user-preference related on them.

  20. RW
    Unhappy

    But what's the point of tracking?

    I have a privately held opinion [*] that the marketers are delusional when they think their snooping on browsing can be used to sell things to us masses. Being professional liars, they lie to their clients as often as they do to potential customers, and the efficacy of browse-tracking is one of the bigger lies.

    Something like the music business, the marketing business impresses me as having a dead/dying business model they are desperately trying to keep afloat.

    The real use of tracking cookies (and other such features) is to facilitate simple snooping by employers, police, and other do-gooder (sometimes do-badder) busybodies who do not understand the word "private".

    [*] No doubt my privately held opinion is on record with Google.

  21. Mark C Casey

    But..

    Adobe: “condemns the practice of using Local Storage to back up browser cookies for the purpose of restoring them later without user knowledge and express consent.”... "But it makes us money, so we'll give lip service to privacy but really not care because we don't want to take away a potential money source of people buying flash tools."

    The best tool around to get rid of them is the Firefox addon BetterPrivacy, got it configured to automatically delete all flash cookies after I close Firefox. Apple Safari, Google Chrome etc can hark on all they like about speed but Firefox has the best overall browsing experience with all the best addons.

  22. Nigel 11
    Thumb Down

    Killing the goose?

    The more I read the more I am starting to think that I should employ a completely stateless browser. There's a goodly set of browser appliances for use with VMware player, including good old Firefox at http://www.vmware.com/appliances/directory/507083, or I can play a live CD ISO image.

    Clone a VM, browse, nuke it. Shouldn't slow me down much with a decent PC.

    Do the guys that spy on us know about killing the goose that lays the golden eggs?

  23. dssf
    Thumb Up

    Tips I like and have been using before

    "you can stop flash cookies without browser extensions #

    Posted Tuesday 17th August 2010 14:54 GMT

    Just change the folder permissions to prevent Flash from accessing/reading the sharedObjects directory. Useful directions here:

    http://designpeo.pl/e/blog/preventingblocking-tracking-through-flash-cookies"

    That's what i did. I also use Better Privacy. I have it set crazily to block on finding, on close, and periodically. As for the linking to a dev null path, i haven't done that yet...

  24. kaos2056

    The best part

    The best part is the disney vacation website being advertised on the bottom of the page... brilliant!

  25. Anonymous Coward
    Anonymous Coward

    OMG Paedocookies!

    Ban this sick filth!

    Story not interesting enough? throw in an innocent child or two to spice things up.

    You make it sound like other websites have some kind of magic technology that prevents these LSOs getting on children's computers.

This topic is closed for new posts.