Beware of Flash Cookies – Unless You Are An Advertiser!

  |   jim's digital lab

Most people who’ve used the Internet long enough have become fairly proficient at knowing how to flush cookie code snippets from their browser files. And, most also know how to delete browsing “history” which shows the sites you’ve recently visited. Keeping your cookie and history codes purged is not a bad practice because of various privacy issues that some Internet users take more seriously than others. I set my own browser to flush cookies and history at the end of each browser session…I think that’s just good practice.

But, there is a far more pervasive tracking technology now being used by many companies on the web, and it is this particular technique that you may wish to know more about. The reason you should know more about it (as an Internet user if not as a company selling products & services on the web) is that “flushing browser cookies” does not remove these small tracking code files because they are stored in a different place on your computer. More on that later.

We are seeing some very aggressive new ways that resellers are tracking consumer presence on the web using, among other methods, a technique called Local Shared Objects, or more frequently called flash cookies. The term ‘local shared object’ suggests that some local object (in this case…a code snippet of text/data) is placed on your local computer and is “shared” as you surf the web. These flash cookies work in much the same way as the more common browser cookies…but, they provide a more proactive way for businesses to interact with web site visitors who come back frequently (such a preventing you from having to log-in with a user name or password every time you return). But, a more aggressive version of LSO’s are third-party flash cookies, and those can follow you around the web.

My wife mentioned a recent experience that is very telling about these new techniques, and I’ll share it here. She visited a site called to look at buying some shoes online. She did look at several web pages on the site and checked out a a couple of shoe brands and the pricing, but did not end up buying anything or providing any registration information whatsoever.

She then went to several other websites she frequently visits relating to news, politics and Hollywood goings-on. Low and behold, she saw banner ads from for the very same shoes she read about on the retailer’s website. She thought it a bit spooky and wanted to know how they did that.

In short, and other websites embed a small piece of code on your personal computer relating to the individual product pages you visited. Through advertising placement agreements with other websites, the moment you open a web page at, say, a banner with embedded feed code sniffs for the LSO cookie on your computer. If it finds it, it can instantly load a banner showing the same product you looked for at the original website.

This technology is completely legal and violates no privacy issues (in the U.S. at least). In fact, most “privacy policies” buried deep on many websites specifically mention specialized code that will be placed on your computer to track your web movements so that personalized ads can be delivered directly to you when visiting other web sites on the Internet.

There is a move afoot in Congress to restrict such technologies, or at the very least to give consumers a way to “opt out” of this apparent invasion of your privacy as you use the Internet. Both Internet Explorer and Firefox are going to provide filtering options to help protect your privacy. If you’ve ever signed up for the “Do Not Call” registry to reduce those dinner-time phone pitches, then you get the gist of what some personal privacy advocates are trying to legislate on the Internet. Whether this is a good or bad thing is beyond the scope of this post…but, let me suggest that “choice” is a preferable way to treat customers or potential customers. Opt-in vs. forcing your customers to Opt-out (the so-called negative option) is a choice that business owners in the golf industry may have to ultimately make.

Some websites are now using a newer technique from Quantcast called “p” codes (short for Pixel Codes) that embeds a 1×1 pixel code that follows you around the web. It continually feeds back the websites you visited to a host site through “beacons,” and that surfing history can create an implied user profile based on the sites you visit most often. These are not exact demographic/psychographic profiles because they are statistically imputed based on a matrix of website assumptions. So, if a “p” code is embedded on my machine by a website, and I proceed to visit,,, and, the implication is that I’m probably a male, probably 25-54, probably a sports fanatic with a keen interest in golf. That profile is then assigned to me (or, more accurately, to my computer), and various golf- or sports-related ads will be served up as I visit other sites on the Internet.

There are some anti-privacy advocates who say…”hey, if you have nothing to hide why do you care what companies know about your web surfing habits?” They will also suggest that serving up advertisements specific to your personal interests (based on the cumulative effect of your profile gathered through tracking code) is a “service” to you as an Internet user. I’ll let you decide the method that you as a business person may wish to employ, but keep in mind that those same techniques can be used ON you as an Internet user, too!

Removing Flash Cookies

FlashCookiePageAs I mentioned earlier, flushing browser cookies does not usually remove flash cookies because they are stored elsewhere on your computer. There is an add-in for the Firefox browser which addresses this issue, but typical browser configurations do not delete flash cookies. However, Adobe (which owns Flash), offers a way to remove flash cookies and to set preferences for their future use on your computer.

Click the image to the left or visit this site if you are interested in seeing what Flash cookies may already sit on your machine, and then decide on whether you wan to remove them, edit your preferences or block them entirely.

Computers have become the most important technology innovation in my lifetime, and I can’t imagine having to go a single day here at Communication Links, or in my home office, without using one. But, there is a dark side to everything, and the methods that some advertisers employ to get in front of your eyeballs as a consumer borders on an invasion of your privacy. As long as you understand the implications of both the upside and the downside of these technologies, then consumers will remain in the drivers seat…where they rightfully belong.