Long ago, after the earth cooled, the dinosaurs died, and DARPA invented the Web, someone cooked-up cookies. At first, they smelled so good...like grandma had just pulled them out of the oven, and she had let you watch her make them and lick the spoon. Now they were all gooey, hot, and new. Well, wake up and smell the coffee, cowboys and cowboyettes. These ain't your grandmother's cookies we're talkin' about.

Browser Cookies

The first cookies of any technological consequence were the browser cookies. These little bytes of bits stored mostly innocuous (This depends on how strictly you define the term.) information about a specific web site you visited. These bytes included some of your activity on the site: maybe the site you were on just before you got there, and your browser specifications, which almost always mentioned your platform specifics. Browser cookies were something convenient. They were chewy, delicious, and left a great taste in your mouth. They were n00bie ch0w in the vast vastness of the new interweb thingy and n00bs gobbled them up like a duck on a bug. You could return to a site weeks later and the cookie enabled the site to welcome you...like grandma...and made your experience much less scary than the one Hansel and Gretel had. Flash forward...

Flash™ Cookies

Onward to the recent future. (Remember my blog about how the future is long gone? We're now in the Post-future Era.)

Adobe invented Flash. Flash enables all kinds of cool stuff...for the folks on the other end of the cookie chain, that is. Often, you land on a site that requires you to install Flash. So, you install Flash, maybe a Flash plugin for your browser, and suddenly your Web experience changes in ways you never imagined before; in ways you couldn't have imagined, because they were unimaginable to most low-info web users...present readership excepted, of course. With Flash cookies, you can play videos, you can view motion graphics, you can now interact with the web, plus, your laundry comes out fresh and clean-smelling as an Alpine breeze.

Many web cerfers (Google it.) never knew/know that Flash cookies are the evil twin of the cookies you were enamored with in your tech youth. Flash cookies, aka LSO (Local Shared Object) scarf-up a whole lot more than where you've been, what you're doing, and what you like. Somehow, Flash cookies are able to look into your very soul and replicate your essence...the thing that makes you you, you know? It's hard to top Ben Nell, Senior Security Engineer at Foreground Security, when it comes to a succinct description, "Flash cookies were designed to track user preferences in Flash applications, and their adoption as a mechanism to keep tabs on our browsing behavior is recent enough that tools that many consumers rely on to clear their cache of advertisers' cookies aren't even looking for them." Let that sink in a moment. With Flash cookies, marketeers have a method to write a file on your computer, and that file contains more about you than you want to know, AND, those rascals hide them in the dark corners of your hard drive; places you never go; places you would never look. A most disturbing aspect of Flash cookies is that they can be shared (Local Shared Objects) to be used by just about any site that wants to use them. From a Popular Mechanics article by John Herrman, "The main problem here—that sites can store and maintain data and tracking cookies through your Flash plug-in, regardless of your browser's privacy settings—is something Adobe is aware of and says will soon be addressed. The latest version of Flash (10.1) already supports the private browsing features of browsers like Firefox and Internet Explorer, which prevent data from being stored locally when activated. Additionally, Adobe says, the company is working with "major browser vendors to develop effective approaches that allow users to control local storage in Flash Player directly from their browser privacy settings"—a fix that could eliminate this problem entirely."


Enter the answer to every marketeer's dream and every users' nightmare, the Evercookie. This tasty, Javascript API morsel that hides copies of itself in several, yea many, places on your computer. Delete an Evercookie (if you can find it), and it recreates itself. As a matter of fact, attempt to delete one and it will actively circumvent your efforts. Evercookies not only make my blood sugar rise, they bump my blood pressure up a few points, too. Lest I risk someone kicking my soap box out from under me, have a look at Evercookie. Follow the resource links. Be afraid. Be very afraid, but not so afraid that you fail to check back when, next time, we'll talk about Zombie Cookies.