Re: Client side storage: Flash storage used to preserve/recreate deleted cookies

On 30.08.2010 17:11, David Booth wrote:
> On Sun, 2010-08-29 at 16:35 -0400, Noah Mendelsohn wrote:
>> This article [1] suggests that at least some organizations are using Flash
>> client side storage to preserve and recreate browser cookies.  Not quite
>> sure what this is pertinent to TAG work on client-side storage, but it's at
>> least worth noting.
>>
>> Noah
>>
>> [1]
>> http://arstechnica.com/tech-policy/news/2010/08/ad-firm-sued-for-allegedly-re-creating-deleted-cookies.ars?utm_source=rss&utm_medium=rss&utm_campaign=rss
>
> Wow, that's a *major* privacy violation and security hole.  I'm
> surprised Adobe has not yet been sued about it, but perhaps the
> attorneys are going after the lower hanging fruit.
>
> And BTW, the whole idea of users having to use Adobe's web site to set
> the security controls on their own personal computer is completely
> absurd.  That aspect in and of itself is totally broken and would seem
> to me to be grounds for a lawsuit regardless of the other issues.

I think people rightfully expect that they can use their browser's 
privacy settings to clear collected data, be it in cookies, in HTML5 
local storage, in Silverlight Local Storage, or in Flash Client Side 
Storage.

To make this happen, an API is needed so that UAs can manage the date.

A proposal for that API has been made several months ago, see 
<https://wiki.mozilla.org/Plugins:ClearPrivacyData>, but unfortunately 
*both* UA implementers and plugin implementers are very very very slow 
in making this happen.

Just saying.

Best regards, Julian

Received on Monday, 30 August 2010 15:27:32 UTC