Class-action suit filed over self-reviving cookies
Monday, August 16, 2010
Most web-savvy folks presume that just about anything they do online will leave a trail somewhere, thanks to tracking “cookies” and other mechanisms embedded in software and websites. Still, when you kill a cookie, you expect the thing to stay dead.
But that doesn’t always happen, according to a class-action lawsuit filed against Clearspring Technologies Inc., and against several of the firm’s clients, including Disney, Warner Brothers and Demand Media. According to the lawsuit (the file is too big to load here), Clearspiring and its clients “hacked computers of millions of consumers …to plant rogue, cookie-like tracking code on users’ computers. With this tracking code, defendants circumvented users’ browser controls for managing web privacy and security.”
And they did it, the lawsuit alleges, by adding code to Flash software that would regenerate the cookies if the consumer deleted them. That wouldn’t be a problem if the cookies were, say, chocolate chip (imagine a jar that never empties). But in this case, the cookies track web activity without the web surfer knowing it.