Mississippi woman claims local companies tracked her every move online
A Mississippi woman charges Boston and Cambridge companies conspired with AOL to figure out how to track consumers online even if they turned all their cookies off and has, of course, sued them.
In a lawsuit filed yesterday in US District Court in Boston, Sandra Person Burns charges Brightcove of Cambridge and ScanScout of Boston figured out a way to use Flash on her computer to track her Web activity for year. She is seeking to become the lead plaintiff in a class-action suit against the two companies and AOL, which uses their platforms. The suit claims damages of more than $5 million.
Defendants commandeered Plaintiff's computer, repurposing its software and using her computer storage and her Internet connection to bypass her browser controls. Defendants created a shadow tracking system on her computer, effectively decommissioning the browser cookie controls she had explicitly set. Defendants did so repeatedly, for years, for a significant part of Plaintiff's Web-browsing, and did likewise to millions of consumers, for years.
Brightcove runs servers and software that let companies post videos online. ScanScout provides a platform for embedding ads in those videos.
In her complaint, Hinds said she would delete all her cookies and browsing history at least five times a week. She said she realized something was odd after a trip to a local supermarket:
Last summer, Plaintiff bought chair pads for her kitchen chairs while shopping at a large chain grocery store. At a self-service checkout kiosk, she swiped her store loyalty card and paid for the chair pads with a credit card and also swiped her store loyalty card. Shortly after Plaintiff returned home with her purchase, she checked her e-mail. She was very surprised to receive a Web-enabled e-mail message containing an advertisement from an online merchant for the same chair pads she had just bought.
Plaintiff subsequently discovered that, despite her use of browser controls, Defendants had been tracking her online activities and had stored a number of files on her computer.
The files Defendants stored on her computer were not browser cookies. They were Adobe Flash Local Stored Objects (LSOs).
Ad:
Comments
Headslap
So, she's paranoid about being tracked online...but then this:
Moron. They don't give you the loyalty card because they want to reward you with savings. Do you also think your credit card company doesn't sell information about you or your purchasing habits?
Also, the only way Flash is going to take down your information is if you give it to the player. It's not like Brightcove can know anything more about you other than your computer visited websites where it had a player installed. Brightcove has no idea she went out and bought those chair pads.
Yeah, I love people like this
When I worked at a bookstore, we'd ask if people wanted to join our buyers' club and sign up for email newsletters, and they'd snap that they don't give out personal information. Then hand over the credit card to pay. In a way, you have to admire their dedication to stubborness and determined inconsistency.
Buyer's clubs/store discount
Buyer's clubs/store discount cards are annoying.
There are easy, legal ways to use credit cards such that stores don't get any of your personal information, including your name.
Wrong wrong wrong wrong
Wrong wrong wrong wrong wrongwrongwrongwrongwrong.
With the loyalty card, she gave, if not explicit, at least implicit permission to have her purchases tracked in order to receive lower prices.
Not so much when a something on a random webpage follows you around in direct opposition of how you set your computer up to run.
Cripes.
Why?
Websites have "terms of use" which allow them to track you if you want to use their website (ever read some of the nonsense in the TOU of websites...they are insidious). Now, it's possible that the implicit agreement that you make with the website owner when you use his website per the terms of use is an illegal one...but that's not at question here.
If you don't like what the random webpage is doing...stop going to the random webpage. It's like she put on a latex glove and stuck her hand in a snake nest...repeatedly...and wants compensation for them biting her. That's just stupid on its face and doesn't even get into how unrelated her "proof" is of this offense.
In her defense, LSOs are a
In her defense, LSOs are a really nasty piece of work, and can be exploited to create tracking data that can't be removed by anything less than a utility dedicated to the task. Reasonably tech-savvy users are vulnerable to this, and it's a pretty scummy business practice that I'd like to see extinguished before it's suddenly everywhere.
Note the final comment
The final comment from the author of evercookie says it all: "private browsing" stops all evercookie methods. Also, nobody says you have to browse with Flash installed. Use Safari on an iPhone/iPodTouch/iPad and you'll see how much you can do without Flash...it's pretty unlimited (worst I've found are actually restaurant websites that try to get too fancy and don't offer a mobile/text-based alternative). And because of the iOS products gaining market traction, Flash is becoming *less* prevalent (Google pushing for HTML5 to replace Flash is also helping).
just to be clear
Kamkar said that the evercookie app is blocked when using 'private browsing' on the Safari browser. Other browsers may not do as thorough a job. Fwiw, I believe that by using Firefox's NoScript add-on and the LittleSnitch system utility, I achieve similar results to evercookie.
And also, you are being awfully quick to assume that BrightCove and ScanScout's use of zombie cookies is legit - both under the TOSes that the plaintiff agreed to, and also under the agreements BC and SS must be party to in order to develop their own sw. For example, if they (or their clients) did not offer an explicit opt-out path for this user, then under some fed and states' law, they are in violation of her consumer rights - regardless of what the TOS says. Ditto for sharing or accumulating personal data with third parties unless they have an explicit arrangement to do so.
The lawyer who is prosecuting this case is the same fellow who went after Netflix and Facebook for inadequately anonymizing their shared user data - and negotiated something like a $10million settlement that also required they pull their 'Beacon' program. Clearly, the small local tech companies are not the real objects of this suit. Both SS and BC are, I believe, stalking horses for Quantcast - who have been caught doing this sort of thing before. Quantcast and a host of their high profile media company clients (MTV/Viacom, ESPN, Hulu, etc) are named in the suit.
Don't get me wrong
I'm not a defender of Quantcast, Brightcove, or ScanScout (I find all 3 pretty reprehensible even before this lawsuit) or any of the media companies that harvest user info like it's going out of style.
I just think he's hitched his saddle to the wrong horse on this one.
Hell, this woman still used AOL to connect to the internet! You're going to use her as a prime example of someone who went out of her way to try and privately browse the internet? Good luck with that.
It's a *class* action suit
As lead plaintiff, she's supposed to be typical, not exceptional. In this case, that means someone who's acted in a manner that the court would find was reasonable for a typical inet user concerned about being consumo-tracked, and who can show harm from the defendents' conduct.
Is AOL any more or less secure than other online services? Could be argued either way. Are AOL users still numerous to be "typical"? I think that's far easier to substantiate. AOL's share of inet users has been on the decline for years, but it still accounts for about 1 in 30 active browsers, and almost 1 in 4 of all web-based email accounts.
So, just what "harm" to the defendants occurred
here that justifies the $5 million damages claim?
Yah, web tracking is a scummy practice. But unless any of these people were victims of identify theft or other cyber-crimes as a result of this tracking, it sounds like another frivilous lawsuit to me.
Too many unwanted e-mails? That's what the 'delete' button is for. Better still, most e-mail systems will allow you to tag messages as spam so you never have to see them at all. Hardly a $5 million inconvenience if you ask me.
Doesn't work that way
Various courts in the states and federal level have determined that both access to a consumer and their personal information is something that has value in and of itself, and can be considered the property of the consumer. Similar to the rationale behind the creation of do-not-call lists.
Utility really necessary?
You can't just to in and delete the folder containing the items? Just wondering.
Not necessarily
Depending on which platform you are using, the Flash et al "zombie cookies" may be stored in multiple locations, some of which will not be visible/modifiable by non-admin users.
The simplest way to cut off the use of these Flash cookies is to use the Adobe's Global Privacy Settings page, which will actually allow you - through the control panel displayed on that page, to modify which sites get to use Flash to store info on your computer.
Here's that page:
http://www.macromedia.com/support/documentation/en...
p.s. adam - the [url] embed tag does not appear to be working!
Thanks Jeff...
..I also had problems with that url thingy the other day but thought it was due to my own incompetence.
Adobe's Global Privacy Settings page stores its settings where?
Remind me again where Adobe stores its global privacy setting?
Inside the flash player config files
The exact files depend on the platform and version of flash you have installed. But in any case, the info is not stored in human-readable form, so it's not like you can open it up and learn anything useful from it. Deleting it would just render your flash player inopperable - better to use Adobe's uninstall app and get rid of all of the associated files, if that's what you're after.
Using Adobe's web control panel is the best (ie only) way to review and alter these settings for your flash player.