A number of high profile companies, including Disney and Warner Brothers, are being sued in the US for using a company that allegedly tracks the online activity of web users illegally.
The complaint, filed last week in California, alleges that Disney, Warner Bros. Records, Ustream and others have installed illegal codes on millions of computers with the purpose of tracking the online activity of their owners.
The defendants are Clearspring Technologies, the company developing Flash-based technologies and its customers, which include Walt Disney Internet Group, Demand Media, Project Playlist, Soapnet, SodaHead, Ustream and Warner Bros. Records.
At the center of the suit, which seeks Class action status, are the so-called Flash cookies.
Technically known as Local Shared Objects (LSO), these are normally used by Flash-based applications to store preferences, cache files or save state and temp data, all methods of improving user experience.
However, security experts and researchers have warned since a couple of years ago, that this feature can be misused to store tracking cookies and even re-create them if they are intentionally deleted from the browser.
“Defendants Clearspring Flash Cookie Affiliates acted with Defendant Clearspring, independently of one another, and hacked the computers of millions of consumers’ computers to plant rogue, cookie-like tracking code on users’ computers. With this tracking code, Defendants circumvented users’ browser controls for managing web privacy and security,” the complaint reads.
Unlike regular cookies, which are governed by the browser’s Same-Origin policy, making it possible only for their creator to access them, Flash cookies can be read by any website. This allowed Clearspring to build visitor profiles and sell the data to advertisers.
According to the complaint, the collected information could have been used to determine “users’ video viewing choices and personal characteristics such as gender, age, race, number of children, education level, geographic location, and household income, what the web user looked at and what he/she bought, the materials he/she read, details about his/her financial situation, his/her sexual preference, his/her name, home address, e-mail address and telephone number, and even more specific information like health conditions, such as depression.”
Get Netimperative updates on Twitter