-------------------------------------------------------------------- Flash Player Worries Privacy Advocates
Macromedia's Flash media player is raising concerns among privacy advocates for its little-known ability to store computer users' personal information and assign a unique identifier to their machines. By Michael Cohn InternetWeek April 15, 2005 06:22 PM Macromedia's Flash media player is raising concerns among privacy advocates for its little-known ability to store computer users' personal information and assign a unique identifier to their machines. "A lot of media players come with identifiers embedded in them to track content usage and digital rights management," Chris Hoofnagle, director of the Electronic Privacy Information Center's West Coast office, said. "With respect to Windows Media Player and now the Macromedia player, we're realizing that the media players themselves are creating privacy risks." Flash, popular for its ability to play animation and video clips, employs a technology known as local shared objects to save up to 100KB of information on users' hard drives. By assigning a unique identifier to a computer and preserving it in the space for the local shared object, a website can recognize that someone has already visited the site, and advertisers can use the information to determine that a visitor has previously viewed an ad. Websites that require users to fill out personal information can also associate that data with the identifier. Macromedia does not view its software as a threat to user privacy. "The Flash player by its nature doesn't by default gather any information," Jeff Whatcott, vice president of product management at Macromedia, said. " We designed that technology from the beginning to make sure that (computer) users are always in control of their key information." Macromedia provides instructions on its website for how to disable local shared objects on an individual site or all sites, delete data that is already stored locally, and set the maximum space allowed for storage. Unfortunately, most Flash users are unaware that the player is storing any information about them at all and are unlikely to see these instructions or understand how to follow them. "It's really confusing to opt out of Macromedia," Hoofnagle said. "It just goes on and on with all these different preferences. I got frustrated with it and took Flash off my computer altogether. That seemed an easier thing to do." Flash isn't the only content player with privacy problems. "Most media players have the capability to monitor what files you play and report that information, as part of a general industry trend toward digital rights management, so a user's consumption can be monitored," Kevin Bankston, an attorney with the Electronic Frontier Foundation, said. "As a civil liberties attorney, that is obviously concerning." Macromedia emphasized that Flash only stores personal information if computer users elect to fill in the information on a website. "It only knows information that the users provide," Whatcott said. "It can't dig around and gather information." Even then, the information is only available to that specific website and is not readily accessible by other websites or rogue software, Whatcott said. Flash stores the information in a random location that can't be easily predicted. While websites are supposed to safeguard the personal information they gather according to the dictates of their privacy policies, many sites, nevertheless, share customer information widely. "Sharing is reasonably pervasive," Terry Golesworthy, president of the Customer Respect Group, said. "Not everybody does it, but there's a reasonable amount of sharing that does go on." Of the 700 to 800 organizations monitored by CRG, 80 percent of the larger organizations that collect data share it within the same company, a practice the organization believes is not a threat to consumers. "The area that concerns us most is sharing it with business partners and other companies," Golesworthy said. "About a quarter are sharing the data outside their organizations." Golesworthy points out that it is increasingly difficult for users to exercise control over their personal information, or to delete it once a website has it. "Flash does collect a lot of data and it's stored on corporate systems," he said. "About 40 percent of companies don't give you good options to control your own data, delete it, edit it, or say you don't want it collected. Seventeen percent give you control. In between are the gray areas." According to the European Union's Data Protection Act, U.S. websites are deemed an unsafe place to provide data. Macromedia says it doesn't support the use of Flash to collect personal data without the consent of computer users, and criticized technology that uses local shared objects to preserve cookie information that users delete. United Virtualities, for example, is a marketing technology vendor that has been leveraging Flash to back up cookies and restore them even after a web surfer deletes them. Lately, Macromedia has been discussing with browser vendors the creation of a unified privacy and cookie management capability that would be common across browsers and Flash players. Until that happens, users may want to check their settings the next time they visit a Flash-enabled site. To access them, right-click on any Flash video and choose the Settings and then Advanced Settings options. -------------------------------------------------------------- Best A. Mani -- A. Mani Member, Cal. Math. Soc _______________________________________________ ilugd mailinglist -- ilugd@lists.linux-delhi.org http://frodo.hserus.net/mailman/listinfo/ilugd Archives at: http://news.gmane.org/gmane.user-groups.linux.delhi http://www.mail-archive.com/ilugd@lists.linux-delhi.org/
