A group of researchers has released a report on 'Flash cookies' -- persistent identifiers used by popular Adobe Flash presentations on the web.

• Soltani, Ashkan, Canty, Shannon, Mayo, Quentin, Thomas, Lauren and Hoofnagle, Chris Jay, Flash Cookies and Privacy (August 10, 2009).

This is a pilot study of the use of 'Flash cookies' by popular websites. We find that more than 50% of the sites in our sample are using flash cookies to store information about the user. Some are using it to 'respawn' or re-instantiate HTTP cookies deleted by the user. Flash cookies often share the same values as HTTP cookies, and are even used on government websites to assign unique values to users. Privacy policies rarely disclose the presence of Flash cookies, and user controls for effectuating privacy preferences are lacking.

For advertisers and others who want to track user behavior, the ability of users to control, block, and delete traditional HTTP cookies is a problem. The authors quote one company as saying that while all advertisers use HTTP cookies for targeted advertising, "cookies are under attack." That same company announced that it had, "developed a backup ID system for cookies set by web sites, ad networks and advertisers, but increasingly deleted by users.... [These cookies] cannot be deleted by any commercially available anti- spyware, mal-ware, or adware removal program. They will even function at the default security setting for Internet Explorer."

See also:

• You Deleted Your Cookies? Think Again, By Ryan Singel, Wired (August 10, 2009).
• Local Shared Object Wikipedia.