European Advertising Industry Association Condemns Cookie Re-Spawning

IAB Europe, the group representing the European advertising industry, warns that cookie re-spawning violates European legislation and calls for companies using behavioral advertising technologies to provide the same level of transparency that HTTP cookies do.

Cookie re-spawning is the practice of using ulternative storage locations, such as Flash Local Storage Objects (LSOs), to recreate cookies if they are deleted from the browser, therefore circumventing the consumer's decision.

IAB views people's ability to remove online advertising cookies as a "powerful and important consumer control" and calls anything that would impede that freedom an unacceptable practice.

Security researchers have warned about cookie re-spawning through Flash LSO since last year.

Since then several lawsuits seeking class action status have already been filed against major companies like Disney, Warner Bros. Records, Ustream and others, for using the method to track users on their websites.

“We work hard to protect lawful business practices across Europe and will not allow individual companies to jeopardise the trust and confidence that our membership has built with their European users.

"Companies must respect users’ choices. In the connected internet, where web sites collaborate with many third parties, such illegal practices pose a problem not only for one sector but for the entire online industry.

"The (reputational) damage of re-spawning to our industry is clear and we will act clearly and decisively when any such cases are brought to our attention to stamp out abuse of consumer trust,” said Kimon Zorbas, vice-president of IAB Europe.

Adobe, the company developing the technology abused frequently to re-spawn cookies has also condemned the practice.

Another problem with Flash LSOs is that they are not controlled from the same place inside the browser as HTTP cookies are.

Instead users need to open a special page and navigate through several tabs in order to remove or disable them.

But there are also other places where cookies can be stored. Security researcher Samy Kamkar has recently released a proof-of-concept tool called "evercookie" which saves such unique identifiers in ten different locations.