14 DAY TRIAL // Cookie respawning remains a very real privacy threat with HTML5 storage being prepared as a replacement mechanism for Flash Local Shared Objects (LSOs).
A team of students and professors from Berkeley University have recently analyzed the web tracking practices of the Internet's top 100 websites.
A review performed in 2009 by the same team revealed that many sites were using Flash storage to back up unique identifiers that could be used to recreate HTTP cookies after users deleted them.
"In our followup survey of Flash cookie practices, we found that fewer websites were using Flash cookies. Thirty-seven of the top 100 websites were doing so, down from 54 in 2009," Chris Hoofnagle, director of the Berkeley Center for Law & Technology's information privacy programs, writes.
Two websites were found to respawn deleted HTTP cookies from this alternative storage location, despite last year's revelations resulting in class action lawsuits against multiple organizations.
Even advertising industry associations like IAB Europe condemned cookie respawning and vowed to take actions against members who disregard consumer choice in this manner.
One of the offending websites identified this year was Hulu, which in addition to cookie respawning was caught using a service called KISSmetrics that stored unique identifiers in places that users can't control.
One of those is HTML5 local storage, which, like Flash LSOs, is intended to offer a place for web applications to store their settings and temporary files. However, it too can be abused.
"We found 17 sites using HTML5 cookies, 7 of which were using it to mirror HTTP cookies. This is a signal that HTML5 may, like Flash cookies, become a method of backing up tracking identifiers," Hoofnagle warns.
Despite various efforts to let consumers choose who and when can track them online, the researchers found that overall web tracking is actually intensifying. "We found over 5,600 HTTP cookies on the top 100 sites, up from 3,600 in 2009," they warned.