Adobe Flash Player privacy features may cause headaches for Web merchants

Features intended to provide better privacy for users of the upcoming Adobe Flash Player 10.1 may end up being a hindrance for online merchants and banks that drop Flash cookies onto a user's computer to identify returning customers.

Ori Eisen, chief innovation officer at fraud detection vendor 41st Parameter, notes that both Flash cookies and regular cookies have been used for customer identification and tracking by Web merchants and banks for years. Adobe Flash Player 10.1, which Adobe plans to ship by midyear, will include support for the private browsing feature found today in many Web browsers. That's good for users, but the prospect of losing Flash cookies could pose problems for businesses online that use the technology to identify and track visitors, Eisen says.

The new private browsing support, when activated by the user in Flash Player 10.1, means that merchants and banks won't be able to lean on Flash cookies in the future for identifying customers.

"With 10.1, Flash will honor the browser privacy setting," Eisen says, pointing out that Adobe has not done that until now, despite privacy complaints from many sides.

Web merchants and banks that depend on Flash cookies will have to look at alternate forms of authentication and identification, and if they're not prepared for change, their systems may pose challenges to online visitors, which could lead to higher call volumes to call centers.

Eisen says he's testing Flash Player 10.1 with some customers and seeing a variety of system responses related to browser privacy settings. 41st Parameter has its own identification technology based on what can be gleaned from HTTP, JavaScript and TCP/IP in user interactions online.

Privacy advocates have long complained about both Web and Adobe Flash cookies dropped on computers to track Web activity, and the topic was aired at the Federal Trade Commission's Privacy Roundtables not long ago. Adobe has found itself responding to criticism through FTC filings, such as the letter to the FTC sent by Adobe's chief privacy officer MeMe Jacobs Rasmussen last January.

In that letter, Rasmussen informed the FTC that Adobe was moving toward enhanced privacy in Flash Player 10.1, saying "Flash Player private browsing mode is triggered by the Web browser's private browsing mode and Flash Player 10.1 will automatically manage stored data in accordance with a browser's private browsing settings so no additional user interaction is required." The filing said Adobe planned to support Google Chrome 1.0+, Microsoft IE 8.0+ and Mozilla Firefox 3.5+, with future support for Apple Safari envisioned.

Adobe didn't make a spokesperson available to discuss the browser privacy setting issue but issued a statement: "Adobe Flash player 10.1 includes enhancements to help users better control their personal information on the Web. It supports the private browsing feature found in many Web browsers, so that when someone activates private browsing in their browser, it is also activated in Flash Player -- meaning there is no local storage of information from that Flash Player session. Flash Player 10.1 also makes it easier for users to reach the Flash Player Global Settings Manager, where they can control their local storage settings."

Read more about data center in Network World's Data Center section.

This story, "Adobe Flash Player privacy features may cause headaches for Web merchants" was originally published by Network World.

Copyright © 2010 IDG Communications, Inc.

7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon