Escalation in the Cookie Wars
UPDATE: This just in: Macromedia's Kevin Lynch reports, in a comment below, that Macromedia has defeated PIE!
Speaking of San Francisco's Marcomedia, it's got its hands full with a new kind of cookie. We write about it in today's Mercury News here (or here). There are a lot of people pissed off at United Virtualities, which is the source of this new tracking device, called PIE, that basically hides within your Macromedia Flash Player. From the feedback we're getting, if these guys at United Virtualities were Silicon Valley-based, we'd have to wonder whether they'd be run out of town...
--Here's a link that will help explain the latest on disabling local shared objects in Flash, including PIE
--When we asked UV's Mookie Tenembaum a follow-up question about whether his PIE can override the Macromedia's global storage settings to reject all local shared objects, he didn't respond. UV Spokesperson George Simpson got back to us instead: "I am told that by answering this question it would compromise something proprietary to UV and they choose not to respond. I appreciate that is it entirely unsatisfactory for you, but I am just following orders."
--Macromedia, for its part, couldn't assure us that it could definitely shut down PIE, but suggested UV was trying to create confusion with its claims.
--Here's Kevin Lee on this.
--Here's a piece at ClickZ news
--Finally, here's UV's press release on Pie.
--One artist's rendering of Pie, below:
The obvious thing to do, and what I'm likely to do, is zip the Flash software with a password and rename its folder. Macromedia should be really scared. And mad. Suing mad.
Is everybody missing the point? Traspassing is traspassing! Just because my front door is open that doesen't allow you to enter without permission.
Can't we get class action suits against these cookie traspassers?
Where are the probono lawyers?
I wrote an extension to take care of this very issue - Objection. It's still pretty creaky now, but it works for Windows, and I'm actively trying to improve upon it.
Journalists looking for interesting stories might want to investigate whether the same stunt can be pulled with Shockwave, with even less security limitations than in Flash.
To be clear, the United Virtualities ad tracking as deployed today cannot override the Flash Settings Manager control of local storage. Users have complete control over this and can turn it off. Our security team verified this by checking the ability of sites using their tracking device to store information before and after local storage was turned off by the user. When local storage was turned off, no information was successfully stored.
Macromedia takes security very seriously and we aim to quickly address any security-related problems involving our products. Any possible security issues can be reported to us directly at: http://www.macromedia.com/support/email/security/
Chief Software Architect, Macromedia
This thread is closed to new comments.