ETags vs Flash Cookies

Who is Using Them?: Several media companies — ABC, MTV, ESPN, NBCUniversal and Myspace, among others —  were accused of using Flash cookies via third parties. They recently settled with plaintiffs in class-action suits. It is difficult to pin down which companies are using ETags. New allegations of ETagging have been lodged against KISSmetrics and some of the companies that were its clientele, such as Hulu and Spotify. Both companies dropped KISSmetrics as an ad technology provider last week. The allegations stem from a study coordinated by researchers from the University of California, Berkeley released last week. The study found that although the use of auto-regenerating flash cookies on the most visited 100 websites in the US has dropped from 281 in 2009 to about 100 in 2011, ETags were in use as tracking methods on several major sites. More sophisticated cookie-deletion tools, such as those on the Firefox browser, have made it easier for Flash cookies to be deleted by consumers and because of this, the report maintained, ETags were being used as a replacement.

How it Works: ETags track consumers even when all cookies are blocked at the browser level and the browser’s cache has been emptied. HTML5 uses semantic tags to store and transmit data about browser activity. Semantic tagging can create a unique identifier for a consumer’s computer or any other element of the consumer’s online behavior and then store that data in a section of the device’s virtual memory that doesn’t usually house cookies. Because ETags can hide easily on a device, they are difficult to find and delete without some intermediate technical knowledge. ETags can hoard data undetected, and that means that end-users of the data can trace the online behaviors of virtually everyone, with or without their consent. ETags can absorb a consumer’s browsing history and even incorporate a weighting system for behaviors in order to create a fairly comprehensive portrait of the consumer’s preferences. This  behavioral portrait goes from being somewhat anonymous while a consumer is being tracked online by a third-party data collector to an intimately detailed snapshot of a consumer’s digital identity once a consumer makes a purchase or submits personally-identifiable information to a website.

Why it Matters: Flash cookies can hold the equivalent of 50 pages of data and semantic-based ETags are even more agile than Flash cookies. Companies that boast of “tracking without cookies” use semantic identifiers to pass on information to end-users. When these tracking practices cannot be eliminated even through the selection of a “do not track” option or manual cookie-deletion, existing privacy laws may be violated.

Assessment: The potential for consumer backlash for this newer form of resilient cookie is enormous. The advertising industry’s indulgence in underhanded methods such as these gives credence to the fears of the fringe element of the privacy movement.