By Ryan Singel
Online tracking firm Quantcast has agreed to pay $2.4 million to settle a class action lawsuit alleging it secretly used Adobe’s ubiquitous Flash plug-in to re-create tracking cookies after users deleted them, the company said Saturday.
More than $1 million of the settlement will go to fund privacy groups chosen by the plaintiffs, and 25% will go to the lawyers who filed the suit. It’s unlikely that any money will go to the class, since it essentially includes every internet user in the U.S.
UC Berkeley researchers first noted the behavior in August 2009, calling the behavior “zombie cookies,” since unique ids handed out by Quantcast would return in a user’s browser even after deleting the company’s cookie. Quantcast is used by thousands of sites to measure the number of unique visitors and to get information on the kinds of people visiting their site — athletic, older, interested in food, etc....
Quantcast undid the respawning code within 24 hours of Wired.com’s report on the research, and promises in the settlement not to use Flash “to counteract any computer user’s decision to either prevent or delete HTTP cookies. The lead researcher on the original study, [School of Information alumnus] Ashkan Soltani [MIMS 2009], has been helping the Wall Street Journal in its ongoing series on web tracking....
Note: The research cited began with the 2009 MIMS final project "KnowPrivacy," by Joshua Gomez, Travis Pinnick, and Ashkan Soltani.