Adobe Improves Privacy Controls Before Regulators Can Saddle Up

by on January 14, 2011 · 6 comments

Via @csoghoian (who can be wrathful if you don’t attribute), Adobe buries the lede in its blog post about privacy improvements to the Flash player. They’re working with the most popular browser vendors on integrating control of “local shared objects”—more commonly known as “Flash cookies”—into the interface. Users control of Flash cookies will soon be similar to control of ordinary cookies.

It doesn’t end there:

Still, we know the Flash Player Settings Manager could be easier to use, and we’re working on a redesign coming in a future release of Flash Player, which will bring together feedback from our users and external privacy advocates. Focused on usability, this redesign will make it simpler for users to understand and manage their Flash Player settings and privacy preferences. In addition, we’ll enable you to access the Flash Player Settings Manager directly from your computer’s Control Panels or System Preferences on Windows, Mac and Linux, so that they’re even easier to locate and use. We expect users will see these enhancements in the first half of the year and we look forward to getting feedback as we continue to improve the Flash Player Settings Manager.

Mysterious, sinister “Flash cookies” were Exhibit A in the argument for a Do Not Track regulation. There is no way that people can cope with the endless array of tracking technologies advertisers are willing to deploy, the argument went, so the government must step in, define what it means to be “tracked,” and require it to stop—without kneecapping the free Internet. (Good luck with that!)

But Flash cookies are now quickly taking their place as a feature that users can control from the browser (or OS), customizing their experience of the Web to meet their individual privacy preferences. This is not a panacea, of course: People must still be made aware of the importance of controlling Flash cookies, as well as regular cookies. New tracking technologies will emerge, and consumer-friendly information controls meeting those challenges will be required in response.

But if this is what the drawn-out “war” against tracking technologies looks like, color me pro-war!

In a few short months, Adobe has begun work on the controls needed to put Flash cookies under peoples’ control. The Federal Trade Commission—prospective imposer of peace through complex, top-down regulation—took more than a year to produce a report querying whether a Do Not Track regulation might be a good idea. This problem will essentially be solved (and we’ll be on to the next one) before the FTC would have gotten saddled up.

Yes, Adobe may have acted because of the threat of damaging government regulation. That seems always to be what gets these companies moving. Of course it does, when the primary modus operandi of privacy advocacy is to push for government regulation. Were the privacy community to work as assiduously on boycotts as acting through intermediary government regulators, change might come even faster.

We could do without the standing army of regulators. Having a government sector powerful enough to cow the business sector is costly, both in terms of freedom and tax dollars.

With the failure of Do Not Track, the vision of a free and open Internet—populated by aware, empowered individuals—lives on.

  • Chris Soghoian

    “In a few short months, Adobe has begun work on the controls needed to put Flash cookies under peoples’ control.”

    Do you have a citation showing that Adobe has only been working on this for a “few short months”?

    Looking at this bug:, it looks like the Mozilla folks were considering just taking matters into their own hands, and deleting the flash cookie files from the user’s HD… In response, Adobe’ s guy jumped in, and begged the browser vendor not to do this (

    I gather that Adobe and some of the browser vendors have been talking about this for more than a year (just looking at tha bug report and this one:

    From where I sit, it looks like Adobe took longer to come up with the API than the FTC did to write their report.

    I think this deserves a retraction :)

  • Jim Harper

    Fair point. A “few short months” is too casual a statement and not subject to proof. At some point in the past, people started working on this problem. You’ve shown Bugzilla commentary from 2005. Here’s evidence of the FTC beginning to cogitate in 2007:

    Interest in and attention to this problem reached a critical mass among the Internet community at some point—whatever the date, it’s a constant between the regulatory response and the technical/market response. The technical/market response has produced something—amendments to Flash functionality and the browser—while on the regulatory side the FTC is still beginning to cogitate.

    Retraction … DENIED! I’ll look for your Tweeted outrage!

  • Jim Brock

    Like Chris, I am puzzled by your post. Adobe has known about the privacy issues in Flash for several years and has yet make any tangible progress. It would have been easy enough for them to offer add-ons to give concerned consumers some measure of control, or at least improve their miserable web-based interface and provide a link to it in the Flash installation process.

    Whatever the reasons for Adobe’s recent announcement, it is in no way a success story for self-regulation. The progress being made with browser makers and improved notice-and-choice from tracking companies are much better indicators, in my view.

  • Jim Harper

    Chris’ comment required me to amend the time-lag between knowledge and action, but the point stands: It was within a short period of attention to this problem reaching critical mass that Adobe responded. There has been awareness of this issue for years in both technical sector and government circles.

    We need not pinpoint when critical mass was reached to compare government regulation to market regulation. The point is to compare the two, not to compare market regulation to some Platonic ideal. It appears your comparing real to ideal when you say Adobe’s announcement is “in no way a success story” — a non-success as compared to what?

    If you disagree with me, you have to make the case that government regulation functioned more quickly or better. How so?

    (n.b., I’m a proponent of market regulation not “self-regulation.” If “self-regulation” means anything, it is when government and industry get together to divide up the business behavioral pie. Because it’s divorced from the competitive pressures of the market, it’s not going to be produce good results for consumers, just for the businesses and government bureaucrats who make the agreements.)

  • Jim Harper

    your / you’re – y’know

  • Pingback: The New York Times’ Glib Call for Internet and Software Regulation()

Previous post:

Next post: