HTML5 local storage could track your surfing habits

By Mike Fischer on September 23, 2010, 5:58 PM
Web surfers generally applaud the changes coming down the pike with HTML5, but last week Wired reported on a potentially unpleasant privacy loophole on mobile phones involving the format's local storage, a feature originally designed to allow offline browsing and faster refreshing of common pages. A lawsuit has followed against Ringleader Digital, an online data collection and advertising firm, alleging that the company is using the feature to create "pseudo-cookies" that are stored locally and can track browsing history. They are not removable using standard cookie cleanup methods and are created by ads placed on the mobile versions of some high-traffic websites including CNN Money, The Travel Channel, and Merriam-Webster.

If you are concerned about the privacy violation, the local storage database will show up as "RLDGUID" and can typically be removed by going through your phone browser's settings and looking for HTML5 database storage. Despite the lawsuit, it appears that some sites are still actively creating the "cookie," although Ringleader Digital is offering an opt-out program on their website. The page must be visited from your mobile phone (presumably so the opt-out cookie can install itself) and will "be effective for the life of the device unless you install a new browser, or update your existing browser, in which case you will need to re-implement the opt out utility in order to maintain your opt out status." Sounds aggravating.




User Comments: 5

Got something to say? Post a comment
Guest said:

In the PrivacyChoice Index of Tracking Companies, we show when we've seen an ad network use html5 local storage.

http://www.privacychoice.org/companies/all

To contribute a report of this practice, let us know at contact@privacychoice.org

Flannelwarrior said:

Looks like Apple wants to take a page out of Google's book, and could you blame them? :P

jobeard jobeard, TS Ambassador, said:

Google for LSO Flash Cookies and you'll see one approach.

For the Firefox browser, google BetterPrivacy extension

Guest said:

And this is different from Flash Cookies how?

Currently the only 100% method of deleting Flash Cookies, is to:

~ be a Linux or Unix user; (Can you do this with Mac OS X?)

~ using a browser that does not put tracking stuff in other places that you can not control (Firefox is one, not Google Chrome or Internet Explorer, fyi there are over 100+ other browsers);

~ use a soft link and redirect the Flash Cookies to /tmp (gets deleted when you reboot and/or turn off your Linux PC), (i.e. ln -s /tmp/linfl ./.macromedia and ln -s /tmp/linfl ./.adobe )

Still in that situation the Flash cookies are there tracking your surfing between reboots. Here is the link on how to do this with Linux, (/tmp is mentioned in the comments and worked great for me.):

http://www.theinquirer.net/inquirer/news/1725591/banish-flas
-cookies-forever-linux

So for HTML5 we will be required to determine where they put any "spy-ware-cookies-flash-or-html5" and delete them as well. What else is new.

Just say "No" to "security through obscurity" and/or "false senses of security" by tools that say they delete things (flash cookies) but do not delete them 100%!

jobeard jobeard, TS Ambassador, said:

awe gee; sadly, as you know, Windows is not Linux. Yea symlinks (or hardlinks) allow some need stuff for sure.

The point is, GIVEN a specific system,

  • is the user aware of cookies
  • or where they ARE stored

so that they may be managed on that system.

An F18a is faster than a Piper Cub too, but that's not germane is it?

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.