Are they safe?

By Patricia Jordan

Members frequently ask if the Canadian Bar Association (CBA) uses cookies on its websites. The CBA uses session cookies to record session information such as your surname and CBA membership ID number when you log in to access a member-only area. Session cookies are temporary bits of information that are erased once you exit your web browser or turn your computer off. While most Internet browsers are initially set to accept cookies, you can change the settings to refuse cookies or alert you when cookies are being sent. Rejecting cookies on some websites can make those sites unusable.

A cookie is a piece of text stored by a computer’s web browser. It can be used for authentication, as an identifier for a server-based session and to store shopping cart contents and site preferences. Cookies can be encrypted for information privacy and data security purposes and may be set with or without an expiration date. CBA websites also use text cookies that are set with an expiration date. As text, cookies are not executable and do not replicate. Although cookies do not yet contain viruses, they can be used as spyware. Anti-spyware products provide warnings about cookies that can be used to track computer activity.

Third-party cookies are sent from a vendor’s site instead of the website being browsed. Third-party cookies can track visitors as they visit multiple domains within a website and across different websites. This functionality provides an analytics vendor with the ability to collate the individual’s activity on sites where they provided personal information with their activity on other sites where they thought they were anonymous. Most people block third-party cookies due to privacy concerns. Many companies that supply banner ads use third-party cookies to track site visitors.

Adobe Flash Player uses Flash cookies that contain cookie-like data that is stored as a file on a computer. The default settings in Adobe Flash Player do not seek permission to store these cookies. Flash cookies store more information than traditional cookies and are not deleted by cookie privacy controls in a web browser and are stored in a separate directory that can be difficult to locate. Search for .sol on your computer’s hard drive to find the location of these files. Flash cookies can also be used to reinstate traditional cookies that have been deleted. This practice is referred to as re-spawning.

Many commercial sites use Flash cookies for tracking purposes and to store information that is used for behavioural-targeted advertising. Each time you search for a product or service, visit a website or click on a banner ad or “paid search” keyword that activity is logged in a cookie that can be analyzed for later use by an advertiser to deliver targeted ads. In the United States, several class-action lawsuits have been launched against media companies for their use of Flash cookies. It is illegal in many countries to track users without their knowledge and consent.

Although the Flash Player Settings Manager at www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager.html allow you to manage settings for automatic notification, global privacy, storage and security, you will need to manually delete Flash cookies from your computer on a regular basis. The “Global Storage Settings panel” allows you to disallow Flash cookies from a specific domain by setting the storage space to “0 KB.” Although no data is stored, empty directories with the name of the domain will be created.

Patricia Jordan is the CBABC Web Manager. She welcomes your comments, questions and suggestions. Tel: 604-646-7861; Email: pjordan@bccba.org; visit: www.cba.org/bc.

This article was published in the February 2011 issue of BarTalk. © 2011 The Canadian Bar Association. All rights reserved.