Sign up to our newsletter
The latest security news direct to your inbox
This is not the only lawsuit of its kind regarding LSOs. In July 2010 a lawsuit was filed in federal court against many well known companies, such as MySpace, ABC, and ESPN, among others. At issue again is the use of LSOs to override user privacy preferences. In August it was reported that the online ad network Specific Media was being sued over their use of LSOs. In all cases it has been alleged that the LSOs were being used to restore normal cookies that the users had chosen to delete. Users were not made aware that data they had chosen to delete was being recreated on their computers without their consent or knowledge.
If privacy is important to you, then you will want to control LSOs. The easiest way to do this is probably to use Firefox with the add-on BetterPrivacy. BetterPrivacy allows you to see what LSOs are present and delete them. BetterPrivacy can also be configured to delete the cookies when you close Firefox, as well as at other times. BetterPrivacy does not prevent the creation of LSOs however. In a future blog I will explain a couple of methods you can use to configure the Adobe Flash Player and event prevent LSOs if you wish to.
LSOs can be useful for legitimate purposes, but they are frequently abused by online marketing networks. When you visit a website with ads on it, there is the possibility that an LSO will be written to your hard drive and your browsing habits will be tracked and can be tracked by multiple sites.
(Note: Updated 9/28 to correct LSO is Local Shared Object, not Local Storage Object. Thanks to Otto for the catch)
Director of Technical Education
Author ESET Research, ESET