Also known as local shared objects or flash cookies, Flash local storage involves collections of cookie-like data stored as a file on a user's computer. Adobe's Flash Player uses this technology to store information on how people navigate websites. Unlike conventional browser cookies, they cannot be deleted by cookie privacy controls in a web browser. Advertisers will often use them to make it harder for their targets to cover their tracks online, and gain a better picture of how people are surfing.
Gartner attributes mounting global regulatory concerns over consumer privacy as one of the leading reasons for the forthcoming decline in the use of Flash local storage. "The days of tagging customer PCs to identify 'good' customers logging onto user accounts are numbered, as regulatory privacy concerns and privacy settings in Adobe Flash Player 10.1 gives end users explicit control over information downloaded to their PCs using Flash Player," said Avivah Litan, vice president and distinguished analyst at Gartner. "Service providers who depend on Flash to identify client devices such as PCs in order to prevent fraud should evaluate and implement alternative technologies."
The organization proposes two alternatives to the use of Flash local storage. PC inspection software can read information from the operating system registry, serial numbers from the hard drive, or the media access control (MAC) ID from an ethernet card, although that would entail supporting the software, which is a task that service providers may be unwilling to adopt.
The other alternative is server-based client list programs, which are less reliable than local store objects when it comes to identifying good customers, but can be more reliable in identifying fraudsters posing as first-time or spontaneous customers, Gartner said. This technology works by reading information from the user's browser. Whichever tool they use, Gartner advises the use of some form of client device identification technology other than local stored objects, because it can reduce the instances of online data theft by up to 25%, it said.