6 comments

[ 7.0 ms ] story [ 37.4 ms ] thread
Hmmm ...

> When the DNT header is present Mochi will not assign your browser a unique cookie ....

HOWEVER:

> In the Local Shared Object we still store some information about the ads you've seen, ....

A LSO is just a "cookie" that's controlled by Flash, not by the browser. So users usually know less about them, think all cookies have been blocked/deleted when LSO's have not, etc.

Conclusion: Maybe these people are trying to be ethical, or maybe they're trying to be sneaky, and pretend to be ethical. I can't tell. I hope it's the former. If it is, then I'm afraid a bit better explanation is still needed.

In particular: why not just store a browser cookie?

If this is an attempt to be ethical, then I'm sorry I had to be so cynical. But, as we all know, the web is full of scammers, and I don't know anything about these people.

I think this explanation is fine: according to the post, it's storing information about the ads you see, not about you. So you're not being tracked.
Yes, that seems likely. However, it leaves my question unanswered: why not just store a browser cookie?

Is it because the user has requested that no browser cookie by stored? If so, then they're storing information in a place the user might not know about, due to the fact that the user has requested that it not be stored in a place they do know about. That sounds ethically iffy at best.

After all, LSOs are not well known, even among people who care about privacy and try to manage their own responsibly. Trumpeting the fact that they store no browser cookie, and then storing a LSO, smacks of shady dealing. Maybe they're okay, but, as I said, I'm not quite convinced.

It's been a while since I worked at Mochi, but unless they've dramatically changed their technology, it's because they don't have access to the cookie:

Mochi's ad product is a library that Flash game developers include in their Flash games, but this technology does not extend outside of the Flash SWF itself.

To access the cookie, you would need cooperation between Flash and a piece of javascript sitting on hosting page, and then you would use ExternalInterface to communicate out to that javascript to read or set the cookie. Unfortunately, like I mentioned, there is no javascript component to Mochi's ad product, only the piece of code within the Flash SWF itself, so there's no way for this to happen.

In fact, there are several use cases where people play Flash games outside of a browser environment, like on Android or on desktop versions of games (e.g. http://windosill.com/ it lets you "download Windosill for better performance".) In this case, there's quite literally no cookie available to set.

I know David, and I know the guys at Mochi, and I'd stake my reputation on the promise that they're not being shady.

Thanks for the info.
ericflo is correct. I'm trying really really hard to not do anything shady here. We use LSOs because our product is heavily flash centric and there are some issues (like not always running in a browser and also the size of data we store) that make LSOs a better technical fit than HTTP cookies. I'm well aware of the education problem surrounded LSOs and that's why I took the time to link to the macromedia pages where users can manage these things.

I apologize for not answering your questions sooner, I didn't know about that this HN thread until on a whim I went searching for it this morning. I'll keep an eye on it if you have any further questions you can also poke me on twitter or on freenode IRC if you'd prefer, I'm dreid pretty much everywhere.