

A Gentleman's Agreement on Privacy - clay
http://labs.mochimedia.com/archive/2011/06/01/do-not-track/#disqus_thread

======
ggchappell
Hmmm ...

> When the DNT header is present Mochi will not assign your browser a unique
> cookie ....

HOWEVER:

> In the Local Shared Object we still store some information about the ads
> you've seen, ....

A LSO is just a "cookie" that's controlled by Flash, not by the browser. So
users usually know less about them, think all cookies have been
blocked/deleted when LSO's have not, etc.

Conclusion: Maybe these people are trying to be ethical, or maybe they're
trying to be sneaky, and pretend to be ethical. I can't tell. I hope it's the
former. If it is, then I'm afraid a bit better explanation is still needed.

In particular: why not just store a browser cookie?

If this _is_ an attempt to be ethical, then I'm sorry I had to be so cynical.
But, as we all know, the web is full of scammers, and I don't know anything
about these people.

~~~
ericflo
I think this explanation is fine: according to the post, it's storing
information about the ads you see, not about you. So you're not being tracked.

~~~
ggchappell
Yes, that seems likely. However, it leaves my question unanswered: why not
just store a browser cookie?

Is it because the user has requested that no browser cookie by stored? If so,
then they're storing information in a place the user might _not_ know about,
due to the fact that the user has requested that it not be stored in a place
they _do_ know about. That sounds ethically iffy at best.

After all, LSOs are not well known, even among people who care about privacy
and try to manage their own responsibly. Trumpeting the fact that they store
no browser cookie, and then storing a LSO, smacks of shady dealing. Maybe
they're okay, but, as I said, I'm not quite convinced.

~~~
ericflo
It's been a while since I worked at Mochi, but unless they've dramatically
changed their technology, it's because they don't have access to the cookie:

Mochi's ad product is a library that Flash game developers include in their
Flash games, but this technology does not extend outside of the Flash SWF
itself.

To access the cookie, you would need cooperation between Flash and a piece of
javascript sitting on hosting page, and then you would use ExternalInterface
to communicate out to that javascript to read or set the cookie.
Unfortunately, like I mentioned, there is no javascript component to Mochi's
ad product, only the piece of code within the Flash SWF itself, so there's no
way for this to happen.

In fact, there are several use cases where people play Flash games outside of
a browser environment, like on Android or on desktop versions of games (e.g.
<http://windosill.com/> it lets you "download Windosill for better
performance".) In this case, there's quite literally no cookie available to
set.

I know David, and I know the guys at Mochi, and I'd stake my reputation on the
promise that they're not being shady.

~~~
ggchappell
Thanks for the info.

~~~
_dreid
ericflo is correct. I'm trying really really hard to not do anything shady
here. We use LSOs because our product is heavily flash centric and there are
some issues (like not always running in a browser and also the size of data we
store) that make LSOs a better technical fit than HTTP cookies. I'm well aware
of the education problem surrounded LSOs and that's why I took the time to
link to the macromedia pages where users can manage these things.

I apologize for not answering your questions sooner, I didn't know about that
this HN thread until on a whim I went searching for it this morning. I'll keep
an eye on it if you have any further questions you can also poke me on twitter
or on freenode IRC if you'd prefer, I'm dreid pretty much everywhere.

