I’m not an overly paranoid person and think some of the people who feel the need to delete their cookies regularly are probably taking things just a little too far. If people are tracking me around the web and serving adverts I might actually be interested in - fair play to them! I have nothing to hide and nothing to worry about.

However I didn’t realise that Flash provides a much more dangerous type of cookie that really needs to be addressed.

This Local Shared Object can:

• Stay on your computer for an unlimited amount of time
• Store 100 kb of data by default, with an unlimited max
• Couldn’t be deleted by your browser
• Send previous visit information and history, by default, without your permission

The big thing I take exception to here are the last two points. Firstly I believe every technology should give the user the ability to opt out, for cookies the option to delete should be readily available even if for the most part it’s only used by a minority. But the second point is truly wrong - this kind of data should be limited as it is in other technologies such as JavaScript.

Come on Adobe just give an opt out button on the next version of Flash player or perhaps just make security settings a little easier to find for your average user?

I’m all for advances in technology to protect users but why do some companies seem to handle things so clumsily and just not think how it is going to affect the end users? Sometimes these actions can actually be damaging to other trading companies.

I have two examples of just this happening today.

Firstly with regard to Mozilla rolling out a new policy when it comes to SSL certificates (this will be within Firefox 3). Essentially if you self certify or get an unapproved provider to sign the certificate any users of Firefox 3 will get a massive scary message - the kind that most people have a little panic and push the back button.

Mozilla are trying to do the right thing but in too bullish a way. If a certificate is actually invalid this of course should be displayed but if it is simply by an unapproved provider an alternative message should be provided.

In the case of SSL certificates they are provided for two reasons.

1. To encrypt data sent to and from the server.
2. To authenticate the website is what it says it is.

The second point can only be trusted when a third party reputable provider issues the certificate and this is what Firefox is trying to protect against. Why not have a bit more user friendly message that explains that? If a self certified certificate is being used simply to ensure secure transfer of data strictly speaking the certificate is not invalid so why say it is?

My second annoyance is with McAfee and their SiteAdvisor system they have in their security software. Every McAfee’s users’ search engine results pages have icons put next to each result to signify if McAfee has tested if the site as safe or not.

Sounds like a good idea yes? Certainly gives piece of mind for the average user however if as a company you are unlucky enough still to be in McAfee queue for testing websites it’s not such good news.

If a user is confronted with a red cross next to a search result (failed McAfee’s tests) you’d understand people avoiding it like the plague but how about if they have a yellow exclamation mark next to them?

Well for the average users they too would avoid this like the plague - why take the risk?

So when a company I’ve been working with had this very problem (and notably their competitor’s have already been awarded the magic green tick) I contacted McAfee to see if they could move things along. A brick wall is about the best description - wait your turn. Hardly the response you want when an action by another company could actively be turning away paying customers.

I’m not saying that McAfee shouldn’t have come up with this solution just the implementation is lacking. Surely a more carefully categorised queuing system could have ensured no uneven roll-out through competitors? Or maybe if such a thing was to happen there could be conditions when a website could be fast tracked?

Phorm are still putting their fingers in their and singing “la la la la la” when anyone mentions that their advertising shouldn’t be based on an opt out even when it’s the information commissioner.

Security companies have now jumped into the fray saying that the infamous Phorm cookie will be seen as Adware and blocked by default which means Phorm’s initial user base will be cut somewhat.

The main issue for me now is still the interception of data but as the ICO has passed the buck to the Home Office I can’t see a quick resolution. This one could run for some time yet!