An Escalation in the Mobile Zombie Cookie Wars

Mobile devices may become less and less private thanks to cookies–those tiny files stored in your browser by sites that want to remember you and target you with advertising. Most cookies can be manually erased.

But when some iPhone and iPad users recently tried to delete cookies from their browsers, they discovered they could not stop a third party from watching their mobile web browsing habits. Ever. Such cookies can be zombie-like: ridding a device of these tags is not unlike slaying the undead.

Last month, several consumers filed a Federal lawsuit in a Los Angeles court–a case that could gain class action status. The suit targets Ringleader Digital Inc–a company behind the tricky mobile web tracking–as well as media companies who used Ringleader’s ads including CNN, Merriam-Webster, Whitepages.com, Accuweather and the Travel Channel. The lawsuit says that Ringleader is making use of a new data storage tool in HTML-5 instead of using traditional cookie tracking.

The lawsuit is the second one in recent months to pit federal privacy laws against zombie cookies, but this may be the first one to address the issue on smart phones. In July, a suit filed in U.S. District Court in San Francisco alleges that technology from Quantcast uses Adobe’s Flash player to re-install cookies that PC users have deleted.

Tracking a person’s behavior as they browse helps marketers deliver ads more suitable to a person’s tastes. Creepy, perhaps. Yet, cookies are effective and in a sense pay for the free sites we use.

Since courts deemed cookies legal in the early 2000s, online tracking has helped spawn a $23 billion online advertising industry, according to the Wall Street Journal.

However, unlike desktops, smart-phone web browsers have proved difficult for advertisers to use cookies consistently. To get around this problem, Ringleader designed a pseudo-cookie analytic system called Media Stamp.

Deleting the cookies doesn’t help, nor does going into Safari’s stored databases and deleting the Ringleader database, RLDGUID.

Ringleader would simply fetch the unique ID it stored for an individual’s phone and start tracking all over again. The folks at Ars Technica tried using Ringleader’s opt-out service, but the RLDGUID database just reappeared. Apparently, the company needs to keep track of your phone’s unique ID forever, so it knows to opt-you out of its ads.

Meanwhile, advertisers see nothing but dollar signs in smart-phone cookies.

About 20 percent of the U.S. population has smart-phones–according to a study by comScore–and smart-phone sales are still booming.

Smart phones have the potential of dishing a lot more information about their user than a stationary computer.

The Center for Investigative Reporting recently highlighted two studies showing how much information apps can lift. Half of the 30 popular Android apps investigated secretly transmit the geographic location of users. (Hey, you could advertize your coffee shop around the corner before the smart-phone user gets there!)

The same study showed that seven of the 30 apps investigated send “information uniquely identifying the phone and occasionally include actual phone numbers as well as serial numbers assigned to SIM cards.”

With more location-specific and identity-specific mobile advertising on the way, we may soon be living in a mobile zombieland.