By Madison Ruppert: The website analytics firm KISSmetrics finally settled a lawsuit
which accused the company of violating the law by creating an
unstoppable tracking method which allowed them to recreate cookies after
users deleted them and even track users who chose to block cookies.
While the settlement is relatively small, it could very well set a precedent and perhaps create a climate less conducive to the ongoing Silicon Valley data mining arms race, the blatant disregard for the privacy rights of users and digital spying operations in general.
Note: to learn how to block many of the various tracking methods please read our guides here and here. Implementation is quick, relatively easy and affordable.
The lawsuit was filed in August 2011, shortly after it was revealed that researchers at UC Berkeley including Ashkan Soltani uncovered the insane KISSmetrics tracking.
The lawsuit was filed on behalf of John Kim and Dan Schutzman and originally included some of the major companies that implemented the KISSmetrics technology, although the clients were later dismissed from the lawsuit.
In the suit, the Kim and Schutzman accused KISSmetrics of “violating California and federal anti-hacking laws and misappropriating their personal information for profit,” according to Threat Level.
The proposed settlement (see PDF here, courtesy of Threat Level), will leave the plaintiffs with a mere $2,500 each while their lawyers will get over 100 times that amount. The case involved over $500,000 in legal fees at rates ranging from $350 to $580 per hour, so this lawsuit obviously isn’t going to make Kim and Schutzman rich.
While this didn’t result in a large payout for the plaintiffs or the public, it did result in KISSmetrics “largely” agreeing not to use their highly questionable techniques any longer, unless users are given notice and a choice in the matter.
“Those methods include using JavaScript, HTML5, Flash and browser caches to store copies of a cookie’s unique ID in order to re-create it if the cookie was deleted,” according to Threat Level.
Personally, I find the tentative language employed hardly satisfying since they stop short of saying that they will never use such methods again under any circumstances.
While that might seem like a little much to ask for, keep in mind that the tracking methods employed by KISSmetrics continued to track users even when they had cookies disabled and the private browsing mode enabled in their browser.
Indeed, even the name of the functions in the tracking code put out by KISSmetrics betrayed the less-than-admirable methods they used, namely, the “cram cookie” function.
Unsurprisingly, Hiten Shah, the founder of KISSmetrics, defended their invasive practices when confronted by media outlets.
“We don’t do it for malicious reasons. We don’t do it for tracking people across the web,” Shah said to Wired last year. “I would be having lawyers talk to you if we were doing anything malicious.”
Also unsurprising is the fact that KISSmetrics did not actually admit any guilt in the proposed settlement, which still has to be approved by a federal judge before being implemented.
Interestingly, Hulu.com (which used KISSmetrics tracking in 2011) still faces a lawsuit over their use of tracking since they already agreed in the settlement of a previous suit that they would no longer use these types of invasive cookies.
While that might seem like an unimportant detail to some, it should be noted that it just goes to show that in reality, there is nothing stopping KISSmetrics from continuing these practices. All they have to worry about is another relatively small settlement.
While the settlement is relatively small, it could very well set a precedent and perhaps create a climate less conducive to the ongoing Silicon Valley data mining arms race, the blatant disregard for the privacy rights of users and digital spying operations in general.
Note: to learn how to block many of the various tracking methods please read our guides here and here. Implementation is quick, relatively easy and affordable.
The lawsuit was filed in August 2011, shortly after it was revealed that researchers at UC Berkeley including Ashkan Soltani uncovered the insane KISSmetrics tracking.
The lawsuit was filed on behalf of John Kim and Dan Schutzman and originally included some of the major companies that implemented the KISSmetrics technology, although the clients were later dismissed from the lawsuit.
In the suit, the Kim and Schutzman accused KISSmetrics of “violating California and federal anti-hacking laws and misappropriating their personal information for profit,” according to Threat Level.
The proposed settlement (see PDF here, courtesy of Threat Level), will leave the plaintiffs with a mere $2,500 each while their lawyers will get over 100 times that amount. The case involved over $500,000 in legal fees at rates ranging from $350 to $580 per hour, so this lawsuit obviously isn’t going to make Kim and Schutzman rich.
While this didn’t result in a large payout for the plaintiffs or the public, it did result in KISSmetrics “largely” agreeing not to use their highly questionable techniques any longer, unless users are given notice and a choice in the matter.
“Those methods include using JavaScript, HTML5, Flash and browser caches to store copies of a cookie’s unique ID in order to re-create it if the cookie was deleted,” according to Threat Level.
Personally, I find the tentative language employed hardly satisfying since they stop short of saying that they will never use such methods again under any circumstances.
While that might seem like a little much to ask for, keep in mind that the tracking methods employed by KISSmetrics continued to track users even when they had cookies disabled and the private browsing mode enabled in their browser.
Indeed, even the name of the functions in the tracking code put out by KISSmetrics betrayed the less-than-admirable methods they used, namely, the “cram cookie” function.
Unsurprisingly, Hiten Shah, the founder of KISSmetrics, defended their invasive practices when confronted by media outlets.
“We don’t do it for malicious reasons. We don’t do it for tracking people across the web,” Shah said to Wired last year. “I would be having lawyers talk to you if we were doing anything malicious.”
Also unsurprising is the fact that KISSmetrics did not actually admit any guilt in the proposed settlement, which still has to be approved by a federal judge before being implemented.
Interestingly, Hulu.com (which used KISSmetrics tracking in 2011) still faces a lawsuit over their use of tracking since they already agreed in the settlement of a previous suit that they would no longer use these types of invasive cookies.
While that might seem like an unimportant detail to some, it should be noted that it just goes to show that in reality, there is nothing stopping KISSmetrics from continuing these practices. All they have to worry about is another relatively small settlement.
No comments:
Post a Comment