Wired’s Threat Level blog reports that a group of individuals has filed a lawsuit against Ringleader Digital, claiming that the company is abusing HTML5’s local storage feature, using it to store a tracking ‘cookie’ that can’t be deleted when you delete your browser’s cookies.
The HTML5 local storage feature lets sites store certain types of data on your hard drive for quicker access later on. For example, a webmail service could use this feature to store some of your inbox data on your hard drive, so that when you visit your webmail inbox, it’ll load more quickly.
According to the Wired report, the offending ads have appeared on the mobile versions of several popular sites, including CNN Money, The Travel Channel, WhitePages.com, among others. Wired also reports that the local-storage database will appear as “RLDGUID” on your smartphone.
I headed over to one of the sites in question using my iPhone to see what would happen for myself, and sure enough, there’s RLDGUID. If you have an iPhone, you can check to see if you have this HTML5 ‘cookie’ by going to Settings, then Safari, then Databases. From there, you can remove any unwanted HTML5 databases – including these cookie databases – by tapping the Edit button in the upper-right, then tapping the red circular button next to the database name. Unfortunately, the databases will reappear the next time you visit these sites.
While this may be a new and novel way of tracking users without using browser cookies, it’s not the only way. Flash cookies – bits of cached data stored by your Adobe Flash plugin – can also be used to track your surfing habits, and like this HTML5 trick, they don’t go away when you delete your cookies. And browser fingerprints – an emerging tracking method – doesn’t require cookies of any kind at all.