The privacychoice summary of best practices for opt-outs has seen consistent views, and I have heard from many ad networks that they found it useful in creating or shoring up their own practices.
But I forgot to include a completely obvious point, which I have now added:
Ideally, to remember the opt-out preference, use both a browser cookie (so users can see it) and a Flash cookie (so it is persistent). If you are using Flash cookies generally but don’t use a Flash cookie to solidify your opt-out, ask yourself if that really seems fair and in the best interests of users?
It’s true that you can count on one hand the number of ad networks that use Flash cookies to remember opt-out preferences, so maybe I’m spitting in the wind. But if you use Flash cookies for tracking, and you don’t provide a Flash cookie for the opt-out, that’s an unprincipled approach to consumer privacy.