Reply
Security Expert
CWH803
Posts: 5,341
Registered: ‎09-25-2003

Flash: You Deleted Your Cookies? Think Again

You Deleted Your Cookies? Think Again  

 

"More than half of the internet’s top websites use a little known capability of Adobe’s Flash plug-in to track users and store information about them, but only four of them mention the so-called Flash Cookies in their privacy policies, UC Berkeley researchers reported Monday.

 

Unlike traditional browser cookies, Flash cookies are relatively unknown to web users, and they are not controlled through the cookie privacy controls in a browser. That means even if a user thinks they have cleared their computer of tracking objects, they most likely have not."

 

 

 

Use FlashSwitch to selectively disable Flash, that is "Keep it Off" until actually wanted,  and use Flash's Global Privacy Settings panel to control the beast when it is enabled. 

 

Also, navigate in your User Profile's folder "Documents and Settings" using Windows Explorer to folder "Macromedia" then to folder "sys" to see all of the Flash cookies which begin with a "#".

 


Signature: 127.0.0.1, Sweet 127.0.0.1 and I recommend all of these Anti-malware tools and Procedures. (updated May 2010)
Regular Problem Solver
cjortega
Posts: 953
Registered: ‎07-02-2003

Re: Flash: You Deleted Your Cookies? Think Again

I use FireFox, and just installed 'BetterPrivacy' to help deal with this subject.

 

Clickable link.

 

 

--
Claude
Service Expert
Moguns
Posts: 839
Registered: ‎01-31-2008

Re: Flash: You Deleted Your Cookies? Think Again

Also, navigate in your User Profile's folder "Documents and Settings" using Windows Explorer to folder "Macromedia" then to folder "sys" to see all of the Flash cookies which begin with a "#".

 

So if one does have  some files with # on them, does this mean they are one's that are tracking you?

I have 5, one for AOL, one for a company that I playing a game on(not a video game, ) and I have one for google, one for amazon, and one for a company of called bright spring(which I don't what they are).

Can we just delete these objects/files that start with #?

Thanks

 

SI VIS PACEM PARA BELLUM

Photobucket
Security Expert
CWH803
Posts: 5,341
Registered: ‎09-25-2003

Re: Flash: You Deleted Your Cookies? Think Again

[ Edited ]

Moguns,

 

You have located your LSOs or "Flash Cookies".  If you have spoken correctly to Flash's Global Privacy Settings these LSO folders will have a size of zero. Only LSOs with size greater than zero can track you. 

 

Seems that an empty LSO folder is created, but not populated, if you have spoken correctly, that is "No, Never, Zero, Deny, and Certainly Not" to Flash's Global Privacy Settings

 

This is, I'd say, a Flash LSO defect because even without tracking data inside the LSO, the LSOs existence represents a potential Privacy Breach in that this list of Flash LSOs shows what web sites you visited when you had Flash enabled.  Clearing browser history, as you know, doesn't touch LSOs. 

 

The LSOs can be deleted without causing any problems.

Message Edited by CWH803 on 08-13-2009 04:02 PM

Signature: 127.0.0.1, Sweet 127.0.0.1 and I recommend all of these Anti-malware tools and Procedures. (updated May 2010)
Regular Contributor
newbomb_turk
Posts: 49
Registered: ‎04-02-2004

Re: Flash: You Deleted Your Cookies? Think Again

thanks foe the BetterPrivacy link,installed done!
Security Expert
CWH803
Posts: 5,341
Registered: ‎09-25-2003

Re: Flash: You Deleted Your Cookies? Think Again

For more discussion, a scary "Say What? secret Flash function, and some proactive responses see the Quantcast Casts Out Flash Cookies in Wake of Report (August 12, 2009) article in the SANS NewsBites Vol. 11 Num. 64.  

 

Selections:

 

"In the wake of research published about Flash cookies, online tracking
company Quantcast has stopped its practice of recreating customers'
cookies with Flash after users deleted the regular cookies."

 

"If you want to see something really scary, read about the Flash "fscommand" operator - basically it's the equivalent of system(3) in UNIX circa 1985. Running Flash in your browser is the equivalent of giving a command prompt to everyone who owns every website you visit." 


Signature: 127.0.0.1, Sweet 127.0.0.1 and I recommend all of these Anti-malware tools and Procedures. (updated May 2010)
Security Expert
CWH803
Posts: 5,341
Registered: ‎09-25-2003

Re: Flash: You Deleted Your Cookies? Think Again

Anyone know of an IE equivalent of the FireFox BetterPrivacy LSO blocker?

 

My solution, FlashSwitch, doesn't work when I'm actually using Flash on a webpage.


Signature: 127.0.0.1, Sweet 127.0.0.1 and I recommend all of these Anti-malware tools and Procedures. (updated May 2010)
Security Expert
CWH803
Posts: 5,341
Registered: ‎09-25-2003

Re: Flash: You Deleted Your Cookies? Think Again

Adobe says this about its Flash Cookies (LSOs) that are so easily misused by "trackers".

 

"Adobe is committed to the security of Adobe® Flash® Player and takes consumers' privacy seriously."

 

"This section provides information about Flash Player features that may be important for privacy and security discussions."


Signature: 127.0.0.1, Sweet 127.0.0.1 and I recommend all of these Anti-malware tools and Procedures. (updated May 2010)
Regular Problem Solver
cjortega
Posts: 953
Registered: ‎07-02-2003

Re: Flash: You Deleted Your Cookies? Think Again


CWH803 wrote:

Anyone know of an IE equivalent of the FireFox BetterPrivacy LSO blocker?

 

My solution, FlashSwitch, doesn't work when I'm actually using Flash on a webpage.


 I don't know about an equivalent, but if you install Firefox and the better privacy addon, and run firefox once in a while, it will deal with the LSO's, as Flash stores them in the same folder reqardless of which browser was used.
 

 

--
Claude
Regular Problem Solver
Posts: 789
Registered: ‎03-14-2005

Re: Flash: You Deleted Your Cookies? Think Again

[ Edited ]

CWH803 wrote:

Anyone know of an IE equivalent of the FireFox BetterPrivacy LSO blocker?

 

My solution, FlashSwitch, doesn't work when I'm actually using Flash on a webpage.


You should be able to configure Ccleaner http://www.ccleaner.com to clean those out. I didn't find any LSOs when I looked just now (I don't use Windows for general browsing.), so I can't check that myself.

 

I just noticed there's a new version of Ccleaner, 2.22.968.

 

[edit]

And now that I've downloaded the latest version of Ccleaner I see that it already cleans up those Flash Player LSOs.  Yea!!!

 

Message Edited by MelvinTheGrate on 08-16-2009 08:40 PM
Security Expert
CWH803
Posts: 5,341
Registered: ‎09-25-2003

Re: Flash: You Deleted Your Cookies? Think Again

Some further observations about Flash LSOs (Flash Cookies)

 

With Flash enabled via FlashSwitch and the Flash Global LSO parameters relaxed, a visit to Chase.com via IE8 shows the following additions to my Windows User “Application Data\Macromedia\Flash Player” data structure.

 

1) Under folder “#SharedObjects” a folder named “chase.com” contains an LSO named DataStore.sol of 1KB;

 

2) And  Under folders  “macromedia.com” … “sys” is folder “#chase.com” that contains file “settings.sol”.

 

The first instance is the chase LSO (Flash Cookie) and the second instance is the Flash Global Privacy Setting limits for chase.com.

 

I’ve deleted both and reset my Flash Global LSO parameters to “None”, “Zero”, “Never” and “Certainly Not”.


Signature: 127.0.0.1, Sweet 127.0.0.1 and I recommend all of these Anti-malware tools and Procedures. (updated May 2010)