Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.



Windows 7: Adobe Flash Cookies: The Silent Privacy Killer

01 Jan 2009   #1

Windows 7 Ultimate x64
 
 
Adobe Flash Cookies: The Silent Privacy Killer

There are hundreds of applications out there from spyware cleaners to built-in browser features that eliminate cookies on the spot, and even let you set cookie policies on your computer regarding what can be stored in your machine, and for how long. I’m assuming that if you’re here reading this post, you already know all of the dangers of cookies on your computer. In all honesty, I don’t seriously believe that they’re the most dangerous form of movement or web tracking, but they can definitely be used to monitor more movements than a person should feel comfortable with.
What if there was a type of cookie that could:

* Stay on your computer for an unlimited amount of time
* Store 100 kb of data by default, with an unlimited max
* Couldn’t be deleted by your browser
* Send previous visit information and history, by default, without your permission

Okay… That’s a pretty scary cookie. As it is right now, the cookies we’re so deadly afraid of can store a maximum of 4 kb of information, are manage by your browser, and by default have reasonable defaults and restrictions.
This type of cookie exists on 98% of global computers, across all operating systems. it’s the Adobe Flash Player.

The Adobe Flash Player maintains proprietary cookies called Local Shared Objects or LSO’s. LSO’s are capable of storing 100 kb’s of information for an indefinite amount of time by default. When you clear your browser history in Internet Explorer, Firefox or Opera on Windows, Linux, or OS X LSO’s are not cleared from Adobe’s local repository.
In fact, all the information in those cookies will remain indefinitely until they’re removed by the issuing website, or by you via a cumbersome and ridiculous process.
Unfortunately, I haven’t even explained the worst of it.
There’s no easy way to tell what sites are using flash cookies to track your movements. There’s no list, and there doesn’t have to be a flash GUI or visible application for flash cookies to be present. In fact, most websites using flash for user tracking don’t create GUI’s, toolbars, or applications that you can actually see in your browser while browsing the site.
Many times a tiny flash module, 2 kb in size or less is loaded into your browser on every page visit in the same way a gif, jpg or other image is. The whole purpose of this tiny, invisible flash module might be to simply record the page request, and your username or other session variables.
Alright, so now you’re sufficiently convinced that this is creepy stuff. Let’s talk about how to get rid of it?
Lame as it might be, the Flash Player has no ability to delete cookies. And as I’ve already said, your browser can’t help you out. It doesn’t even know these cookies exist! Most of the privacy settings for Adobe Flash have be accessed via a flash application on Adobe’s website called the Adobe Flash Player Settings Manager.
If you want to access the Settings Manager, you can do so here. In fact, open it up now and let’s take a look.
If you’ve clicked the link above, then you’re looking at the Flash Player Settings Manager, and a list of all the sites currently storing information on the cookies stored on your computer.
Looking at my list, I see over 100 websites that have been accessing the same cookie for the last year (the last time I formatted my computer). Some of them are storing only 1kb of information, some are storing the full 100 kb’s. On my own computer, I see that my bank is storing flash information despite the fact that there isn’t a single flash application visible when I log in to check my balance. I see Youtube, CNN, Microsoft, Rotten Tomatoes and a ton more!
To delete all the Flash Cookies currently being stored on your machine:

1. Go to the Settings Manager (Website Storage Settings)
2. Go to the far-right tab
3. Click “Delete all sites”

To prevent websites from storing any more information on your computer:

1. Go to Settings Manager
2. Click the Second Tab from the left (Global Storage Settings)
3. Set the Storage Settings slider to None
4. Uncheck “Allow Third Party Flash Content to store data on your computer

There are several other “privacy” settings on the other tabs, but don’t be persuaded. Most of those privacy settings have to do with whether or not websites can access your microphone and webcam. There isn’t a single cookie option on any of the privacy tabs on the Settings Manager.
Adobe, as a global leader in browser technology (a 98% computer market share), has a responsibility to make Privacy Options easily accessible from within the Player application itself. They also have a responsibility to set reasonble default limitations. It’s ridiculous that they would enable websites to store cookies indefinitely, and in such large sizes.

http://www.macromedia.com/support/do...manager07.html

http://www.imasuper.com/66/technolog...rivacy-killer/

My System SpecsSystem Spec
.

01 Jan 2009   #2

OS X Leopard, Vista Basic and Windows 7 Ultimate
 
 

This is why I have got NoScript, stops scrips and flash things running unless I want them to, so I only allow trustworthy sites.

I'll take a look at the settings of my Flash Player in a minute anyway and see whats what though.
My System SpecsSystem Spec
01 Jan 2009   #3

Windows 7 Ultimate Vista Ultimate x64
 
 

I had a look and this is all I found

Name:  2009-01-01_204743.jpg
Views: 143
Size:  31.6 KB


My System SpecsSystem Spec
.


01 Jan 2009   #4

Windows 7 Ultimate x64
 
 

Did you click on all the settings at the top? Also it is better to clear everything.
My System SpecsSystem Spec
01 Jan 2009   #5

OS X Leopard, Vista Basic and Windows 7 Ultimate
 
 

I stopped sites from saving stuff and cleared everything.
My System SpecsSystem Spec
01 Jan 2009   #6

Windows 7 Ultimate Vista Ultimate x64
 
 

Well out of interest I didn't clear it and I run CCleaner and when I checked it again it was empty and I use that on a regular basis which explains why there were only two sites previously.
My System SpecsSystem Spec
01 Jan 2009   #7

Vista Ult 64 bit Seven Ult RTM x64
 
 

Quote   Quote: Originally Posted by Mr GRiM View Post
Well out of interest I didn't clear it and I run CCleaner and when I checked it again it was empty and I use that on a regular basis which explains why there were only two sites previously.
Good to know. Thanks.

Gary
My System SpecsSystem Spec
01 Jan 2009   #8
Joe

Windows 7 RC
 
 

Quote   Quote: Originally Posted by echrada View Post
There are hundreds of applications out there from spyware cleaners to built-in browser features that eliminate cookies on the spot, and even let you set cookie policies on your computer regarding what can be stored in your machine, and for how long. I’m assuming that if you’re here reading this post, you already know all of the dangers of cookies on your computer. In all honesty, I don’t seriously believe that they’re the most dangerous form of movement or web tracking, but they can definitely be used to monitor more movements than a person should feel comfortable with.
What if there was a type of cookie that could:

* Stay on your computer for an unlimited amount of time
* Store 100 kb of data by default, with an unlimited max
* Couldn’t be deleted by your browser
* Send previous visit information and history, by default, without your permission

Okay… That’s a pretty scary cookie. As it is right now, the cookies we’re so deadly afraid of can store a maximum of 4 kb of information, are manage by your browser, and by default have reasonable defaults and restrictions.
This type of cookie exists on 98% of global computers, across all operating systems. it’s the Adobe Flash Player.

The Adobe Flash Player maintains proprietary cookies called Local Shared Objects or LSO’s. LSO’s are capable of storing 100 kb’s of information for an indefinite amount of time by default. When you clear your browser history in Internet Explorer, Firefox or Opera on Windows, Linux, or OS X LSO’s are not cleared from Adobe’s local repository.
In fact, all the information in those cookies will remain indefinitely until they’re removed by the issuing website, or by you via a cumbersome and ridiculous process.
Unfortunately, I haven’t even explained the worst of it.
There’s no easy way to tell what sites are using flash cookies to track your movements. There’s no list, and there doesn’t have to be a flash GUI or visible application for flash cookies to be present. In fact, most websites using flash for user tracking don’t create GUI’s, toolbars, or applications that you can actually see in your browser while browsing the site.
Many times a tiny flash module, 2 kb in size or less is loaded into your browser on every page visit in the same way a gif, jpg or other image is. The whole purpose of this tiny, invisible flash module might be to simply record the page request, and your username or other session variables.
Alright, so now you’re sufficiently convinced that this is creepy stuff. Let’s talk about how to get rid of it?
Lame as it might be, the Flash Player has no ability to delete cookies. And as I’ve already said, your browser can’t help you out. It doesn’t even know these cookies exist! Most of the privacy settings for Adobe Flash have be accessed via a flash application on Adobe’s website called the Adobe Flash Player Settings Manager.
If you want to access the Settings Manager, you can do so here. In fact, open it up now and let’s take a look.
If you’ve clicked the link above, then you’re looking at the Flash Player Settings Manager, and a list of all the sites currently storing information on the cookies stored on your computer.
Looking at my list, I see over 100 websites that have been accessing the same cookie for the last year (the last time I formatted my computer). Some of them are storing only 1kb of information, some are storing the full 100 kb’s. On my own computer, I see that my bank is storing flash information despite the fact that there isn’t a single flash application visible when I log in to check my balance. I see Youtube, CNN, Microsoft, Rotten Tomatoes and a ton more!
To delete all the Flash Cookies currently being stored on your machine:

1. Go to the Settings Manager (Website Storage Settings)
2. Go to the far-right tab
3. Click “Delete all sites”

To prevent websites from storing any more information on your computer:

1. Go to Settings Manager
2. Click the Second Tab from the left (Global Storage Settings)
3. Set the Storage Settings slider to None
4. Uncheck “Allow Third Party Flash Content to store data on your computer

There are several other “privacy” settings on the other tabs, but don’t be persuaded. Most of those privacy settings have to do with whether or not websites can access your microphone and webcam. There isn’t a single cookie option on any of the privacy tabs on the Settings Manager.
Adobe, as a global leader in browser technology (a 98% computer market share), has a responsibility to make Privacy Options easily accessible from within the Player application itself. They also have a responsibility to set reasonble default limitations. It’s ridiculous that they would enable websites to store cookies indefinitely, and in such large sizes.

Adobe - Flash Player : Settings Manager - Website Storage Settings panel

I’m A Super.com » Flash Cookies: The Silent Privacy Killer
Excellent post! It has now been stickied. I want everyone to know about this one. I was shocked to learn about it and welcomed the solution.
My System SpecsSystem Spec
02 Jan 2009   #9

Windows 7 Ultimate x64 SP1
 
 

Yes, excellent post echrada,

I too only had the bin.clearspring one but I dropped the storage down to zero. Thanks, didn't know about this. I think like Mr. Grim said, ccleaner clears these.
My System SpecsSystem Spec
02 Jan 2009   #10

Windows 7 7000; Windows XP Pro SP3
 
 

That is some good info there. Thanks man, scarey stuff!

-baMBi-
My System SpecsSystem Spec
Reply

 Adobe Flash Cookies: The Silent Privacy Killer





Thread Tools



Similar help and support threads for2: Adobe Flash Cookies: The Silent Privacy Killer
Thread Forum
Flash Cookies – Spyware By Any Other Name Security News
Adobe (finally) makes it easier to delete Flash cookies Browsers & Mail
Adobe tackling 'Flash cookie' privacy issue Security News
Internet Explorer Cookies Per Site Privacy Actions - Import and Export Tutorials
Flash cookies deletion Browsers & Mail
Flash Cookies System Security
Adobe to switch on silent PDF updates for Reader....... Software

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 04:18 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33