New ‘Flash Cookies’ warning
p2pnet news view Advertising | P2P:- Local Shared Objects (LSOs) are, “pieces of information placed by Flash programs on your computer. They are frequently used like cookies.”
Looks harmless enough, innocuous even. But it isn’t.
The statement is in the dialog box of Greg Yardley’s Firefox add-on Objection.
It was created by him specifically to “Delete Flash Local Shared Objects (Flash Cookies),” small pieces of identifying code hidden in programs such as Adobe’s, “near-ubiquitous Flash media player” and which can, “track users’ behaviour,” as OUT-LAW.com observes.
“The pieces of code behave similarly to ’standard’ cookies,” it says.
And according to the story, more than half of the most popular 100 websites, “use secret behaviour-tracking software to monitor users, mostly without their knowledge, and in several cases the software recovers information the user has chosen to delete”.
But that’s nothing unusual. Nor is it news.
Earlier in the year, in a post on a new way to listen to indie music, “Lols, not a chance I will show up for that,” said a p2pnet Reader’s Write scornfully.
That’s because, said the site under discussion, “You must turn on JavaScript and install Flash to use it. It does not work with the Ad Block and Flash Block plugins.”
Now, when Flash cookies were first flagged as a privacy issue back in 2005, “a few savvy companies added a disclosure about Flash cookies into their web site privacy policies,” says the Privacy Law Blog, going on:
“Since then, we have not heard the issue raised again.”
But this “sleeper” seems to have been woken again by by researchers at the University of California, Berkeley, entitled Flash Cookies and Privacy, it says.
The work was done by Berkeley students Ashkan Soltani, Shannon Canty, Quentin Mayo, Lauren Thomas and Chris Jay Hoofnagle who, in the abstract to their paper, sum it up like this »»»
This is a pilot study of the use of ‘Flash cookies’ by popular websites. We find that more than 50% of the sites in our sample are using flash cookies to store information about the user. Some are using it to ‘respawn’ or re-instantiate HTTP cookies deleted by the user.
Flash cookies often share the same values as HTTP cookies, and are even used on government websites to assign unique values to users.
Privacy policies rarely disclose the presence of Flash cookies, and user controls for effectuating privacy preferences are lacking.
And in their paper, “Flash cookies offer several advantages that lead to more persistence than standard HTTP cookies, they say, also stating:
” Flash cookies can contain up to 100KB of information by default (HTTP cookies only store 4KB). Flash cookies do not have expiration dates by default, whereas HTTP cookies expire at the end of a session unless programmed to live longer by the domain setting the cookie. Flash cookies are stored in a different location than HTTP cookies, thus users may not know what files to delete in order to eliminate them.
“Additionally, they are stored so that different browsers and stand-alone Flash widgets installed on a given computer access the same persistent Flash cookies. Flash cookies are not controlled by the browser. Thus erasing HTTP cookies, clearing history, erasing the cache, or choosing a delete private data option within the browser does not affect Flash cookies.
“Even the ‘Private Browsing’ mode recently added to most browsers such as Internet Explorer 8 and Firefox 3 still allows Flash cookies to operate fully and track the user. These differences make Flash cookies a more resilient technology for tracking than HTTP cookies, and creates an area for uncertainty for user privacy control.”
(Cheers, Chris)
First they ignore you, then they laugh at you, then they fight you, then you win ~ Mahatma Gandhi
OUT-LAW.com – Hidden Flash cookies track even opt-out users on web’s biggest sites, September 17, 2009
p2pnet – Flash Cookie computer pollution, March 8, 2009
Privacy Law Blog – Flash Cookies — Back on the Radar, September 2, 2009
Use free p2pnet newsfeeds for your site. It’s really easy!
Subscribe to p2pnet.net | | rss feed: http://p2pnet.net/p2p.rss | | Mobile – http://p2pnet.net/index-wml.php
Net access blocked by government restrictions? Use Psiphon from the Citizen Lab at the University of Toronto. Go here for details.
September 18th, 2009 at 2:54 pm
I’ve always been pretty conscious about PC security and privacy. When I first read about this on p2pnet World Headlines (Sept. 15 I think) I decided to check out my own flash cookies and couldn’t believe how many were in there despite use NoScript in Firefox. I deleted all of them of course. Hopefully we’ll see flash slowly phased out seeing as Firefox 3.5 can now handle vorbis audio and video without the need for third party plugins.
http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html
September 18th, 2009 at 4:03 pm
For Mac users you can use Flush to delete them worked well for me
http://machacks.tv/2009/01/27/flushapp-flash-cookie-removal-tool-for-os-x/
September 18th, 2009 at 4:43 pm
@ pirate dude
There is a firefox addon that deletes these things.
I don’t know how well it works though.
See:
http://netticat.ath.cx/BetterPrivacy/BetterPrivacy.htm
and
https://addons.mozilla.org/en-US/firefox/search?q=betterprivacy
I think there is another but I forget the name of it.
Might be worth jon doing a story on this stuff and where people can grab some tools to remove/prevent them for the various OS’s (or do it manually), if more contribute here that is.
September 18th, 2009 at 4:50 pm
Also see:
http://en.wikipedia.org/wiki/Local_Shared_Object
September 18th, 2009 at 6:31 pm
I run Ubuntu 8.04 and installed Better Privacy a few days ago. I notice more hard drive activity at times, but nothing serious so far. As far as flash cookies, I don’t have any at the moment. I should also mention that my current Ubuntu install is several weeks old (broken video card, don’t ask), so it would not have been exposed to a lot of flash cookies so far.
September 18th, 2009 at 6:53 pm
Hey Dorothy:
So you went and did it – Linux!
Good for you
Cheers!
September 18th, 2009 at 7:36 pm
My solution has been run a batch file to delete the (macromedia) folder between browser sessions. It’s a royal pain and I don’t really know if it works but it was the best I could come up with. The folder remakes itself every time I open the browser and hasn’t caused a problem so far but I just keep deleting it. Maybe a knowledgable user could tell me if this is a reasonable fix. I normally set Firefox to delete all cookies so have no real need for them.
September 18th, 2009 at 8:02 pm
I was going to mention the firefox addon Better Privacy, but looks like I was beaten to it.
September 18th, 2009 at 8:21 pm
@ Jon:
Actually I have been running Linux for over 2 years, just had to reinstall a while back. I will never go back to Windows, even tho I have more than once come close to pulling all my hair out with Linux. But thank you anyways
.
September 18th, 2009 at 9:25 pm
Broken video card? Oh no, are you having that problem with gnome? Is it a intel card?
September 19th, 2009 at 1:26 am
@ normal1515
No, nothing to do with Gnome. The malfunctioning card was an Nvidia card (Asus 7300 GS – only 2.5 years old!), which started producing weird screen colours and patterns. My computer was unusable as I couldn’t read anything on the monitor. When I replaced it with an older ATI card, the picture improved rather drastically, so was pretty sure it was the card. In my efforts to try and fix the picture while the old card was still in, I screwed up and decided to reinstall Ubuntu to be on the safe side. Got a new Nvidia card (BFG 9400 GT) and had to mess with it a bit (ok a lot) before I found a driver that worked. Yay!
September 19th, 2009 at 1:59 am
@Irate Pirate
“When I first read about this on p2pnet World Headlines (Sept. 15 I think) I decided to check out my own flash cookies and couldn’t believe how many were in there despite use NoScript in Firefox.”
yes, yes, “world headlines” captures good info.
September 19th, 2009 at 2:01 am
In all reality, Jon wrote about this a year or more ago.
Thats when I payed attention to it.
September 19th, 2009 at 3:31 am
Go to the Flash settings manager listed above, delete all the sites that are already list, then go to general storage tab and set the global storage setting to 0K. Now, Flash won’t store anything on your system. Of course if you do that, every YouTube video will start out at full volume, other sites will forget your settings, etc.
September 19th, 2009 at 1:39 pm
And this is even more scary when you realise that Adobe recently bought Omniture .
September 19th, 2009 at 1:42 pm
Sorry, that was supposed to be a link… http://en.wikipedia.org/wiki/Omniture#Criticism
September 19th, 2009 at 3:06 pm
Per the Gaurdian
http://www.guardian.co.uk/technology/2008/jan/03/adobe.apple
It’s a usage-tracking site, and you could worry if you don’t want your usage of applications from Adobe, and Apple’s iTunes Ministore, tracked. Omniture has been thrust unwillingly into the spotlight because a blogger noticed (tinyurl.com/34oxm8) that when you start up an Adobe Creative Suite 3 (CS3) application, it tries to contact what looks like an IP address on your network: 192.168.112.2O7.net.
September 21st, 2009 at 3:38 am
@Andy
Get the “Ghostery” addon for Firefox. It blocks that annoying track crap, incl. Omniture.
October 3rd, 2009 at 9:00 pm
site best