Friday, 14 December 2007

Hidden Flash Cookies

I was speaking to some pals of mine who where asking about deleting Internet history and removing cookies etc from their PCs for privacy. However none of them knew what “Flash Cookies” were and how to find and view them on their systems, let alone change flash settings and remove them, so I agreed to do a post about them.

To recap, a regular cookie is a small text file created by websites via your web browser and stored locally on your PC. The file is tiny, which is probably why it's called a cookie. The information within the file is used to store or reference direct information about your habits and usage on a particular website, such as where you went on the website, and what you did. These cookies allows websites to be smart, so the website remembers who you are and what you like, often personalising or tailoring aspects of the website to make life easier or for directed marketing.

However a lot of people have privacy concerns about having their surfing habits tracked, monitored and recorded in this way, and often like to remove these cookies from their system. Usually this is done via the Internet Explorers settings, Tools or browsing history then “deletes cookies".

To recap on Flash, Adobe "Flash Player" is web browser pluggin which the vast majority people have enabled on their web browsers (it's there by default). Having "Flash" allows for rich web content and high interactivity within the websites, YouTube videos are delivered within Flash Player for example.

However I have noticed more and more websites are using Flash Cookies, even banking sites. Flash cookie perform the same function as a regular cookie, but they aren't stored as a text file in the usual cookies folder, therefore web browsers like Internet Explorer don't recognise them as cookies and they aren't removed with a "delete cookies".

Flash Cookie files tend to have a ".sol" file extension, on checking my system just now; I see I have "soundData.sol" within "C:\documents and settings\Local User name\Application Data\Macromedia\Flash Player\youtube.com\", even though I just cleared all of my Internet history etc. as a test. I guess this particular flash cookie is probably tracking my preferred volume level on YouTube videos.

The good news is there is a way to delete flash cookies in an orderly fashion and configure the settings for their use on your system. Adobe (owners of "Flash" - they bought it from Macromedia a couple of years back) have a Flash Management Application on their website, not surprisingly it is delivered in Flash. Full instructions on it's usage and settings are all on the Adobe website and pretty much self-explanatory so I'm not going to repeat them here, here's the link...

Flash Settings Manager

It's definitely worth checking out if like my pals you haven't come across Flash Cookies before.

13 comments:

Anonymous said...

Even if you disabled "flash cookies" via http://www.macromedia.com/support/documentation/de/flashplayer/help/settings_manager03.html an checked the option "ask never" flashplayer8 creates a new directory nymed by the website for every site trying to save a flash cookie on your pc.

You get a history of sited trying to store flash cookies in C:\Documents and Settings\username\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys

Just keep this in mind if you are trying to remove the internet history from your pc.

Anonymous said...

Why can't we delete these flash cookies without having to go to adobe's macromedia website? Any 3rd party apps available that do this?

Anonymous said...

Dave

Good heads up re FLASH cookies. Just searched my system, sure enough C:\doc-see\App data\Mac med\ etc etc there they are.

CCleaner, finds this on a scan and will do a DOD 3 or 7 pass delete on all your history ( Windows users ).

You can install CCleaner even if you are NOT an administrator ( handy if you are a guest on a system or contractor using someone else's pc etc ( install to a personal directory and create shortcut to desktop ))

keep it coming - iweua

Anonymous said...

1. We should NOT have to go to Adobe.com website to change settings on FlashPlayer on our own hard drives! This is extremely heavyhanded and sneaky of Adobe/Macromedia.

2. Even after you DO change the settings and try to avoid all Flash Player cookies, you will probably get more anyway.

3. If you do BLOCK all Flash Player Cookies, some sites, like youtube.com will NOT work for you, unless you go back and ALLOW the Flash Player Cookies.

4. EVERYONE using Flash Player should demand that Adobe/Macromedia release a patch for their product that enables end-users to change these settings on our own hard drives, without the interference and nosiness of Adobe forcing us to do any changes ON THEIR WEBSITE!

Whose machine is it, anyway?

SecurityExpert said...

Good post - Thanks for the further information and insight.

Anonymous said...

1. Even after you go (repeatedly) to the adobe/macromedia website and think you have set FlashPlayer to stop hiding these nasty secret cookies, they still appear on your hard drive.

2. You can do a Search for them by searching for *.sol and you will find a lot of them.

3. You can VIEW the content of some of the cookies (some are encrypted) with your Notepad or similar program.

4. MAXA COOKIE MANAGER (Germany) will find these secret cookies (and will let you see their content), but if you want to delete them, you need to buy the Paid Version of MAXA.

5. These cookies are NOT HARMLESS! They contain highly specific, personal info about your computer and your viewing habits. Some of them even include your computer's name and directory paths. This is way too invasive and should not be allowed--especially when done secretly behind our backs like this, by Adobe/Macromedia.

6. If you feel these secret Adobe/Macromedia spy cookies are a violation of your privacy and personal boundaries, COMPLAIN LOUDLY to adobe & DEMAND that they provide a PATCH that allows end-users to set the parameters (ON OUR OWN HARD DRIVES without interference from Adobe!) for whether these cookies appear on our machines...

GOOD LUCK!

PS CCleaner claims that it will detect and remove these FlashPlayer cookies, but we haven't yet found which version will do that--and for which browsers.

Anonymous said...

..\Application Data\Macromedia\
use NTFS permission (right click prefs. security tab)
block all account,
(disable of all permission)

so flash can not access to create any cookie..

this is one way to block.

but u cant acces that folder too,
when u will want accs. that foldr open security section adv. take uper authority..

Anonymous said...

I've found that no matter what you select in the Adobe Flash Player setting, some STILL get through.
Maxa allows you to see what info the cookies are collecting. It's NOT
pretty. Very invasive!
This needs to be addressed AGAIN!
The last time people made noise about cookies sites like doubleclick etc made Opt-outs, so I think it's time for Adobe and everyone else using these flash cookies to create opt-outs too.
The Adobe settings manager is Lame and won't HOLD your settings.

Pepe said...

This scripts cleanses all the Flash cookies in the Windows profile of the user who runs it (put it inside a BAT file, and run it):

rem ------------- script begins
for /f "usebackq delims=:" %%i in (`dir /b "%APPDATA%\Macromedia\Flash Player\#SharedObjects"`) do (
rmdir /s/q "%APPDATA%\Macromedia\Flash Player\#SharedObjects\%%i"
)

for /f "usebackq delims=:" %%i in (`dir /b "%APPDATA%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#*"`) do (
rmdir /s/q "%APPDATA%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\%%i"
)
rem ------------- end of script

Anonymous said...

Changed permissions on C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\#SharedObjects and C:\Documents and Settings\user\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys to read-only. No more flash cookies.
cacls #SharedObjects /p user:r

Anonymous said...

Firefox users check out the Better Privacy option. It has removed ll44 LSO's (flash cookies) in the brief time I've had it (about 8 months). Here are some links I have run across about them which may contain more info for you. I find any tracking to be deplorable whether by governments or business because it has no legitimate use to any except controllers. I don't have the expertise or time to show anything except the links which are in no particular order.

"When Flash cookies (also known as a “Local Shared Objects”) were first flagged as a privacy issue back in 2005, a few savvy companies added a disclosure about Flash cookies into their web site privacy policies. Since then, we have not heard the issue raised again. Now this sleeper issue seems to have been awakened by a recent report by researchers at the University of California, Berkeley, entitled Flash Cookies and Privacy."
http://privacylaw.proskauer.com/2009/09/articles/online-privacy/flash-cookies-back-on-the-radar/#more
------

I agree with anon of July 21, 2008. Adobe is loaded with or on 98% of all computers. Everyone is subject to this flash tracking and the data capabilities are more than 100 times that of regular cookies. Adobe is Big Brother for all of the governments and businesses seeking to keep track of you.
----------

Disable Flash or Uninstall Flash
http://johnhaller.com/jh/useful_stuff/disable_flash.asp
----


Use NoFlash.exe to turn Macromedia Flash on and off in your Internet Explorer browser
http://www.softpedia.com/get/Internet/WEB-Design/Flash/Flash-Off.shtml
----

downloading embedded video: .swf files
http://www.sharewareguide.net/article/Tip/downloading-embedded-video:-.swf-files.html
----

Flash: Unobtrusive Flash Objects and SWFObject
http://mondaybynoon.com/2006/11/06/flash-javascript-and-providing-alternative-content/
----

Open Source Flash Projects
http://osflash.org/open_source_flash_projects
----

Flash Cookies and Privacy
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1446862
----

FlashSwitch is a utility to turn Macromedia ® Flash ™ playback on and off.
http://www.flashswitch.com/
----

Turn off Flash and Ads disappear
http://www.astreet.com/article.php?sid=167
----

Adobe Flash Cookies: The Silent Privacy Killer
http://www.sevenforums.com/news/1261-adobe-flash-cookies-silent-privacy-killer.html

"What if there was a type of cookie that could:

* Stay on your computer for an unlimited amount of time
* Store 100 kb of data by default, with an unlimited max
* Couldn’t be deleted by your browser
* Send previous visit information and history, by default, without your permission

Okay… That’s a pretty scary cookie. As it is right now, the cookies we’re so deadly afraid of can store a maximum of 4 kb of information, are manage by your browser, and by default have reasonable defaults and restrictions.
This type of cookie exists on 98% of global computers, across all operating systems. it’s the Adobe Flash Player.

The Adobe Flash Player maintains proprietary cookies called Local Shared Objects or LSO’s. LSO’s are capable of storing 100 kb’s of information for an indefinite amount of time by default. When you clear your browser history in Internet Explorer, Firefox or Opera on Windows, Linux, or OS X LSO’s are not cleared from Adobe’s local repository."

Anonymous said...

FYI: After extensive collaboration with a Adobe Flash Security Engineer on this topic, the following bug and "resolution" has now been made public:
https://bugs.adobe.com/jira/browse/FP-3440

Basically, the answer is that Flash uses the LSO mechanism to store BOTH "flash cookies" from websites *and* the settings that apply to each site with regard to LSO's -- meaning, the size allowed for site-specific LSO's, etc. The bug is that the settings manager can, under certain circumstances, show in the list of LSO's items which are not really site-specific LSO's, but are actually the "settings LSO" for that domain.

So, though you think you may have disabled LSO's from sites (which you have), you may be confused or frustrated that a site is still seemingly able to create an LSO.

This is not the case. It's just that the Settings Manager erroneously lists a "settings LSO" for a site and makes it appear to be a site LSO. They are going to work to address the UI confusion in the Settings Manager.

Anonymous said...

I just disabled write access to all of the directories inside of the macromedia folder. And what do you know, no more flash cookies, ever!