Update March 1st, 2010 – Chrome adds links to clear ‘adobe cookies’
There are hundreds of applications out there from spyware cleaners to built-in browser features that eliminate cookies on the spot, and even let you set cookie policies on your computer regarding what can be stored in your machine, and for how long.
I’m assuming that if you’re here reading this post, you already know all of the dangers of cookies on your computer. In all honesty, I don’t seriously believe that they’re the most dangerous form of movement or web tracking, but they can definitely be used to monitor more movements than a person should feel comfortable with.
What if there was a type of cookie that could:
- Stay on your computer for an unlimited amount of time
- Store 100 kb of data by default, with an unlimited max
- Couldn’t be deleted by your browser
- Send previous visit information and history, by default, without your permission
Okay… That’s a pretty scary cookie. As it is right now, the cookies we’re so deadly afraid of can store a maximum of 4 kb of information, are manage by your browser, and by default have reasonable defaults and restrictions.
This type of cookie exists on 98% of global computers, across all operating systems. it’s the Adobe Flash Player.
The Adobe Flash Player maintains proprietary cookies called Local Shared Objects or LSO’s. LSO’s are capable of storing 100 kb’s of information for an indefinite amount of time by default. When you clear your browser history in Internet Explorer, Firefox or Opera on Windows, Linux, or OS X LSO’s are not cleared from Adobe’s local repository.
In fact, all the information in those cookies will remain indefinitely until they’re removed by the issuing website, or by you via a cumbersome and ridiculous process.
Unfortunately, I haven’t even explained the worst of it.
There’s no easy way to tell what sites are using flash cookies to track your movements. There’s no list, and there doesn’t have to be a flash GUI or visible application for flash cookies to be present. In fact, most websites using flash for user tracking don’t create GUI’s, toolbars, or applications that you can actually see in your browser while browsing the site.
Many times a tiny flash module, 2 kb in size or less is loaded into your browser on every page visit in the same way a gif, jpg or other image is. The whole purpose of this tiny, invisible flash module might be to simply record the page request, and your username or other session variables.
Alright, so now you’re sufficiently convinced that this is creepy stuff. Let’s talk about how to get rid of it?
Lame as it might be, the Flash Player has no ability to delete cookies. And as I’ve already said, your browser can’t help you out. It doesn’t even know these cookies exist! Most of the privacy settings for Adobe Flash have be accessed via a flash application on Adobe’s website called the Adobe Flash Player Settings Manager.
If you want to access the Settings Manager, you can do so here. In fact, open it up now and let’s take a look.
If you’ve clicked the link above, then you’re looking at the Flash Player Settings Manager, and a list of all the sites currently storing information on the cookies stored on your computer.
Looking at my list, I see over 100 websites that have been accessing the same cookie for the last year (the last time I formatted my computer). Some of them are storing only 1kb of information, some are storing the full 100 kb’s. On my own computer, I see that my bank is storing flash information despite the fact that there isn’t a single flash application visible when I log in to check my balance. I see Youtube, CNN, Microsoft, Rotten Tomatoes and a ton more!
To delete all the Flash Cookies currently being stored on your machine:
- Go to the Settings Manager (Website Storage Settings)
- Go to the far-right tab
- Click “Delete all sites”
To prevent websites from storing any more information on your computer:
- Go to Settings Manager
- Click the Second Tab from the left (Global Storage Settings)
- Set the Storage Settings slider to None
- Uncheck “Allow Third Party Flash Content to store data on your computer
There are several other “privacy” settings on the other tabs, but don’t be persuaded. Most of those privacy settings have to do with whether or not websites can access your microphone and webcam. There isn’t a single cookie option on any of the privacy tabs on the Settings Manager.
Adobe, as a global leader in browser technology (a 98% computer market share), has a responsibility to make Privacy Options easily accessible from within the Player application itself. They also have a responsibility to set reasonble default limitations. It’s ridiculous that they would enable websites to store cookies indefinitely, and in such large sizes.
Is Adobe intentionally allowing websites to abuse privacy? You tell me. Comments Welcome.
edit: changed Macromedia to Adobe. Sorry, I’m from the ‘ol days.
Increase your e-mail privacy: Anonymous E-mail Boxes with makemetheking.com
Wow BuckMighty is insane. Says your angry and then posts such hatred laden drivel.
Excellent article. Im a computer geek and have read recent articles regarding these insidiuos new devices of info theft.
Everyone email Adobe their sentiments on this deceptive invasion of privacy.
http://www.adobe.com/bin/webfeedback.cgi
[...] http://www.imasuper.com/66/technology/flash-cookies-the-silent-privacy-killer/ [...]
[...] while back I wrote an article called Flash Cookies: The Silent Privacy Killer, which was one of the first main stream articles to expose Adobe Flash LSO objects as a privacy [...]
Wow, BuckMighty, you’re an angry person. No, just a bonehead.
31337 – man, your knowledge of useless shit is impressive!
Hi
For Firefox browser there’s an addon ‘BetterPrivacy’.
This can be set to flush away those Adobe supercookies at shutdown.
This one is very alarming. I started looking in the files and my entire history was there. Literally hundreds of web-sites that were visited. They were all immediately deleted. I can not recall ever reading a clear explanation of this in their licensing agreement(s). This is an extreme, deceptive in the way it has been presented and implemented, and is breach of trust and a violation of privacy. The downside of the fictitious nature of the corporation with no accountability or responsibility.
This is a no win situation since if you need to review a presentation with this technology in regards to your work, then there is no other alternative. This degree of tracking without clear notification is excessive and reminds me of the Sony rootkit fiasco; this being a similar situation.
There are certain things that you just do not do as a corporation as this goes to show how out of touch to public sentiment many are. I am very glad that this was belatedly brought to my attention.
Can you block just certain websites?
@Harold wrote:
With WinXP :-
The target folder that is used to store the Flash “cookies” is “C:\Documents and Settings\[USERNAME]\Application Data\Macromedia\Flash Player”. If you rename this folder to “Flash Player.disabled” or delete it (your choice) and create a FILE (not a folder) called “Flash Player” then Adobe can no longer recreate the “Flash Player” folder because the name is already in use by a file. The easist way to create this file is to right-click inside the …\Macromedia folder and select the “create text file” option naming it “Flash Player” (not “Flash Player.txt”).
It works because you can’t have a folder and a file in the same directory with the same name.
My two cents:
Harolds solution works great. Even the Flashplayer updates will not re-create the folder if you follow the instructions. I didn’t notice any slowdown in performance as flash objects load so I have to wonder what is the reason for having them to begin with? Data collection maybe?
[...] giving users control over the browsing experience: crashes, general slowness, nightmarish security, super-cookies that can’t be easily managed via a browser’s privacy controls, … the list goes [...]
[...] by the issuing website, or by you via a cumbersome and ridiculous process. You can read about removing flash cookies in the article published by Imasuper.com author. Or you can see the removing flash cookies video [...]
Simple you all…. I know this so I did the one and only thing that’s seems rational…
Get yourself a flash blocker addon for your Firefox. You can selectively active the flash you want to invoke on the page.
you can see for yourself a tiny little flash always loading on most sites in the upper left corner that does nothing but do the cookie thing.
Anyone who thinks that it’s as simple as going to the adobe site and saying 0 size limit, is a F#@king loser. Anyone who thinks that it’s necessary to “enahance the user’s experience” is a tw@t and and anyone who writes flash that stores even one bit of harmless information is an @ssh0le licker, on a biblical scale.
GEIF MEH 3V1L FLASH COO(Y’S S00 I H4X0R U @|_|_