Related article December 13th, 2010 – Facebook: The real privacy killer
Update March 1st, 2010 – Chrome adds links to clear ‘adobe cookies’
There are hundreds of applications out there from spyware cleaners to built-in browser features that eliminate cookies on the spot, and even let you set cookie policies on your computer regarding what can be stored in your machine, and for how long.
I’m assuming that if you’re here reading this post, you already know all of the dangers of cookies on your computer. In all honesty, I don’t seriously believe that they’re the most dangerous form of movement or web tracking, but they can definitely be used to monitor more movements than a person should feel comfortable with.
What if there was a type of cookie that could:
- Stay on your computer for an unlimited amount of time
- Store 100 kb of data by default, with an unlimited max
- Couldn’t be deleted by your browser
- Send previous visit information and history, by default, without your permission
Okay… That’s a pretty scary cookie. As it is right now, the cookies we’re so deadly afraid of can store a maximum of 4 kb of information, are manage by your browser, and by default have reasonable defaults and restrictions.
This type of cookie exists on 98% of global computers, across all operating systems. it’s the Adobe Flash Player.
The Adobe Flash Player maintains proprietary cookies called Local Shared Objects or LSO‘s. LSO’s are capable of storing 100 kb’s of information for an indefinite amount of time by default. When you clear your browser history in Internet Explorer, Firefox or Opera on Windows, Linux, or OS X LSO’s are not cleared from Adobe’s local repository.
In fact, all the information in those cookies will remain indefinitely until they’re removed by the issuing website, or by you via a cumbersome and ridiculous process.
Unfortunately, I haven’t even explained the worst of it.
There’s no easy way to tell what sites are using flash cookies to track your movements. There’s no list, and there doesn’t have to be a flash GUI or visible application for flash cookies to be present. In fact, most websites using flash for user tracking don’t create GUI’s, toolbars, or applications that you can actually see in your browser while browsing the site.
Many times a tiny flash module, 2 kb in size or less is loaded into your browser on every page visit in the same way a gif, jpg or other image is. The whole purpose of this tiny, invisible flash module might be to simply record the page request, and your username or other session variables.
Alright, so now you’re sufficiently convinced that this is creepy stuff. Let’s talk about how to get rid of it?
Lame as it might be, the Flash Player has no ability to delete cookies. And as I’ve already said, your browser can’t help you out. It doesn’t even know these cookies exist! Most of the privacy settings for Adobe Flash have be accessed via a flash application on Adobe’s website called the Adobe Flash Player Settings Manager.
If you want to access the Settings Manager, you can do so here. In fact, open it up now and let’s take a look.
If you’ve clicked the link above, then you’re looking at the Flash Player Settings Manager, and a list of all the sites currently storing information on the cookies stored on your computer.
Looking at my list, I see over 100 websites that have been accessing the same cookie for the last year (the last time I formatted my computer). Some of them are storing only 1kb of information, some are storing the full 100 kb’s. On my own computer, I see that my bank is storing flash information despite the fact that there isn’t a single flash application visible when I log in to check my balance. I see Youtube, CNN, Microsoft, Rotten Tomatoes and a ton more!
To delete all the Flash Cookies currently being stored on your machine:
- Go to the Settings Manager (Website Storage Settings)
- Go to the far-right tab
- Click “Delete all sites”
To prevent websites from storing any more information on your computer:
- Go to Settings Manager
- Click the Second Tab from the left (Global Storage Settings)
- Set the Storage Settings slider to None
- Uncheck “Allow Third Party Flash Content to store data on your computer
There are several other “privacy” settings on the other tabs, but don’t be persuaded. Most of those privacy settings have to do with whether or not websites can access your microphone and webcam. There isn’t a single cookie option on any of the privacy tabs on the Settings Manager.
Adobe, as a global leader in browser technology (a 98% computer market share), has a responsibility to make Privacy Options easily accessible from within the Player application itself. They also have a responsibility to set reasonble default limitations. It’s ridiculous that they would enable websites to store cookies indefinitely, and in such large sizes.
Is Adobe intentionally allowing websites to abuse privacy? You tell me. Comments Welcome.
edit: changed Macromedia to Adobe. Sorry, I’m from the ‘ol days.
Increase your e-mail privacy: Anonymous E-mail Boxes with makemetheking.com
Another way to get of the flash cookies is to download and run a anispyware program, such as Spybot Search and Destroy. If you run the Spybot Search and Destroy in advanced mode you can set the program to clear usage tracks. When you run a scan it will pick up these rotten adobe cookies. Then when you select fix problems it runs the cookies through a built in file shredder! So that is how I get rid of adobe cookies. Spybot can be found at
safer-networking.org/enindex.html
Wow BuckMighty is insane. Says your angry and then posts such hatred laden drivel.
Excellent article. Im a computer geek and have read recent articles regarding these insidiuos new devices of info theft.
Everyone email Adobe their sentiments on this deceptive invasion of privacy.
http://www.adobe.com/bin/webfeedback.cgi
Wow, BuckMighty, you're an angry person. No, just a bonehead.
31337 – man, your knowledge of useless shit is impressive!
Hi
For Firefox browser there's an addon 'BetterPrivacy'.
This can be set to flush away those Adobe supercookies at shutdown.
This one is very alarming. I started looking in the files and my entire history was there. Literally hundreds of web-sites that were visited. They were all immediately deleted. I can not recall ever reading a clear explanation of this in their licensing agreement(s). This is an extreme, deceptive in the way it has been presented and implemented, and is breach of trust and a violation of privacy. The downside of the fictitious nature of the corporation with no accountability or responsibility.
This is a no win situation since if you need to review a presentation with this technology in regards to your work, then there is no other alternative. This degree of tracking without clear notification is excessive and reminds me of the Sony rootkit fiasco; this being a similar situation.
There are certain things that you just do not do as a corporation as this goes to show how out of touch to public sentiment many are. I am very glad that this was belatedly brought to my attention.
Can you block just certain websites?
@Harold wrote:
With WinXP :-
The target folder that is used to store the Flash “cookies” is “C:Documents and Settings[USERNAME]Application DataMacromediaFlash Player”. If you rename this folder to “Flash Player.disabled” or delete it (your choice) and create a FILE (not a folder) called “Flash Player” then Adobe can no longer recreate the “Flash Player” folder because the name is already in use by a file. The easist way to create this file is to right-click inside the …Macromedia folder and select the “create text file” option naming it “Flash Player” (not “Flash Player.txt”).
It works because you can’t have a folder and a file in the same directory with the same name.
My two cents:
Harolds solution works great. Even the Flashplayer updates will not re-create the folder if you follow the instructions. I didn't notice any slowdown in performance as flash objects load so I have to wonder what is the reason for having them to begin with? Data collection maybe?
Simple you all…. I know this so I did the one and only thing that's seems rational…
Get yourself a flash blocker addon for your Firefox. You can selectively active the flash you want to invoke on the page.
you can see for yourself a tiny little flash always loading on most sites in the upper left corner that does nothing but do the cookie thing.
Anyone who thinks that it's as simple as going to the adobe site and saying 0 size limit, is a F#@king loser. Anyone who thinks that it's necessary to "enahance the user's experience" is a tw@t and and anyone who writes flash that stores even one bit of harmless information is an @ssh0le licker, on a biblical scale.
GEIF MEH 3V1L FLASH COO(Y'S S00 I H4X0R U @|_|_
The exceptions aren't for sites that need the cookies, they "require" the cookies. Nobody needs to know anything about you. When you set the cookie size to zero or deny everything, then you find out who is looking cookies.
Like oops clicks. Everybody wants their link next to the scroll-bar. cookie trends found that nasty little nugget
which is everybody.. And your info is for sale to anybody.. And Adobe cashes all the checks
Another addition for linux users, if using the dev/null black hole for flash cookies mentioned above, aswell as ~/.macromedia you may want to include ~/.adobe aswell.
Windows users – Another batch file to do the job here (apparently this one has been tested on XP/Vista and windows 7)
https://nodpi.org/forum/index.php/topic,1969.0.ht…
The settings manager saves a list of all flash enabled websites I've visited, in case I decide I want to change the settings for a site.
I don't want that list of websites stored on my computer, because I've disabled LSOs altogether.
Is there a way to disable this flash history?
Instead of storing a list of every website you visit, Adobe should give users the option of manually adding sites for which exceptions are necessary.
<blockquote cite="#commentbody-19796">
Greg :If you want to avoid having “Flash Cookies” stored on your computer all you need to do is set the security settings on the following folder to deny.
C:Documents and SettingsApplication DataMacromediaFlash Player
This prohibits the flash player from writing anything into that folder.
Of course, some flash sites may no longer work correctly so you’ll just have to decide if it’s worth it or not.
If you want to avoid having "Flash Cookies" stored on your computer all you need to do is set the security settings on the following folder to deny.
C:Documents and SettingsGregCApplication DataMacromediaFlash Player
This prohibits the flash player from writing anything into that folder.
Of course, some flash sites may no longer work correctly so you'll just have to decide if it's worth it or not.
Weird how you are required to go an Adobe page to get rid of their stupid cookies, instead of using your browser controls…can you say "proprietary"? They must be keeping a record of that, too! According to another poster herein ("Just Me") Adobe ignores your settings and puts those cookies right back in. So I guess Adobe is simply trying to assuage its countless users by putting up a false front. What a ruse!
Looks like Bank of America has a new folder for the FSO. Check out your
Application DataAdobeFlash PlayerAssetCache
folder
What really **sses us off is that no matter how many times we go to the adobe website to tell it to REMOVE ALL these flash objects and STOP PUTTING THEM ONTO OUR HARD DRIVE, they keep coming back! We have even changed all the various directories where these things are stored to READ ONLY, but somehow this horrible Flash Player program & Adobe manage to keep on writing new flash objects to our system anyway!
If you don't believe this is happening, do a SEARCH on your machine for all *.sol objects and prepare to be **ssed off!
We've written to Adobe and many other places to try to get SOMEONE to FORCE Adobe to straighten up with this nefarious behavior, but so far, there have been NO CHANGES. HOW IS THIS EVEN LEGAL???
People need to continue to hammer away at Adobe and DEMAND that they build a Flash Object REMOVER into their Flash Player, that the end-user can use ON THEIR OWN MACHINES, instead of having to trot over to Adobe.com and "trust" them to clean up their tracks on OUR machines!
the free program called ccleaner will delete flash cookies.
Great information!
@echo WAP-Tek's flushflash.bat
@echo i am not resposible for you IGNORING WARNINGs,,
@echo LEARN TO HACK OR FAIL!
@echo WAP-Tek.tk
@echo .
@echo WARNING read the contents of this "program" and edit it NOW
@echo .
@echo This file MUST be customized for you systems folder structure or
@echo it WILL erase your system files by accident !!!
@echo .
@echo this is not guarenteed to work but
@echo for a "safer" alternative you can block flash cookie creation,,
@echo .
@echo you can put a dummy file FOR each folder that shows sol files in it
@echo place dummy files named after the sub-directorys listed as having
@echo sol files , flash will fail to save anything because
@echo it cannot understand that a file is not a directory
@echo .
@ECHO press [Ctrl] [C] to stop this NOW !!
@echo .
@echo or
@pause
@cd "C:WINDOWSApplication DataMacromediaFlash Player"
@dir /a
@ECHO press [Ctrl] [C] to stop this NOW or
@echo .
@echo or
@pause
@deltree /Y *.*
@cd "C:WINDOWSApplication DataAdobeFlash PlayerAssetCache"
@dir /a
@ECHO press [Ctrl] [C] to stop this NOW or
@ECHO .
@echo or
@pause
@deltree /Y *.*
@cls
@exit
put a dummy file named after each sub folder
into the folders mentioned
flash will fail to store anything
or use/customize a bat file like
= = = = flashflush = = =
cd "C:WINDOWSApplication DataMacromediaFlash Player"
dir /a
pause
deltree /Y *.*
cd "C:WINDOWSApplication DataAdobeFlash PlayerAssetCache"
dir /a
pause
deltree /Y *.*
There seem to be only one location where flash cookies are stored (at least on Linux). And if you delete flash cookies in Midori, they also get deleted from Firefox. So I am wondering if this cross-browser behavior is reasonable or if it is any dangerous.
<blockquote cite="#commentbody-441">
Mario Klingemann:
Oh come on – this information is available since ages (I think it must be 4 or 5 years at least), no one is trying to hide anything or make this a secret.
Local Shared Object:
http://en.wikipedia.org/wiki/Local_Shared_Object
http://livedocs.adobe.com/flash/9.0/ActionScriptL…
How to manage and disable Local Shared Objects:
http://kb.adobe.com/selfservice/viewContent.do?ex…
So what's next… I mean remember how people, some people, were afraid when the TV first came out that they could be seen by someone on the "other end." Well, Flash has brought us one step closer to that with their lovely dialogue box that pops every now and again asking to use your mic or your cam… usually it's an invited inquiry, sometimes its completely random and pity the person typing not totally paying attention to the tiny lil Flash animation that is shit for artwork and execution, looks like a cartoon, who accidentally presses a key that indicates ok accidentally and it's "Hi, you're on Candid Camera."
But back to Mario Klingemann's topic referenced above and Mario's sunshine day response to what are, without any doubt, valid concerns to the average person about one, having elements invasively and under cloak of darkness (and secrecy because ain't nobody know much about this here SOL) glide on into your system and two, that information is only now really beginning to trickle about this. Mario, Wikipedia is like an encyclopedia – people don't sit around just perusing for the fun of it. And tell me this… who's the target audience for reading the livedocs at Adobe? I think you can probably find the answer to my question at the beginning or the end of the scripting guideline reference material you link back to and guess what? It ain't Joe Blow Web Surfer. It's Technical Timmy the 0.05% of the world population him and his brethren make up.
And don't anyone be fooled by Adobe's ridiculous answer to those wanting to control the local storage of SOLs or forbid it completely: it is a jackass Flash animation that resembles the M$ paperclip from Office of decade yonder it is so poor rendered and designed, it simply looks like a cartoon strip from the newspaper. Yet it claims to have the power to set all these parameters on your computer and you're all safe from the SOL. I didn't buy it but I went through the motions – deleted everything that was on there except stuff from my bank and specified "ask me" for further storage or whatever that setting is, the most restrictive without actually outright forbidding. A few weeks later I found a document outlining the path to the folder in which these things were stored on my mac and I opened it up – it was chock full of brand new SOLs. I just deleted the contents of the folder containing all the SOLs and changed permissions from the parent folder all the way down to read only and then locked all the folders. So far so good.
What's next? hey Mario, you are so way ahead of the game, tell us lil minions, what should we worry about next?
For Windows, try the MAXA Cookie Manager, which allows to manage all types of cookies (Flash LSO) included at once, including black and whitelists:
http://www.maxa-tools.com/cookie.php
I really like the morons up here trying to aologize for this feature. Hey MORONS: I don’t play stupid computer games, so I don’t give a DAMN about that. I also don’t give a RAT’s ASS if “my pizza place” remembers what I ordered last time.
This is obviously sneaky spyware, from the dirtbags at Adobe. The lame-ass douches up here trying to defend are probably spammers and other psychotics who think it’s wonderful that they can track people’s internet use.
The fact is, these files contain lots of information about your internet history that you might not want known to other people, for example, if your university (e.g. Columbia) BANS sites that the idiots there find “politically incorrect” such as World Net Daily .com.
Any SLIME MOLD who is up here defending this you can know is a slimy dirtbag who is upset that people are finding out about this. I think a lawsuit against Adobe is completely justified. They have always been sneaky bastards with all of their crappy broken software. it’s easy to see why their apps barely function – because the main purpose of them is to invade your privacy.
Scott McNealy is a has-been freak. I don’t give a rat’s behind what this loser slimebag thinks I should be “getting used to”. Sun is going out of business soon, and good riddance to this bucktoothed freak Mcnealy.
This can also be deleted with Command Prompt script:
{run CMD}
cd "Application DataMacromediaFlash Player
rmdir /Q /S #Security
rmdir /Q /S #SharedObjects
rmdir /Q /S localhost
rmdir /Q /S macromedia.com
rmdir /Q /S localhost
* for Vista, change _ Application Data_ to _AppData_
What's so wrong with SO? What I should use, when I'm doing a game with many levels, and want to let you play it offline and store the position if you have to leave and want to continue next time without need to play from the beginning? And with Youtube.. I really don't want to set the volume I prefer all the time I see some movie… if you want, just disable it in the Global Storage Settings panel as you described.
It is what these can be MADE to do that is the problem 99% may be harmless and useful, it is the abused and misused ones that are the problem. The claim that only the original site can access the information is not as clear as it might be. Most sites have frames or links or ads from third party sites if that third party site puts a flash cookie on your PC the same site can access it from ANY site on which it has a link or frame or ad. SO it would collect which sites you have been to and other details from those sites possibly for years – frightening. If a store hid a camera on you while you were shopping and monitored your entire day claiming to be helping you get targeted ads there would be an outcry but these people have convinced the computing public that cookies are necessary, good and not evil at all. Yet the information they get sells for thousands-Why?
All this information is overwhelming for a non-tech user. Why is Microsoft not offering more help in controlling cookies?
Did anyone read Musashi270 post? Ccleaner erases all flash cookies except ones you choose to keep like from your bank etc.
How concerned really ought we be about cookies, ''http cookies'' and ''ADOBE FLASH COOKIES''? I am now going to unistall Adobe Flash Player and then I'm going to try to figure out how to remove those NASTY files the UNINSTALL process leaves behind on my hard drive. It is any wonder the world is such a screwed up place when we allow such ******** software on our computers? I think the government has really dropped the ball on us all.
If you know how to remove thos shit files, please let us ALL know. And thank you in advance because personally I truly hate cookies.
What truly scares the crap out of me is people I care about use this ******** software.
This artical is so correct about the Adobe flash player. I noticed 3 weeks ago when i needed to download an Actvix player for a certain programme, right after downloading the pc was giving me trouble. I could not even scroll, as it was going so fast and would not allow me to click at all.So it was making it impossible to see most things. I also am encountering other problems since the download. I have Norton antivirus, whic i paid for and works well. So this showed no virus.I then realised myself it was the flash player THAT HAD UPSET MY PC
This artical is so correct about Adobe flash. On a few accounts I have had to download on I have had a few problems.. but not like the ones I had the last time It is almost impossible right after downloading to even scroll down.it just runs away! so makes it impossible to see most things. Also a lot of other problems with my pc since 3 weeks ago. I have Norton antivirus which i paid for, and works well. It shows no virus at all. I was convinced myself this was Adobe flash that has upset my pc.
hedora, the biggest privacy threat by far is the application people call "Windows" or occasionally "Vista". It stores and stores and hides from you and obscures and then ships out onto the net. If people trust Windows, that sees *everything* you do on a PC, why would they worry about Sony or Adobe or Google or anyone else whose ability to store anything about you ultimately depends on Microsoft giving them that right? [..since all their applications rely on calls made to Windows libraries for even basic things like using memory, files, and running the application ..eg, in the case of Google, the browser]
In Linux you know what you have and where they can get you if you let them [you may not know but other third party developers do (including the very paranoid ones)]. Of course, I am talking about open source software.
Under linux, this works. Perhaps something similar will work in windows and / or macos:
1) Remove all flash settings. Shutdown web browser, then:
cd ~
rm -rf .macromedia
2) Restore clean defaults:
(startup flash, go to settings manager, turn off storage in global tab)
3) It still stores per-site data. This sets the flash settings directory to be read only, hopefully preventing per-site data storage for good:
chmod -R -w ~/.macromedia
I can't believe I didn't know about this earlier!!! I always surf with cookies turned off, I thought I was safe!!! But then the BBC iPlayer remembered my playback position in Opera, when I had previously played it in IE. I thought, how can it know across different browsers, even when I have cookies turned off and use CCCleaner everyday?? Then I rumamged around the Application data folder and found loads of SOL files dating back years!!!! I have teh Adobe Flash player option ticked in CCLeaner, but CCleaner still doesn't clear them, it has let me down! The world must be told of the danger posed be Flash cookies!!!
Thanks so much for this information. I just found about out about "flash cookies" aka "linked shared object" aka "LOS" aka "SOL". The way I found out was in trying to determine of 'Incognito" mode in Google Chrome was really as private as advertised by Google. Google Chrome, it turned out, is NOT as private as they say it is precisely because it makes use of flash cookies. Google, is seems, it tracking every the websurfing of everyone who downloaded and who uses Chrome via the link shared objects.
I have followed the instructions, herein, to delete these objects and to stop them from being placed, again on my computer unless, of course, the Google geeks figured out some other way to place their flash cookie for Chrome somewhere else in the file tree.
If you or any other bloggers using Windows want to earn a quick buck publishing similar poorly researched "privacy panic" articles, there is a ton of material in c:documents and settings[USERNAME]application data to keep you busy for quite a while.
Some of you FireFox users might be surprised at what doesn't get deleted in your Profiles folder when clearing your private data via FF's menus.
In WinXPsp3, the files are stored in two places, c:documents and settings[USERNAME]application datamacromediaflash player#sharedobjects[hieroglyphicname]
and c:documents and settings[USERNAME]application datamacromediaflash playermacromedia.comsupportflashplayersys
event after all of the entries had been deleted from the settings manager gui, all of the 'sites' information was still there….
but it isn't any more.
stine
I'm looking at a long list now, but the biggest size is only 3kb. Most are 1 or 2kb out of the 100kb limit. This includes Google video and You Tube. So I doubt this cookie is slowing my browsing down although I am surprised to find them.
Been away from my computer. Thanks!
Bob
I deleted the folder on my Linux computer, recreated a new one and ran the settings manager selecting the options I wanted. I then set the folder to read-only so no more stuff can be added to it.
If this doesn't work out I'll just add a cleanup script that runs before every backup to clean out the stuff in macromedia.com and #SharedObjects folders aside from the settings file:
~/.macromedia/Flash_Player/macromedia.com/support/flashplayer/sys/settings.sol
<blockquote cite="#commentbody-463">
Harold Steptoe :Bob:
With WinXP :-
The target folder that is used to store the Flash “cookies” is “C:Documents and Settings[USERNAME]Application DataMacromediaFlash Player”. If you rename this folder to “Flash Player.disabled” or delete it (your choice) and create a FILE (not a folder) called “Flash Player” then Adobe can no longer recreate the “Flash Player” folder because the name is already in use by a file. The easist way to create this file is to right-click inside the …Macromedia folder and select the “create text file” option naming it “Flash Player” (not “Flash Player.txt”).
It works because you can’t have a folder and a file in the same directory with the same name.
Harold,
That is a genius solution. Not necessarily because it's the best technique listed here, but because it's creative and well, really just quite intelligent. Well said! I love it, and I'm going to impliment it just for the fun of it.
Regards,
Priv A. See
Adobe has also other products, such as pdf reader acrobat. Wonder if it has any secret cookie systems? I wouldn't be surprised, after all, it's useful to trach who reads your documents, when and where.
Bob:
With WinXP :-
The target folder that is used to store the Flash "cookies" is "C:Documents and Settings[USERNAME]Application DataMacromediaFlash Player". If you rename this folder to "Flash Player.disabled" or delete it (your choice) and create a FILE (not a folder) called "Flash Player" then Adobe can no longer recreate the "Flash Player" folder because the name is already in use by a file. The easist way to create this file is to right-click inside the …Macromedia folder and select the "create text file" option naming it "Flash Player" (not "Flash Player.txt").
It works because you can't have a folder and a file in the same directory with the same name.
To be pedantic, Jim's "script" way up there at #4 is not a script, it's just a couple of shell commands. And while I like to mess around with the command line too, I think it's worth pointing out for those less geekily inclined that you can delete those files just as easily from the Finder in OS X. Navigate to the Macromedia folder in your user Preferences folder, and start poking around; you'll find 'em.
Now, I'm off to run strings on some .sol files, just for fun
Objection is an add-on for Firefox to manage your Flash Cookies (LSOs)
ubun too,
Thanks. I saved that one for when I get my old Panasonic laptop up and running. It will be one or another flavor of Linux. I need to get a CD player that works on a parallel port.
My main computer is running XP with Internet Explorer.
Bob
Bob,
In linux there's a simple way to stop Flash from storing LSOs on your computer. this is the graphical way, good for recent Windows converts to linux …
1. Click Places, then Click Home Folder
2. Click View on the Top menu, and select Show Hidden files
3. Find a directory named .macromedia and RIGHT click it.
4. Select Properties at the bottom of the popup menu.
5. Select Permissions tab.
6. Click the selector for Folder Access, and choose List Files Only
7. Near the bottom, Click on Apply Permissions to enclosed Files
You have just made the .macromedia and all subdirectories and files inside it to READ ONLY, nothing can write there. I have done this on all my linux systems. The only ill effects are that I cannot watch full episodes of The Daily Show, and volume settings are not saved from one youtube video to the next.
Happy blocking!