Sneaky Bastards


As a rule, I block all cookies except for the sites I manually select, like my banks, etc. So, imagine my surprise when I read this.

You Deleted Your Cookies? Think Again

More than half of the internet’s top websites use a little known capability of Adobe’s Flash plugin to track users and store information about them, but only four of them mention the so-called Flash Cookies in their privacy policies, UC Berkeley researchers reported Monday.

Unlike traditional browser cookies, Flash cookies are relatively unknown to web users, and they are not controlled through the cookie privacy controls in a browser. That means even if a user thinks they have cleared their computer of tracking objects, they most likely have not.

What’s even sneakier?

Several services even use the surreptitious data storage to reinstate traditional cookies that a user deleted, which is called ‘re-spawning’ in homage to video games where zombies come back to life even after being “killed,” the report found. So even if a user gets rid of a website’s tracking cookie, that cookie’s unique ID will be assigned back to a new cookie again using the Flash data as the “backup.”

. . .

Soltani led a summer research team at Berkeley, under the direction of Chris Hoofnagle, the Director of Information Privacy Programs at the Berkeley Center for Law and Technology. The team tested the top 100 sites to see what their privacy policies said, what their tracking technology actually does and what happens if a user blocks the Flash cookie.

The study found that 54 of the top 100 set Flash cookies, which vary from simply setting audio preferences to tracking users by a unique identifier. Wired.com, for instance, placed on this writer’s work computer to set the volume of a video player.

Adobe’s Flash software is installed on an estimate 98 percent of personal computers, and has been a key component in the explosion of online video, powering video players for sites such as YouTube and Hulu.

Websites can store up to 100K of information in the plug-in, 25 times what a browser cookie can hold. Sites like Pandora.com also use Flash’s storage capability to preload portions of songs or videos to ensure smooth playback.

. . .

Where to find these flash cookies:
* Windows: LSO files are stored typically with a “.SOL” extension, within each user’s Application Data directory, under Macromedia\FlashPlayer\#SharedObjects.
* Mac OS X: For Web sites, ~/Library/Preferences/Macromedia/FlashPlayer. For AIR Applications, ~/Library/Preferences/[package name (ID)of your app] and ~/Library/Preferences/Macromedia/FlashPlayer/macromedia.com/Support/flashplayer/sys
* GNU-Linux: ~/.macromedia

See also:
Global Privacy Settings panel
Study: Adobe Flash Cookies Pose Vexing Privacy Questions
Top websites using Flash cookies to track user behavior
Your Rights Online: Adobe Flash Cookies Raising Privacy Questions Again
Web Sites Using Flash Instead of Browser Cookies to Track Your Activity
Flash Cookies explained
Local Shared Object
BCLT – Berkeley Center for Law & Technology

Sure enough, I checked the indicated location and it was lousy with these flash cookie files. I hope they enjoy the recycle bin. In fact, I deleted the whole macromedia directory just to make sure I got them all.

/of course, the directory will reappear as I browse so deleting it is now part of my weekly maintenance/backup routine

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: