Flash ‘Cookies’, a hidden baneJuly 28, 2008 at 09:57 | Posted in Privacy/Security | 22 Comments
Tags: cookies, flash, local shared objecs, lso, manager, privacy
I have made several updates to this post as I have noticed continued interest in it.
There is follow up to this in the comments below for those looking for a way to delete Flash cookies. I’ll be posting an windows bat file to do about the same soon. There is now a link in the sidebar to the right to downloadable versions of the LSO (Flash Cookie) removal scripts one for XP and one for Linux. I have yet to find a functional way to stop the cookies from being set as it seems blocking them seriously messes with some sites functionality.
There is another privacy bane on the net. “Flash Cookies”, or technically “local Shared Objects”. There is a good explanation of them on this Blog and also a link to the Adobe Flash Settings Manager which will let you manage them think you are managing them. These “cookies” are not cleared when you clear you browser’s cookies, are not stopped by telling your browser to prevent cookies, are not stopped by normal cookie managers. You currently have to use the Settings manager, or root them out and delete them manually.
you can go to the Settings manager and dong the following:
- Setting the default storage size to 0 (none) on the “Global Storage Settings” tab
- Unchecking “Allow third-parties Flash content to store data on your computer”
- Unchecking “Store common Flash components to reduce download time”
- Check “Never Ask Again” (some sites manage to ignore this.. but see below)
(bare in mind that I am draconian about my privacy, and would rather have things asking me for permission all the time rather then doing things without asking. You can, of course, set things to you own liking.)
– It has been pointed out that the above has little permanent effect as there seems to be little or no enforcement of the above settings and sites go ahead and store LSO’s even with the limit set to 0 –
- Bookmark the settings manager (you’ll want to come back to it now and then)
If a site is annoying about asking for storage go to the Settings manager from a new browser tab or window and use the “Website Storage Settings” tab in the Settings manager to tell the site to never ask again.
You can also use the “Website Storage Settings” to allow sites that you want/need to save data and limit how much they can store.
If ever there was a good reason for using NoScript, (which prevents flash and other things from running without permission) this is one. (of many)
– I strongly recommend the use of NoScript as an increasing number of sites have started using flash “web beacons” to track people (they hide a transparent 1×1 flash object on the webpage just so they can set an LSO (flash cookie) –
Good day, And happy and safe surfing.
22 Comments »
Leave a Reply Cancel reply
Proud Free Software Foundation Assoicate Member
Identi.ca - Follow me
- freemor: RT @metztli ⚡@linuxfoundation International Space Station switches from #Windows to !GNU/ !Linux…for improved reliability http://bit.ly/ ... May 11, 2013
- freemor: @ddevine Congrats! A personal mail server is a wonderful thing May 10, 2013
- freemor: .. "well now I'm pissed", user: "Really, why?" May 9, 2013
- freemor: @dmaggot I was worried for your post pissed off state because it seemed imporper user input at that point could cause a recursion. you: .. May 9, 2013
- freemor: @dmaggot Careful it sounds like you might be on the edge of an infinitely recursive loop of "pissed off", better set a break point May 9, 2013
Flash Cookie Removal ScriptsUnfortunately Drop.io is not what they once were and so the scripts are no longer hosted there. I'll find alternate hosting soon.
To be clear. I the author of this blog, in no way, recommend, endorse, or otherwise promote the products and services that may be advertised at the bottom of this blog posting.
I include this disclaimer because these advertisements are inserted by Wordpress.com and are beyond my control. I felt this disclaimer necessary as these advertisements will most likely become contextually targeted as time goes on. I do not wish readers of my blog to confused into thinking that the products or services advertised are suggested or recommended by me, no matter how closely they may be related to the subject of the blog entry.
Tagsblock Blogging canada chat Cloud cookies creative commons download DRM e-toys etoys flash FLOSS free freedom gNewSense google Hardy Hardy Heron howto ISP jaiku Life Linux Music nebuad OLPC open source phorm podcast privacy reduce review revver security site of the week squeak squeakland stop tracking tutorial twitter Ubuntu video XO
Freemor on E-Toys Tutorial 12 – Get… Mike Stramba on E-Toys Tutorial 12 – Get… Mark Szentes-Wanner on About Freemor Frances Druins on Flash ‘Cookies’, a… Freemor on Talkr.im Howto
F.O.S.S I use: