—- N.B.
I have made several updates to this post as I have noticed continued interest in it.
There is follow up to this in the comments below for those looking for a way to delete Flash cookies. I’ll be posting an windows bat file to do about the same soon. There is now a link in the sidebar to the right to downloadable versions of the LSO (Flash Cookie) removal scripts one for XP and one for Linux. I have yet to find a functional way to stop the cookies from being set as it seems blocking them seriously messes with some sites functionality.
—
There is another privacy bane on the net. “Flash Cookies”, or technically “local Shared Objects”. There is a good explanation of them on this Blog and also a link to the Adobe Flash Settings Manager which will let you manage them think you are managing them. These “cookies” are not cleared when you clear you browser’s cookies, are not stopped by telling your browser to prevent cookies, are not stopped by normal cookie managers. You currently have to use the Settings manager, or root them out and delete them manually.
you can go to the Settings manager and dong the following:
- Setting the default storage size to 0 (none) on the “Global Storage Settings” tab
- Unchecking “Allow third-parties Flash content to store data on your computer”
- Unchecking “Store common Flash components to reduce download time”
- Check “Never Ask Again” (some sites manage to ignore this.. but see below)
(bare in mind that I am draconian about my privacy, and would rather have things asking me for permission all the time rather then doing things without asking. You can, of course, set things to you own liking.)
– It has been pointed out that the above has little permanent effect as there seems to be little or no enforcement of the above settings and sites go ahead and store LSO’s even with the limit set to 0 –
- Bookmark the settings manager (you’ll want to come back to it now and then)
If a site is annoying about asking for storage go to the Settings manager from a new browser tab or window and use the “Website Storage Settings” tab in the Settings manager to tell the site to never ask again.
You can also use the “Website Storage Settings” to allow sites that you want/need to save data and limit how much they can store.
If ever there was a good reason for using NoScript, (which prevents flash and other things from running without permission) this is one. (of many)
– I strongly recommend the use of NoScript as an increasing number of sites have started using flash “web beacons” to track people (they hide a transparent 1×1 flash object on the webpage just so they can set an LSO (flash cookie) –
Good day, And happy and safe surfing.
![[FSF Associate Member]](http://freemor.files.wordpress.com/2009/07/fsfmemlarge.png)
Identi.ca
Changing settings at the Adobe site does NOT keep Flash Cookies off your hard drive. We’ve told Flash NOT to store cookies repeatedly, but it keeps doing so anyway.
Just do a search for *.sol on your hard drive and you’ll be amazed & chagrined to see all the secret Flash Cookies on your machine.
People should be complaining loudly to Adobe/macromedia and insist that they issue a patch for FlashPlayer that puts ALL AUTHORITY strictly into the hands of the end-user for managing, deleting, and blocking ALL Flash Cookies and doing so PERMANENTLY.
Thanks for listening. Now please contact Adobe and sincerely and fervently request the above changes, for all our sakes. For Adobe to be doing this surreptitious cookieing behind our backs is dishonest and reprehensible. It needs to STOP!
Please also educate all your friends & family about these invasive Flash Cookies. Thanks again.
Comment by Just Me — August 2, 2008 #
Thanks for the info. Did some checking and “Just Me” is correct.. Flash cookies are still getting set. Even when you tell it no, NO, NOOOOOO!!
Linux Users can use the script below to clear out the cookies.
#!/bin/bash#
# remove @%$$#!!!! Flash cookies
echo "blowing away FlashPlayer Settngs and cookies"
rm -R ~/.macromedia/Flash_Player/
This script is a little strong in that it Blows away the flash_player settings too.. but since things are ignoring them anyways..
If you want to just blow away the cookies:
rm -R ~/.macromedia/Flash_Player/#SharedObjectsTo be Really, Really sure:
rm -R ~/.macromedia/If you click through to the Blog I mention that explains the Flash cookies.. there are suggestions in the comment section of how Windows users can delete the cookies.
I tried setting a file #SharedObjects where the folder should be and setting it read only but that caused certain sites to malfunction badly (it did however prevent any cookies being set)
Comment by Freemor — August 2, 2008 #
[...] that I have pointed out to them in the past, is that they insist on using LSO’s (”Flash cookies“) to record a persons log-in state. This is a nightmare from a security standpoint, [...]
Pingback by Will Tokbox survive? « Freemor’s Weblog — September 8, 2008 #
[...] does not store the log-in state in LSO’s in fact their use of LSO’s is [...]
Pingback by SnapYap.com - A quick review « Freemor’s Weblog — September 10, 2008 #
[...] tags, tracking bugs, etc are tiny 1×1 pixel images (gif, jpg, png, tif, etc) (and increasingly Flash objects) that companies put into websites or e-mails to track where, when, and by whom they are viewed. On [...]
Pingback by All About WebBugs « Freemor’s Weblog — October 14, 2008 #
[...] | In Tech | Just a short entry to let people (RSS) know that I’ve made updates to My “Flash ‘Cookies’, a hidden bane” entry and also put a link in the Side Bar to downloadable Flash LSO (cookie) removal [...]
Pingback by Updates…. « Freemor’s Weblog — October 16, 2008 #
Aren’t they total bastards! I have all the browser safety features inc. Firefox with NoScript, TACO, TrackMeNot, Adblock Plus etc., etc. Also a virtual browser. But still they manage to get through to my machine?
All these advertising and marketing jerks are criminals. I fail to understand how all the underhand dealings they do don’t get them in prison. Seriously.
It’s far more than a question of ethics when they go stealing info. and spying on everyone like they do.
Comment by Delta Blue — May 7, 2009 #
Governments are just starting to take a look into this. The Google/DoubleClick merger raised their attention level and the public outcry over the antics of the likes of Phorm and NebuAd also got governments attention. The problem is not enough people bitch to their representative (congresperson, MPP, etc) about it.
For stopping Flash cookies (LSO’s) there is a nice plug-in called Objection. However setting it so it blocks all LSO’s breaks many sites so the current best option is to set Objection to block as much as it can without breakig stuff and then delete the LSO’s regularly. Either with objection, the scripts I provide or something similar.
Comment by Freemor — May 7, 2009 #
Could the reason that insufficient people complain be that they’re just unaware of LSO’s? I’m an average end-user of a PC who has been online for 4 years, but only in the past couple of days have I got to know about them! I discovered the Firefox add-on Better Privacy a couple of days ago, hence…. Thanks for the info. re Objection. I’ll take a look at it.
Comment by Delta Blue — May 7, 2009 #
Could well be.. I am pretty sure that the main reason that Flash is so prevalent today is because of the LSO’s. Certainly there are much better ways to do streaming video, and many other things Flash gets used for. Objection is a great plug-in.. it even lets you examine what is stored in the LSO’s. I have it set to clear the LSO’s when the browser starts.
Comment by Freemor — May 7, 2009 #
I’ve just read the posting about web pixels and am pleased to say I already do most of what’s suggested to avoid them. But this doesn’t alter the outrage I feel that this sort of activity is allowed. Anything like tracking, monitoring, spying, or generally prying, done company to company, would be classed as illegal via “espionage”: done person to person it would be “harrasment” or “stalking”. To say the very least, it’s an anomoly in the law that it’s allowed company to individual. What a sick situation. I absolutely detest all the trades and allied branches of sales, marketing, advertising and promotion etc. I just hope all the various governments of the world unite on this and respect that we are people, not commodities for the jerks to do what they want with. The sooner these activities are outlawed, the better.
Comment by Delta Blue — May 21, 2009 #
Yes it is interesting to see the current double standard. Big companies can have content pulled from the web by simply claiming it violates their copyright/trademark/etc. But the average user is left out in the cold with no legal recourse to defend their right to privacy, and so must do the best they can themselves. This among other reasons is why I feel projects like TOR, NoScript, GNUnet, Ad-Block Plus, Etc. are so important.
Comment by Freemor — May 21, 2009 #
Oh yes! NoScript and AdBlock Plus get 110% from me. They stop so much crap that I couldn’t live without them now. I was an ignoramus who used IE for almost three years before I finally took my nephew’s advice and tried Firefox. No looking back. What a relief to discover the ordinary person can largely determine what they are subjected to. I’ll check out TOR and GNUnet. Thanks for alerting me to them.
Comment by Delta Blue — May 21, 2009 #
There is another addon namely Better Privacy,
does a better job on clearing flash-cookies than Objection, I.M.O:
Comment by checker — May 25, 2009 #
BetterPrivacy is here:
https:||addons.mozilla.org|en-US|firefox|addon|6623
Comment by checker — May 25, 2009 #
Thanks for the info.I’ll be sure to check it out.
Comment by Freemor — May 25, 2009 #
[...] admit it one of the large reasons for Flash adoption is so companies can pollute your system with LSO’s which most people don’t know about or how to get rid of. Because in the eyes of companies [...]
Pingback by Flash reduced diet. « Freemor’s Weblog — May 26, 2009 #