Slashdot Mirror

← Back to Stories (view on slashdot.org)

Flash Cookies, a Little-Known Privacy Threat

Posted by kdawson on from the flashblock-considered-mandatory dept.

Wiini recommends a blog posting exploring Flash cookies, a little-known threat to privacy, and how you can get control of them. 98% of browsers have Macromedia Flash Player installed, and the cookies it enables have some interesting properties. They have no expiration date; they store 100 KB of data by default, with an unlimited maximum; they can't be deleted by your browser; and they send previous visit information and history, by default, without your permission. I was amazed at some of the sites, not visited in a year or more, that still had Flash cookies on my machine. Here's the user-unfriendly GUI for deleting them, one at a time, each one requiring confirmation.

6 of 225 comments (clear)

  1. And this ... by gstoddart · · Score: 4, Insightful

    This is why I don't install flash on my machines.

    Way too much junk and irritating sites. A site which requires flash will be left and promptly forgotten about. If you can't provide an interface to your site without Flash, I don't care what your site has in it.

    Cheers

    --
    Lost at C:>. Found at C.
    1. Re:And this ... by Danny+Rathjens · · Score: 4, Insightful

      Imagine if people said the same thing about windows and gave up on linux. We can do much better than proprietary junk like flash.

    2. Re:And this ... by Hatta · · Score: 5, Insightful

      Why should we all accept a technology that is almost always used inappropriately? It's not being a luddite to expect people to use the right tool for the job. Flash is a technology that's good for vector animations. Stuff like homestar runner benefit from using flash, and nobody is going to complain that such a site uses flash.

      But what about all the websites that use flash based navigation? Does flash do anything that they can't do with html/javascript? No. Then what's the point? It's not progress if it doesn't enable you to do anything new. It's just dumb.

      And then there's sites like YouTube which use flash to serve up videos. I mean, come on. Embedding a video file in a flash application makes about as much sense as embedding an image in flash. The right thing to do is to send the video over http, and let the browser decide what to do with it. Just like we do with .jpg, .pdf, .mp3, and everything else on the internet.

      So don't give me this bullshit about flash haters being anti-progress, because there's really very little that flash actually does that anyone actually needs. It's almost always the wrong tool for the job.

      p.s. pine still works great, what's your problem with it?

      --
      Give me Classic Slashdot or give me death!
  2. Re:To remove flash cache on Linux by Khopesh · · Score: 3, Insightful

    srm and shred aren't assured security if you're on a journaled filesystem. More importantly, if the Flash application is rooting through your filesystem looking for deleted data, "secure deletion" should be applied to Flash itself, not just its cache. That would be outrageous.

    My point is that you're merely trying to delete cookies to prevent user tracking. Secure deletion on your physical disk is not needed unless you're looking at a very special kind of content. ... Using srm or shred here would be like running your newspaper through the shredder because you never know who might be looking for the smudge marks that indicate what you actually read.

    --
    Use my userscript to add story images to Slashdot. There's no going back.
  3. Re:And this ... *crap is technology agnostic* by mb1 · · Score: 4, Insightful

    ffs, there are plenty of irritating html sites as well...

    I'm over this repetitive anti-flash argument. (Honesty disclaimer, yes, I develop quite a bit in flash. No, not banner ads, and no, not fully-flash online banking applications either.)

    flash != junk
    people making junk with flash == junk

    (and you can replace 'flash' with plenty of other technologies as well - regexp not supplied.)

    If you don't install flash then that's fine and it's your choice, but you can't blame adobe or flash for webcrap. Blame the mofo's making the junk. Same applies for html+javascript badness - you don't blame the w3c and javascript interpreter writers... (or maybe you do, I don't know.)

    If you don't want advertising, adblock/whatever the sites hosting it. If you don't like sites that are full of rubbish made in flash, simply don't visit them again etc. If they're pushing what you don't want then why are you there? If they're pushing what you want in a format you don't like then consider letting them know.

    Sites that want to deliver rich media experiences, (increasingly) cross-platform interactive experiences, games, video, etc. will continue to use software like flash to deliver their products, messages and services until something better comes along. I don't know much about silverlight, but most articles I've read on slashdot don't exactly endorse it. Anyway, something better will come along and developers will be all over it, web standards or not unfortunately.

    And yes, sure, you can jump up and down and complain that your favourite cross-browser javascript api+libraries can deliver what flash can, but currently that's not true in some or even a lot of situations, depending on what you're building. I accept that this statement is pretty broad, everything looks like a hammer or a nail or whatever analogy you prefer...

    So, fitness for purpose. I'm sure most of us wish that more developers (ourselves included) used technologies appropriately, but not everyone has the same skills, audience, timeframes, etc. and certainly never the same morals.

    Webcrap will continue to be made, no doubt - but I guess my point is that crap is technology agnostic.

  4. Re:Old News by NickFortune · · Score: 3, Insightful

    My question has always been, are cookies even really that bad?

    That depends on the level of privacy to which you aspire, online. As far as I'm concerned, my business is my business. Of course, if you're happy living your online existence in a goldfish bowl, that's different.

    And who actually has time to poll through all that user data?

    Data mining programs do. Then people get to see whatever the programs flag up.

    So, let's just say that someone is using a shared object to store browsing history. So what? Unless my church saw that after I went to their website I visited some girl-on-girl site (or vice versa), I really don't care.

    Well, all that data goes into databases, and the data gets leaked and sold and demanded by the government, and burned to CD-Rom which then gets lost... and on the way ends up being amalgamated with with other databases. It's already possible to uncomfortably detailed profiles of people using only Google. That's without mining someone's clickstream over a year or so.

    Maybe you don't care who's looking over your metaphorical shoulder as you surf; I accept that many people do not. Nevertheless, for what I suspect are the majority of surfers, there's a definite issue here.

    --
    Don't let THEM immanentize the Eschaton!