Slashdot Mirror

← Back to Stories (view on slashdot.org)

Adobe Flash Cookies Raising Privacy Questions Again

Posted by kdawson on from the flash-in-the-pan dept.

Nearly a year after we discussed the privacy implications of Flash cookies, they are in the news again as the US government considers revising its cookie policy. Wired covers a study out of UC Berkeley exposing questionable practices used by many of the Internet's most-visited Web sites (abstract). The most questionable activity the report exposes is known as "respawning": after a user has deleted browser tracking cookies, some sites will use information in Flash cookies to recreate them. The report names two companies, Clearspring and QuantCast, whose technologies reinstate cookies for other Web sites. "Federal websites have traditionally been banned from using tracking cookies, despite being common around the web — a situation the Obama administration is proposing to change as part of an attempt to modernize government websites. But the debate shouldn't be about allowing browser cookies or not, according Ashkan Soltani, a UC Berkeley graduate student who helped lead the study. 'If users don't want to be tracked and there is a problem with tracking, then we should regulate tracking, not regulate cookies,' Soltani said."

103 comments

  1. All i can say is by Anonymous Coward · · Score: 0

    Porn mode ftw.

    1. Re:All i can say is by auric_dude · · Score: 5, Informative

      All I can say is BetterPrivacy via https://addons.mozilla.org/en-US/firefox/addon/6623

    2. Re:All i can say is by Dogers · · Score: 4, Informative

      And a way to view what you currently have..
      http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html

      --
      I am a viral sig. Please copy me and help me spread. Thank you.
    3. Re:All i can say is by trifish · · Score: 2, Informative

      Isn't this a way to permanently disable Flash cookies?

      http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager03.html

      Note that this isn't just documentation. If you have Flash installed, the first what looks like a screenshot is actually the Flash config panel.

      Adobe could improve it by adding "Clear all cookies on exit".

    4. Re:All i can say is by mzs · · Score: 1

      For that user using that profile for that browser. Now consider a typical home computer with 2 or three users each with Firefox and IE or Firefox and Safari. Oh and guess where it stores that you do not wish to accept flash cookies?

      Gnash is the solution, just rm -rf the correct dir when you are finished.

    5. Re:All i can say is by florescent_beige · · Score: 3, Informative

      I just started using bp last week and here is something important. The version on the Firefox addon site is not the latest. I got 1.41 at

      http://netticat.ath.cx/BetterPrivacy/BetterPrivacy.htm

      because it added a bit of functionality. Specifically in the way it treats DOM storage.

      DOM storage is not flash cookies (LSOs), it is a separate way sites can store data on your computer I had not heard about. The old version could only disable DS, but now BP can now treat DS like LSOs so it stays on but the data gets deleted on FF shutdown. Some sites like cnn video need DS turned on.

      Also I set it to delete the default LSO. That one stores a list of every flash site you visit. Even if you turn Flash local storage completely off using:

      http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager03.html

      you will see a list of visited sites on the last tab on that control. Deleting the default cookie gets rid of that list.

      --
      Equine Mammals Are Considerably Smaller
    6. Re:All i can say is by Mozk · · Score: 1

      This content requires Flash

      Oh, sure, another website that requires Flash to function! I shouldn't need Flash just to delete my Flash cookies!</sarcasm>

      --
      No existe.
    7. Re:All i can say is by Mozk · · Score: 2, Funny

      Attempting to install the newer version of BetterPrivacy, an addon that protects you from certain types of cookies to maintain privacy:

      Downloads need activated script and cookies!

      Umm...

      --
      No existe.
    8. Re:All i can say is by Philip+K+Dickhead · · Score: 1, Redundant

      BETTER PRIVACY PLUGIN.

      https://addons.mozilla.org/en-US/firefox/addon/6623

      100% compatible with Firefox 3.5*
      Please do not ask me about missing updates here, read FAQ at the bottom of this page.

      Better Privacy serves to protect against not deletable longterm cookies, a new generation of 'Super-Cookie', which silently conquered the internet. This new cookie generation offers unlimited user tracking to industry and market research. Concerning privacy Flash- and DOM Storage objects are most critical.
      This addon was made to make users aware of those hidden, never expiring objects and to offer an easy way to get rid of them - since browsers are unable to do that for you.

      Flash-cookies (Local Shared Objects, LSO) are pieces of information placed on your computer by a Flash plugin. Those Super-Cookies are placed in central system folders and so protected from deletion. They are frequently used like standard browser cookies. Although their thread potential is much higher as of conventional cookies, only few users began to take notice of them. It is of frequent occurrence that -after a time- hundreds of those Flash-cookies reside in special folders. And they won't be deleted - never.

      BetterPrivacy can stop them, . by allowing to silently remove those objects on every browser exit. So this extension becomes sort of "install and forget add-on". Usually automatic deletion is safe (no negative impact on your browsing), especially if the deletion timer is activated. The timer can delay automatic deletion for new or modified Flash-cookies which might be in use. It also allows to delete those objects immediately if desired.

      With BetterPrivacy it is possible to review, protect or delete new Flash-cookies individually. Users who wish to to manage all cookies manually can disable the automatic functions. BetterPrivacy also protects against 'DOM Storage' longterm tracking, a browser feature which has been granted by the major browser manufactures.

      Some flash LSO-cookie properties in short...

      they are never expiring - staying on your computer for an unlimited time.

      by default they offer a storage of 100 KB (compare: Usual cookies 4 KB).

      browsers are not aware of those cookies, LSO's usually cannot be removed by browsers.

      via Flash they can access and store highly specific personal and technical information (system, user name, files,...).

      ability to send the stored information to the appropriate server, without user's permission.

      flash applications do not need to be visible

      there is no easy way to tell which flash-cookie sites are tracking you.

      shared folders allow cross-browser tracking, LSO's work in every flash-enabled application

      the company doesn't provide a user-friendly way to manage LSO's, in fact it's incredible cumbersome.

      many domains and tracking companies make extensive use of flash-cookies.

      These cookies are not harmless.

      IMPORTANT
      IF YOU PERMIT DELETION OF LSO's,
      THEN COOKIE-STORED INFORMATION LIKE
      GAME SETTINGS OR LOGIN DATA (YAHOO SEAL)
      MIGHT BE LOST! MAKE SURE THAT YOU EXCLUDED
      IMPORTANT COOKIES FROM DELETION (SEE FAQ)

      Frequently asked questions (FAQ):
      Please scroll to the bottom of the page.

      Recommended comprehensive Flash cookie article (topic: UC Berkeley research report)
      http://www.wired.com/epicenter/2009/08/you-deleted-your-cookies-think-again/

      Wikipedia LSO information:
      http://en.wikipedia.org/wiki/Local_Shared_Object

      See what Google finds:
      http://google.com/search?q=flash-cookie+super-cookie

      Privacy test:
      http://netticat.ath.cx/extensions.html
      Navigate to BetterPrivacy (right column)

      Note:
      NO

      --
      "Speaking the Truth in times of universal deceit is a revolutionary act." -- George Orwell
    9. Re:All i can say is by NettiCat · · Score: 4, Informative

      The version on the Firefox addon site is not the latest.

      I wish the AMO folks would update BetterPrivacy to the latest version but I cannot do anything to accelerate that procedure. Thanks for your important note, I found it accidently while searching for related websites. NettiCat (author of BetterPrivacy, http://netticat.ath.cx/

    10. Re:All i can say is by florescent_beige · · Score: 1

      Wow, this is an unexpected pleasure. Your addon has really simplified my life (online at least). Thanks!

      --
      Equine Mammals Are Considerably Smaller
    11. Re:All i can say is by guanxi · · Score: 1

      I've used BetterPrivacy for a little while. I'm using the options below, and I've never had a problem with any websites that I could trace to it:
        - Delete Flash cookies on Firefox exit
        - Also delete settings.sol
        - Also delete empty cookie folders
        - Disable DOMStorage
        - Disable Ping Tracking

      When I first ran it, I was surprised to discover Flash cookies from websites I hadn't visited in years. Thanks Netticat!

    12. Re:All i can say is by zobier · · Score: 1

      Yeah, thanks NettiCat. I also like and use your BabelFish addon.

      --
      Me lost me cookie at the disco.
    13. Re:All i can say is by muckracer · · Score: 1

      > The version on the Firefox addon site is not the latest. I got 1.41 at [...]

      The for me most important feature of the new version is the integration of LSO removal in the regular "Clear History when Firefox closes" config options. Simply check it there and LSO's get deleted on browser exit like it should be.

      Speaking of which: FF 3.5+ got rid of the option to show the Clear History window on exit. I liked having it there simply to see it in action and also to override certain defaults when desired. Is there a way to turn it back on?

    14. Re:All i can say is by mcgrew · · Score: 1

      All I can say is I hate Flash anyway. But it's just something I have to put up with if I want to see video. I wish a software company could get big without being evil; disallowing one to get rid of cookies is just pathetically evil.

      Perhaps someone in a country with real privacy laws (not mine unfortunately) could file suit against adobe?

      --
      Free Martian Whores!
    15. Re:All i can say is by Anonymous Coward · · Score: 0

      Yep--gamers back up their .sol files and hack them to skip ahead in games. Lots of YouTubes showing how to do so. One man's poison is another man's tofu.

      Interesting article:

      http://www.foundstone.com/us/resources/whitepapers/ajaxstoragewhitepaper.pdf

      Go PKD!!!!!!!!!!

  2. Piece of cake... by Anonymous Coward · · Score: 1, Interesting

    ln -s /dev/null ~/.macromedia

    1. Re:Piece of cake... by dc29A · · Score: 3, Informative

      Or on Windows, go to 'Document and Settings' (Users on Vista/7 if I am not mistaken), 'Application Data\Macromedia\Flash Player'.

      Remove '#SharedObjects' folder, create a file with same name on it. Remove all security rights on it. Do same with 'macromedia.com' folder.

      Problem solved. To test it, go to Youtube, set your volume to a certain level. Close browser, re-open and see if Youtube maintained the volume level. It shouldn't.

    2. Re:Piece of cake... by Anonymous Coward · · Score: 0

      H:\>ln -s /dev/null ~/.macromedia
      'ln' is not recognized as an internal or external command,
      operable program or batch file.

      =(

    3. Re:Piece of cake... by PReDiToR · · Score: 1

      I think this might be a better solution.

      Although I've had trouble getting it to work properly on a couple of machines, it seems to do what it says on the tin most of the time.

      --

      Do not meddle in the affairs of geeks for they are subtle and quick to anger
    4. Re:Piece of cake... by Anonymous Coward · · Score: 2, Insightful

      See, this is just a downright lie. Making a mediocre cake might be easy, but to make a superb cake requires refined knowledge of baking chemistry and experience. You can't just follow most recipes because they make all measurements by volume when you really should be making them by weight.

    5. Re:Piece of cake... by kitserve · · Score: 1

      Unfortunately, linking to /dev/null makes some sites not work, though I forget which, it's been a while since I tried that method. I ended up setting a daily cron job to delete the .adobe and .macromedia directories from users' home directories. It's not ideal, but it does the trick.

      --
      https://alephnull.uk/
    6. Re:Piece of cake... by hipifreq · · Score: 1

      "Windows cannot find 'ln'. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and the click Search"

      huh... For the MAJORITY of operating systems out there your technique doesn't work

      go figure!

    7. Re:Piece of cake... by mad_robot · · Score: 2, Informative

      Doesn't Adobe's Flash settings widget work in Linux? It seems a bit drastic disabling Flash cookies for the whole internet when you can set preferences individually for each website you visit.

      --
      U1NCaVpYUWdlVzkxSUhkcGMyZ2dlVzkx SUdoaFpHNG5kQ0JpYjNSb1pYSmxaQT09
    8. Re:Piece of cake... by jo42 · · Score: 4, Insightful

      An even better solution is on Adobe's own web site: How to uninstall the Adobe Flash Player plug-in and ActiveX control

    9. Re:Piece of cake... by Anonymous Coward · · Score: 0

      Thanks! I tried a simple search, which oddly enough, does not show them.

    10. Re:Piece of cake... by Anonymous Coward · · Score: 0

      it's for bash, n00b.

    11. Re:Piece of cake... by cheftw · · Score: 1

      It should work in any shell where ln is installed... n00b

      --
      Always back up, never back down. ---- Think you're cool 'cos your uid is prime? Take mine, modulo the one digit integers
    12. Re:Piece of cake... by elashish14 · · Score: 2, Informative

      BAD solution! Some sites will break if you do this and you won't be able to watch videos.

      There are many better solutions. Using an init or crond script is one to remove the directory regularly. Another is to mount ~/.macromedia to /tmp or a ramdisk which is what I do. Those cookies never even get to smell my hard drive and it's not like I'm doing anything better with the RAM.

      --
      I have left slashdot and am now on Soylent News. FUCK YOU DICE.
    13. Re:Piece of cake... by Canazza · · Score: 1

      I've got a batch script for deleting these as part of my development toolset, it wouldn't take too much to set it as a Startup item.

      Stick the following .bat file in C:\Documents and Settings\*USERNAME*\Application Data\Macromedia\Flash Player\ (Windows XP)

      rd /s /q #SharedObjects

      run it whenever you want to delete shared objects

      --
      It pays to be obvious, especially if you have a reputation for being subtle.
    14. Re:Piece of cake... by Anonymous Coward · · Score: 0

      * WHOOOOOSH *

    15. Re:Piece of cake... by Jaseoldboss · · Score: 1

      I've posted a script in my Journal to do this automatically and to use your %appdata% folder without having to change the script for each user.
      I've been running this for several years and never had any problems with it breaking any sites.

  3. Perhaps we should surveil the surveyors... by fuzzyfuzzyfungus · · Score: 4, Interesting

    Spread across a reasonable number of annoyed individuals, paying to have a private investigator tail high level officers and major shareholders of advertising corporations that engage in this sort of thing 24/7/365 would be fairly inexpensive and amusing.

    1. Re:Perhaps we should surveil the surveyors... by johanatan · · Score: 4, Insightful

      I tend to think that it will come to that. In the near future, I expect everyone to record everything. The only question left for courts to decide will be the legitimacy of the material (i.e., whether it is authentic or counterfeit).

    2. Re:Perhaps we should surveil the surveyors... by PetriBORG · · Score: 2, Insightful

      Yeah but in case you hadn't noticed the courts accept a large amount of digital evidence in courts with less then a steller backing, or so it seems to me. As a programmer I know *nothing* on a computer is 100% reliable right down to the CPU microcode (blue pill hacks). It really is turtles all the way down.

      --
      Pete/Petri "damn, my chainsaw is clogged with 1's and 0's again." --clyde
    3. Re:Perhaps we should surveil the surveyors... by spleen_blender · · Score: 1

      Why aren't we doing this!

    4. Re:Perhaps we should surveil the surveyors... by johanatan · · Score: 1

      Yea, but that will surely start to change as controversy arises. Let's say that anyone with knowledge of such (or who has friends with knowledge of such) is involved in a case. Then, these more subtle points will come to light. Really, any case of high enough importance/profile (i.e., with parties of sufficient funding and consequences of sufficient severity) should already raise these questions.

    5. Re:Perhaps we should surveil the surveyors... by Paaskonijn · · Score: 1

      Watch the Watchmen, as it were.

    6. Re:Perhaps we should surveil the surveyors... by SevenHands · · Score: 1

      And who would survey the surveyor's surveyor?

  4. Mmmmm. Adobe COOKIES !! by Anonymous Coward · · Score: 0, Funny

    Droooooollllll!!

  5. Unintended reinterpretation. by girlintraining · · Score: 3, Insightful

    "If users don't want to be tracked and there is a problem with tracking, then we should regulate tracking, not regulate cookies"

    I'm glad we're agreed then. Cookies are used for tracking, so cookies should be regulated. But we won't treat cookies like they're special -- we'll regulate all other forms of tracking as well. That seems fair. In other, unrelated news -- anonymity doesn't exist. Sherlock Holmes may be a fictional character several hundred years dead now, but what he said back then applies today on the internet (which I paraphrase here) "Every place you go, you leave something behind and you take something with you." Tracking, therefore, is just a matter of following the (achem) tracks, and it's something anyone with a bit of skill can do.

    The problem is, we're failing society as professionals in the IT field -- part of our work (which most likely isn't earning you money) is teaching our friends, family, and interested parties about these problems and how to protect themselves from it because nobody else can or will. That's what has allowed this kind of crap to permeate into the mainstream... It wouldn't be tolerated if people knew better.

    --
    #fuckbeta #iamslashdot #dicemustdie
    1. Re:Unintended reinterpretation. by Darkness404 · · Score: 2, Insightful

      We should not regulate tracking cookies for non-government things any more than we are doing now. Its pathetically easy to clear cookies and anyone with a bit of knowledge can even clear these "impossible to remove" Flash cookies. The problem is, if we try to spread this around we end up with these super-paranoid users which honestly are more of a pain to deal with than those who enjoy running IE 6 on an unpatched XP install. Remember when the media did stuff on normal cookies? There were people who thought a cookie, a plain text file contained viruses! All this media paranoia has given rise to people who think that -anything- has viruses, that the .pdf on a trusted site -MUST- have a virus, that Firefox -MUST- be a virus, that anything -MUST- be a virus, and that even though they admit you know more about computers than them, you -MUST- be breaking their computers whenever you navigate to a site other than Google and a handful of others.

      --
      Taxation is legalized theft, no more, no less.
    2. Re:Unintended reinterpretation. by DrEldarion · · Score: 1

      Cookies are used for tracking, so cookies should be regulated.

      Whatever happened to "if it's not the only thing it's used for, we shouldn't treat it like it is"?

      If "p2p is used for piracy, so p2p should be regulated" were ever uttered around here, someone would get shot. Cookies should not be regulated. Cookies themselves are harmless, just like p2p itself is harmless. It's nefarious uses of either that people have problems with.

    3. Re:Unintended reinterpretation. by Synchis · · Score: 3, Insightful

      The problem is, we're failing society as professionals in the IT field -- part of our work (which most likely isn't earning you money) is teaching our friends, family, and interested parties about these problems and how to protect themselves from it because nobody else can or will. That's what has allowed this kind of crap to permeate into the mainstream... It wouldn't be tolerated if people knew better.

      I disagree with this. I've spent a long time in the industry, and am pretty much the only "tech enabled" person in amongst many friends and family. Many of them use the computer recreationally, and without a care as to what harms may become of them. To the layman, the computer is just a tool, and to most of them, there is no perceived risk to themselves. Thus, when I try to inform them of the risks they take, or try to teach them safer browsing habits, good housekeeping, etc. It is often met with indifference, and sometimes hostility. People don't like to be told they are wrong, especially when most people use the computer in the way they think is correct, and in most cases, the only way they know how.

      Many people are intimidated by computers, and to have somebody who is deeply involved in computers try to teach them best-practices, is sometimes insulting.

      So yeah, we may feel we have a responsibility to protect those that know less than us, but in reality, instilling that knowledge is not always easy, practical, or even sometimes possible.

      So no, I don't agree, I don't think we've failed. I think we're doing the best job we know how to do, in the face of at times massive and gross ignorance. Resistance does not mean I've given up. But I have learned over time which people are worth taking the time to teach, and which people are not worth the effort.

      --
      Thomas A. Knight
      Author of The Time Weaver
    4. Re:Unintended reinterpretation. by Anonymous Coward · · Score: 1, Insightful

      What the man means is that you shouldn't regulate the tool but the problem. In other words, if tracking is a problem, make laws/agreements/whatever for those, instead of prohibiting the use of cookies.
      The same anology applies to p2p, terrorism and what-not.

    5. Re:Unintended reinterpretation. by Anonymous Coward · · Score: 1, Insightful

      People don't know better because they don't give a fuck. Try preaching to a layman about GPG sometime. They don't understand key exchange issues, but they understand the purpose of encryption, and their reply is: "I don't care if they are watching me."

      These are the same people who still vote for Republicrats. You keep hitting them over the head with Clinton, Bush (and maybe some day Obama, though I try not to cynically damn him yet), and they keep voting for more. They're lazier than hippies (who will at least protest The Man).

      Lazier than hippies! (Think about that.)

      They can't be saved. They don't want it. They don't care. When people don't care what happens to them, then there isn't really a line between being led to the slaughter, and active suicide. It takes some will to live. Make them fucking show they've got it before you cry over the poor bastards. Because face it: they really are bastards, and they sure wouldn't lift a finger to help you.

    6. Re:Unintended reinterpretation. by causality · · Score: 2, Interesting

      The problem is, we're failing society as professionals in the IT field -- part of our work (which most likely isn't earning you money) is teaching our friends, family, and interested parties about these problems and how to protect themselves from it because nobody else can or will. That's what has allowed this kind of crap to permeate into the mainstream... It wouldn't be tolerated if people knew better.

      I am all for spreading the word and teaching anyone who is willing to learn about these things. It's an important subject and it should be obvious that the current status quo where tracking is commonplace depends entirely on the widespread ignorance that is present. However, this is more like advocacy than prevention and only addresses part of the problem.

      The real problem is that so many users are passive and rather uninvolved in their own experience. It's never good strategy to wait around for somebody else with an altruistic motive to assist you when the needed information is out there and basic literacy is the only requirement for using it. I am not arguing that every average user should become an expert, only that some personal responsibility is in order. Balking at the rather modest reading/research effort that would be necessary to have a solid understanding of the basics is a luxury that you can't afford in the face of active attempts to compromise your privacy. I would compare it to saying that you don't feel like getting up to bar the door when there is an enemy at your gates, and it makes about as much sense (i.e. none) in terms of decision-making.

      Part of the reason why people "don't know better" is that they assume it's someone else's job. At a corporation where you are not a member of the IT staff, indeed it IS someone else's job. At home where you have full control over your LAN and your equipment, it's your job and you can either take care of it or fail to do so. The price for failing to do so is that you get taken advantage of for the sake of some marketer, or worse. If people could understand it that way, in terms of someone trying to screw them over without their consent, they would delight in the knowledge that there is something they can do about it. Suddenly it wouldn't be "boring computer stuff" but would be about personal empowerment. I think clearly showing that it has a price is the best chance to get rid of this willful helplessness. If you really want to see gigantic improvements not just in unethical tracking, but also in malware and botnets and online fraud, what you need are not informed users, but users who are willing to inform themselves. Then the information they need is not some black box bestowed upon them by members of an esoteric priesthood, but would instead become a useful tool that they take into their own hands.

      Perhaps one day we'll have computing appliances that are essentially maintainence-free, so that safely using them requires no more understanding of computing than using your washer/dryer requires an understanding of plumbing and electrical engineering. Right now we don't have that, and I question just how desirable it would be anyway. Computers are not toys or curiosities anymore and haven't been for a long time now. They are increasingly essential to everyday life. Every time you make a financial transaction or surrender personal information, it behooves you to make some effort to have some understanding of what you are doing and how it can be used. Otherwise you are being irresponsible and are failing to protect your interests and there's nothing wrong with saying so. We live now in an age where any literate adult with access to Google can achieve knowledge and understanding that was once the exclusive domain of experts. What we really need is to restore the wonder and sense of empowerment that goes along with this so that people no longer view the most basic research as an unreasonable chore. If that doesn't happen, then this passive victim mentality will cause the average person to be little more than an electronic serf, only it will be a serfdom that they choose because something else was always more important to them.

      --
      It is a miracle that curiosity survives formal education. - Einstein
    7. Re:Unintended reinterpretation. by moderatorrater · · Score: 1

      Cookies are used for tracking, so cookies should be regulated. But we won't treat cookies like they're special -- we'll regulate all other forms of tracking as well.

      No -- just regulate tracking. If you regulate the method, then when a new method comes it's legal. If you just regulate tracking, then you get the same results for all forms.

    8. Re:Unintended reinterpretation. by megamerican · · Score: 1
      We are supposed to be a representative Constitutional Republic which means that we can dictate what the government can and can't do to us. Just because what we do can be easily tracked and traced whether on the Internet or not doesn't mean we should lay back and let them do it. We have the right to tell them to screw themselves.

      If we don't want a corporation to do something we have the power to tell them no by the power of the purse (i.e. don't give them your money) and the power to create voluntary associations opposing them.

      Don't look for the government to ever regulate itself or a corporation successfully. At the end of the day it is up to you and me. People have to become leaders no matter how small a contribution you may make.

      --
      If you have something that you dont want anyone to know, maybe you shouldnt be doing it in the first place -Eric Schmidt
    9. Re:Unintended reinterpretation. by Monkeedude1212 · · Score: 1

      The problem is, we're failing society as professionals in the IT field -- part of our work (which most likely isn't earning you money) is teaching our friends, family, and interested parties about these problems and how to protect themselves from it because nobody else can or will.

      Are you blaming Us or them?

      Because its not that I don't want to teach them. I mean, I'm no different from the next guy, I hate explaining to my mother that what she has is MALWARE and NOT a real antivirus.

      But it's because they don't want to have to worry about it. Most people either want:
      A) An automated Security system set up by a professional which requires the least amount of user interaction possible
      or B) Nothing of the sort to slow down their computer.

      If someone ASKED (and they do on the rare occaison) me how to protect their PC I would show them the routine steps they need to preform weekly. I would teach them how to remove their own Malware. I would explain the simple details so they understand what they're doing, and not just following steps.

      The problem isn't with us, its with them. They just ask us to fix it when it breaks. They ask us to set it up for them so they don't have to worry about it.

      In short, they're asking for fish, not fishing lessons.

    10. Re:Unintended reinterpretation. by Anonymous Coward · · Score: 0

      I agree!

      I'm a computer professional (not an IT expert) that has never heard of LSOs before today and have not gotten far enough along to have found answers all my questions...

      I m looking at all the .sol files onone machine (thanks todc29a). Rather than just blindly delete all of them, I would like to first understand if I would want to keep some. For example, if my bank has a .sol file, do I want to keep that one (yes?) and will it be obviously labeled so that I know it's from my bank (no?). Dunno...

    11. Re:Unintended reinterpretation. by Anonymous Coward · · Score: 0

      Sherlock Holmes may be a fictional character several hundred years dead now, but what he said back then applies today on the internet (which I paraphrase here) "Every place you go, you leave something behind and you take something with you."

      Um, would you believe less than 100 years?

    12. Re:Unintended reinterpretation. by Anonymous Coward · · Score: 1, Insightful

      Yes. People don't care. That is why software/browsers should be secure and ensure privacy without configuration.

  6. No.... by Darkness404 · · Score: 1

    'If users don't want to be tracked and there is a problem with tracking, then we should regulate tracking, not regulate cookies,' Soltani said."

    Really, I can't think of a single good reason for the government to use tracking cookies. There are a few simi-legitimate reasons for third-parties to use tracking cookies, but they should not be regulated. If you don't want cookies either

    A) Configure your browser to reject certain cookies
    B) Clear cookies
    C) Clear your Flash cookies
    D) Write to a few OSS developers and tell them if you want a privacy program, or add on

    Seriously, if people are -that- paranoid they should do the research to figure out how to disable them. If Flash cookies scare them that much, use Flashblock or don't even install Flash.

    The next thing we know the senate will try to pass a bill removing all cookies because those are the things that cause Windows to be slow and spread viruses right? Its just like the '90s, all over again.

    --
    Taxation is legalized theft, no more, no less.
    1. Re:No.... by Anonymous Coward · · Score: 0

      Really, not one good reason? Like the ability to create login sessions that allow both a logout function and the use of the back button? Or login sessions that do not re-submit your password with each new request? Or the ability to remember you search terms if you browse away from the search engine and then back?

      Certainly there's the potential for more nefarious use, and it's worthwhile to offer protections against that, but there are 1001 legitimate uses for sessions tracking, most of which are widely in use on almost every non-government website in the world; the no cookies rule is a result of the original cookies scare from 15 years ago, when you could create global cookies to track every website a user visited, and the rule is just as outdated as the scare.

    2. Re:No.... by causality · · Score: 2, Insightful

      Really, not one good reason? Like the ability to create login sessions that allow both a logout function and the use of the back button? Or login sessions that do not re-submit your password with each new request? Or the ability to remember you search terms if you browse away from the search engine and then back?

      Certainly there's the potential for more nefarious use, and it's worthwhile to offer protections against that, but there are 1001 legitimate uses for sessions tracking, most of which are widely in use on almost every non-government website in the world; the no cookies rule is a result of the original cookies scare from 15 years ago, when you could create global cookies to track every website a user visited, and the rule is just as outdated as the scare.

      True but session cookies can arrange all of that. The case for persistent/permanently stored cookies is much harder to make.

      --
      It is a miracle that curiosity survives formal education. - Einstein
  7. If you are really that concerned... by Anonymous Coward · · Score: 0

    ...on Windows and on Linux (not sure about Mac OS X) Adobe keeps flash data in two directories. Under Linux you'll find them right in your user home directory hidden as ".adobe" and ".macromedia".

    In Windows, you'll find them in the hidden directory "Application Data" in your user directory. They are named "Adobe" and "Macromedia" as well. In Windows 7 (I've been messing around with the RC) you'll find a hidden directory within a hidden directory called "Roaming". I don't know about Windows Vista because I never touched it. This "Roaming" folder should contain the same folders mentioned above.

    In any event, if you are so concerned about this issue: DELETE THESE DIRECTORIES. I would advise to be careful of the "Adobe" directory if you use other Adobe software, as there will be more than just Flash player data. Poke around. It's not hard to spot what needs to go and what needs to stay. I don't use any other Adobe software myself so I just have scripts written up to kill these folders on a timed basis.

  8. MOD +5 this by PetriBORG · · Score: 1

    Thanks for that link, very cool.

    --
    Pete/Petri "damn, my chainsaw is clogged with 1's and 0's again." --clyde
  9. Flash, hosts, javascript, by jginspace · · Score: 1

    Firstly what business have Clearspring and QuantCast doing anything on your machine? Block them in your hosts file.

    Then block Flash for hosts you haven't explicitly allowed.

    Optional third step: Block javascript for hosts you haven't explicitly allowed.

    Finally, not many people know about this, there's a Firefox extension (mentioned in a post above) for deleting Flash cookies every time you close the browser. This should be a standard feature.

    1. Re:Flash, hosts, javascript, by Zerth · · Score: 1

      VirtualBox/vmware + Seamless mode + Revert State on Exit. Take a snapshot just after opening a browser, treat it like the browser alone.

      Every time you close/restart your "browser", you get the ultimate reset button.

  10. Better cookie deleters by dbet · · Score: 1

    There are some Firefox add-ons that supposedly delete these "super" cookies. Here is one example.

    I have no idea how well they actually work.

  11. Yet another reason for flashblock by Eevee · · Score: 1

    Flashblock

    1. Re:Yet another reason for flashblock by jginspace · · Score: 1

      For Flashblock to run you've got to have javascript enabled. Flashblock is of limited use, particularly with the nasty domains mentioned in the summary. Best to not run anything from those domains.

    2. Re:Yet another reason for flashblock by Anonymous Coward · · Score: 2, Informative

      Use Flashblock and NoScript. When you allow scripts on the page, then Flashblock fires up and puts in the place holders.

  12. Flash Website Storage Settings by wile_e8 · · Score: 5, Informative

    Go here to see all the flash cookies and delete any and all you don't want. Might not be as easy as deleting a directory, but I don't necessarily want to delete them all.

    1. Re:Flash Website Storage Settings by Anonymous Coward · · Score: 1, Informative

      This content requires Flash

      Download the free Flash Player now!

    2. Re:Flash Website Storage Settings by John+Hasler · · Score: 1

      > Go here [macromedia.com] to see all the flash cookies... ...that Adobe wants you to see (and that their buggy software can detect).

      --
      Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
  13. Good browsers let the user choose by gurps_npc · · Score: 3, Informative

    In Firefox, the "Better Privacy" addon deletes flash cookies. Any browser that doesn't offer that kind of control is not worth getting. In my opinion, Firefox without "TACO" (auto creates a bunch of "opt out" cookies without any identifing details), "Better Privacy" (removes flash cookies)and "NoScript" (prevents unwanted scripts - including site-jacking stuff), is not fully installed.

    --
    excitingthingstodo.blogspot.com
    1. Re:Good browsers let the user choose by gad_zuki! · · Score: 1

      >Any browser that doesn't offer that kind of control is not worth getting.

      Well, without that add-on Firefox doesnt either. The question here is why doesnt Firefox do this natively?

    2. Re:Good browsers let the user choose by BenoitRen · · Score: 1

      Firefox doesn't do it natively because Flash is a plug-in that has full control. There is no way to stop the placement of Flash cookies. BetterPrivacy is a specific band-aid.

    3. Re:Good browsers let the user choose by gad_zuki! · · Score: 1

      That makes no sense to me. Whatever code that add-on can run, Firefox can run. The firefox maintainers just dont want it.

    4. Re:Good browsers let the user choose by TopSpin · · Score: 2, Insightful

      The question here is why doesnt Firefox do this natively?

      The answer is that the browser is ignorant of what Flash is doing with the hard drive. HTML cookies and Flash cookies (LSOs) are not related. Firefox is not aware of and has no mechanism to control what Flash does with your disk.

      Flash Player (for Mozilla/Firefox) is based on the ancient and crufty NPAPI. This interface provides no generic "clear your temporary crap" hook for the host (browser.) It should; it's 2009 and this browser thing has been going on for 15 years now...

      IE 7 has a feature in "Delete Browsing History" that prompts the user to delete "files and settings stored by add-ons." I've never confirmed whether this means "flash cookies" (because I don't rely on IE for anything...) but that is what is implied, so this isn't some novel idea unheard of in the traditions of the Internets.

      Dear Mozilla,
          It is incumbent upon you as the present keeper of the NPAPI specification, such as it is, to extend said specification to provide a generic mechanism to monitor and control any and all storage utilized by third party plug-ins, and then encourage third parties (nasty warnings on plug-in invocation would work...) to adopt this extension. Please do so THIS decade. Do not continue to delay the obvious because NPAPI is an unholy mess; privacy trumps engineering elegance.
      Thanks!

      --
      Lurking at the bottom of the gravity well, getting old
    5. Re:Good browsers let the user choose by Anonymous Coward · · Score: 0

      Then maybe you should read it again until it makes sense.

      Flash is a third-party plug in that is not affiliated or related to Firefox in any way, shape, or form; so Firefox has no responsibility for, nor any business trying to clean up after Flash.

    6. Re:Good browsers let the user choose by BenoitRen · · Score: 1

      Once you add code for a specific plug-in to clean up its mess, the foot is in the door, and then you'd have to do it for others too (eg Silverlight).

  14. Erase them with BleachBit by Anonymous Coward · · Score: 0

    BleachBit is an open source cleaner for Linux and Windows. It cleans Flash cookies and 50 other items.

  15. I use R-wipe to delete flash cookies/etc. by dicobalt · · Score: 0

    Got it scheduled to run periodically and it never causes a problem. Of course I also use ABP and Noscript so most the flash objects I do get are ones that are safe anyway. For those interested Flash stores it's crap in: C:\Users\nicon\AppData\Roaming\Macromedia\Flash Player\#SharedObjects Probably somewhat similar on other OS' user home directories as well.

  16. Adobe needs a new CEO. by Anonymous Coward · · Score: 1, Interesting

    Thanks for the link! Note: That does not clean multiple installations of Opera, or clean other browsers.

    Adobe has become an evil, badly managed company, in my opinion. Buy Creative Suite, and the new DVD requires a download of more than 300 Megabytes to bring it up to date.

    1. Re:Adobe needs a new CEO. by muckracer · · Score: 1

      > Thanks for the link! Note: That does not clean multiple installations of Opera, or clean other browsers.

      Agreed...great extension but limited. What we need is something like CCleaner for Linux. Anything out there like that?

    2. Re:Adobe needs a new CEO. by muckracer · · Score: 2, Informative

      Actually found one:

      Bleachbit - http://bleachbit-project.appspot.com/

      Open-Source and for Linux and Windows.

      Still would love to find a command-line version of something like it to run on shutdown and/or from cron.

  17. View/delete your flash cookies by Derrikex · · Score: 1

    You can view/delete your flash cookies here: http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html

    There's also a firefox plug-in: http://objection.mozdev.org/

    I agree, regular tracking regardless of the technology used.

    1. Re:View/delete your flash cookies by j-stroy · · Score: 1

      MOD PARENT UP. THANK YOU SO MUCH!!! There are several tabs which have essential settings.

  18. Why can't they be blocked easily? by Nom+du+Keyboard · · Score: 1

    Why can't the cookie blocker and/or cookie cleaner take these out as well? This is presented that only some arcane going to the Adobe website can deal with them. Why are they so hard to kill otherwise?

    --
    "It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
    1. Re:Why can't they be blocked easily? by zuperduperman · · Score: 1

      Because Flash is a giant security hole that does an end run around the browser and stores it's own cookies completely separately. Your browser has no better idea of what flash cookies you are storing than it does what word processor documents you saved last week.

      The security settings on Flash are simply obnoxious - changing them in any permanent manner is tedious, fragile and difficult. It's the main reason I have no flash plugin in my default browser (if I want to use flash I open the page in a different browser which I use only for that stuff).

    2. Re:Why can't they be blocked easily? by Kalriath · · Score: 1

      Personally, I use 64 bit IE. Not only do I not have Flash installed in the browser, the browser isn't capable of running 99% of malware (because who compiles their "toolbars" in 64 bit?)

      --
      For a site about things like basic rights, Slashdot users sure do like to censor "dissent".
  19. Appears CCleaner will remove these Flash cookies by Anonymous Coward · · Score: 0

    I tried the "Better Privace" addon to see which flash cookies I have and was surprised to see very few (gmail mainly). When running CCleaner, even these were removed (only the Adobe Flash settings were left).
    http://www.ccleaner.com/

  20. Clearspring-quantcast ips for hosts file by Anonymous Coward · · Score: 0

    Anyone have an up-to-date list of the clearspring and quantcast ip addresses so we can 127.0.0.l them in our hosts file as an added protection measure besides the other solutions listed here? Thanks!

  21. LocalStorage by Anonymous Coward · · Score: 0

    ... is also going to become another thing people will need to watch out for.
    Any old site can use up to 5MB (10MB in IE) of space on your HDD for whatever the hell they want, really. (i think these were the numbers, it is what i read the other day there when looking up some stuff)

    Although i'm not sure if a site has to be given permission beforehand, like how Gears asks for permission for sites to use it.
    I would surely hope that this was a consideration for the spec, but i haven't gotten around to reading the full HTML5 spec yet. (might do that tomorrow actually)
    I just hope they don't bullshit around with "only allow a site to host X bytes of storage" like in Flash, it is bad enough there is a difference between The Good Group and the Hell-spawn itself AKA Internet Explorer.

  22. /dev/null by dtschmitz · · Score: 3, Informative

    What I do: #remove the existing macromedia directory and set a link to /dev/null
    $cd && rm -rf .macromedia && ln -s /dev/null .macromedia
    Be Safe!

    Dietrich T. Schmitz & Associates
    Cloud Computing Services

    1. Re:/dev/null by Anonymous Coward · · Score: 0

      Please keep your pagerank spam out of here. Thank you.

  23. If they've got nothing to hide they can't complain by Anonymous Coward · · Score: 0

    Spread across a reasonable number of annoyed individuals, paying to have a private investigator tail high level officers and major shareholders of advertising corporations that engage in this sort of thing 24/7/365 would be fairly inexpensive and amusing.

    I'm in. Where's the paypal button?

  24. For GirlInTraining by Anonymous Coward · · Score: 0

    Just curious, do you ever actually read any responses to your posts? Or are you just another drive-by poster who has no intention of actually participating in anything resembling conversation? Seems like the latter case describes you. A lot of users identifying themselves as female seem to think that's a really cool thing to do. All it really means is that anyone with some sense won't bother reading or replying to anything you post.

    1. Re:For GirlInTraining by Anonymous Coward · · Score: 0

      FYI: GirlInTraining is in training to become a girl (this is easily verified by reading his/her posting history).

    2. Re:For GirlInTraining by girlintraining · · Score: 0

      FYI: Girlintraining is a lesbian. -_-

      --
      #fuckbeta #iamslashdot #dicemustdie
    3. Re:For GirlInTraining by Anonymous Coward · · Score: 0

      your sexual orientation is your personal business and does not interest me at all. sorry to burst your bubble on that one as i am sure it's most fascinating to people you actually do know and probably provides you a nice source of free attention whenever you run low. it does interest me whether you actually intend to follow-up when i reply to you since that's much more relevant to slashdot and whether it's worth my time to respond to you. i only mentioned that you were female because the fact that you do something aloof/nonsensical like this is one of the strongest reasons why i believe you really are a woman and not just a guy pretending. anyway i'll probably ignore your posts in the future as you don't seem to value the two-way nature of posting here. maybe TV would be more to your liking?

  25. forget the cookies, what I want to know is why by fast+turtle · · Score: 2, Insightful

    flash wants to grant access to my mic and camera to every damn website in the fucking world? Shouldn't it be denied by default and ask the user before granting that permission? To me this would certainly cut down on some of the flash vulnerabilities because now it's accessing other subsystems such as the MS Speech setup.

    --
    Mod me up/Mod me down: I wont frown as I've no crown
  26. To any moron who would say 'regulation is bad' by unity100 · · Score: 1

    i would like to remind that ANY kind of law is a regulation. including the laws that ban and punish murder, including the laws that prevents people from funding private armies, or cutting other people's heads.

    if you dont oppose such laws, you shouldnt oppose proper regulations.

    and no. there are no differences in between 'regulation' and 'laws'. that's some delusion that hordes of republicans have created in america through endless yelping.

    --
    Read radical news here
  27. Confusion at Adobe? Bad management? by Futurepower(R) · · Score: 1

    There is more than one URL: Adobe's Flash settings widget. You have settings_manager03.html. Adobe has been recommending settings_manager07.html.

    The Flash updating tool is very buggy. It may update only your installation of Opera, instead of Opera and Firefox. If you have multiple installations of Opera, it will update only one of them.

    In Windows, it is necessary to use the Replace.exe command to replace all instances of flashplayer.xpt, NPSWF32.dll, and NPSWF32_FlashUtil.exe. The latest version of the files is located at C:\WINDOWS\system32\Macromed\Flash after updating one installation of one browser.

    1. Re:Confusion at Adobe? Bad management? by mad_robot · · Score: 1

      The different URLs (containing the numbers 02, 03, 04, 06 and 07) are just part of the same widget. Click the tabs at the top to access them.

      (Incidentally, there's another one at settings_manager05.html that doesn't appear to be accessible by clicking the tabs.)

      --
      U1NCaVpYUWdlVzkxSUhkcGMyZ2dlVzkx SUdoaFpHNG5kQ0JpYjNSb1pYSmxaQT09
  28. Good article, thanks! by LaraineMae · · Score: 1

    Read the article and all the comments, installed BetterPrivacy and it works great. Using the default configuration, it deleted 140 Flash Cookies/LSOs. No problems with any of the sites I normally use. I also use Flashblock, Ghostery, and NoScript.

  29. Sort of the opposite of the movie "Truman" by Anonymous Coward · · Score: 0

    Great suggestion. Hell, I'd pay money to watch something like that.

    And I'm not the only one. Remember Michael Moore's movie "Roger & Me" when he tailed people like the head of General Motors, and ridiculed rich folks like Bob Eubanks filming him living high on the hog at parties that actually degradingly hired people to stand still as human statues so as to entertain the party guests at a time when the city of Flint, Michigan was falling apart?

    Millions of people paid money to watch that movie and see the lens turn for once.

    http://en.wikipedia.org/wiki/Roger_&_Me

  30. Bad management policy by Futurepower(R) · · Score: 1

    Consider the effect of that, which is to cause people to have even less confidence in Adobe.