FTC Is In Talks With Adobe About the 'Flash Problem'

jamie links to news that the FTC is talking with Adobe about persistent Flash cookies. "Flash isn't actually necessary to watch YouTube videos, but the rest of this article is interesting."

What if the local storage is made zero?

[140Mandak262Jamuna]

Flash player settings has an option to set the amount of local storage permitted for the player. What happens if I set that amount to zero and mark it permanent (i.e. check box remember)? Would it remove the ability of the flash player to set cookies?

Re:What if the local storage is made zero?

[characterZer0]

I have read that rm -rf ~/.adobe; mkdir ~/.adobe; chmod 000 ~/.adobe does the trick. Can anybody confirm?

Re:What if the local storage is made zero?

[MobileTatsu-NJG]

No. None of us really uses Linux. We just say that to look cool.

Re:What if the local storage is made zero?

[IrrepressibleMonkey]

Not sure, but experience shows that most Flash sites will stop working when you deny storage rights.

Re:What if the local storage is made zero?

[jawtheshark]

Probably would work... Well, I'd simply do "rm ~/.adobe/*; chmod 500 ~/.adobe/*", which would be shorter and keep read/access rights to said directory.

That said, if Flash expects to be able to write to that directory, it might crash when it tries to utilize it. So it really isn't a foolproof method.

As per this moment, under .adobe in my home directory exists the following structure: "~/.adobe/Flash_Player/AssetCache/VSUUJTSX/". The directory is probably randomly generated just like profile directories in Mozilla (harder to predict in case of a flaw in the plugin/browser). In there are just files with the extensions .swz and .heu and one file called "cacheSize.txt". None of these files seems to be human readable (well, okay cacheSize.txt makes somehow sense). Oddly enough, the oldest file is from 25th September 2010. As I use my browser daily and don't mind youtube or the odd flash game, this is strange indeed. I would nearly say that they stopped using it.

Re:What if the local storage is made zero?

[symbolset]

If the site requires the ability to store flash evercookies as a cost of viewing the site, I'm OK with not being able to see their content. It's too much to pay.

Re:What if the local storage is made zero?

[beakerMeep]

Flash's behavior when disable cookies is really terrible, mostly due to developers that don't care about such a situation. However, this is pretty much the same with any given HTML/javascript web app. From my perspective simply blaming Flash isn't constructive.

The real problem is having multiple locations to store local data and no single place to clear it. I'd say the browsers and W3C should be the solution to this. They should really put their collective foot down and set a standard by which plugins are allowed to store data and integrate with the browser. This would go a long way towards solving a lot of the privacy concerns of Flash and HTML5. There would still be some tricks to identify a user (font list, user agent string, plugin versions, etc) but again the solution is the same.

Re:What if the local storage is made zero?

[WrongSizeGlass]

Just this morning I was using chmad to change some files. Then I was like, "I need to kat these files to my pipe."

Dude, you can't just talk the talk, you gotta type the type.

Re:What if the local storage is made zero?

I actually did this and it does not work. Many sites are broken (hypem.com to name one of them). An alternative that works fine for me, is rm -rf ~/.adobe ~/.macromedia ; ln -s /tmp ~/.adobe ; ln -s /tmp ~/.macromedia. Since /tmp is cleared at every reboot, I get "session" cookies but never persistent ones. Yay.

Re:What if the local storage is made zero?

[littlewink]

I have read that rm -rf ~/.adobe; mkdir ~/.adobe; chmod 000 ~/.adobe does the trick. Can anybody confirm?

That's not enough on Ubuntu: copies of the same "cookies" are kept also in two other directories:

• .macromedia.flashplayer.(macromedia.com).support.flashplayer.sys
• .macromedia.flashplayer.#SharedObjects.xxxxxx

where xxxxxx is a hashed string.

Re:RTFA ??

[larry+bagina]

Simple: this is slashdot and we hate flash and want to eliminate it. Except on the iPhone. We don't use the iPhone and don't know anybody that does, but it needs to support flash for some reason.

Steve may have been right

[alvinrod]

More and more, its looking like Steve Jobs was right (albeit for the wrong reasons) about Flash. HTML 5 is capable of replacing Flash in 95% of cases and in almost all of those cases provides better performance and accessibility. Ending the web's dependence on Flash is a lot like ending dependence on foreign energy.

Re:Steve may have been right

[causality]

Ending the web's dependence on Flash is a lot like ending dependence on foreign energy.

1. It's a really good idea. 2. It's well within our ability to do it. 3. There are a million excuses for why no one is seriously committed to making it happen.

I think you've come up with an excellent analogy.

THIS is a summary?

[Rorschach1]

Seriously, WTF? How about a sentence telling us what the 'flash problem' is, and maybe a bit about WHY the article is interesting?

Re:THIS is a summary?

[Daniel+Dvorkin]

I believe the problem may have something to do with persistent cookies. I'm not sure why I have this impression ... it's just some idea that came to me out of nowhere ... oh, wait, I know where that idea came from! I read the first goddamn sentence of the summary.

Re:THIS is a summary?

[eL-gring0]

From TFA: "While a browser can remove “normal” HTTP cookies, the privacy controls in a web browser like Mozilla Firefox or Microsoft (NSDQ: MSFT) Internet Explorer can’t remove Flash cookies, which can only be removed by using two separate services available on Adobe’s web site."

Also: "At least one browser, Google Chrome, now allows users to control the Flash cookies from within their browser’s privacy controls."

I'm ignorant of other browsers' features, being relatively happy with my Firefox/Adblock/Noscript bubble of sanity, but it seems that Mozilla and other developers might push to clean up after more of their plugins' messes. If the plugin makers don't care, at least Google's team seems to. Why can't Firefox by default? Opera? Even IE? I saw no mention of Silverlight in that blurb, but I imagine it can be used for tracking too. Of course, people would actually have to use Silverlight for that to happen.

Flash

[DaMattster]

Flash has seen its day come and go. With Webm and HTML5, Flash will be killed off!

BetterPrivacy Plugin for Firefox will delete LSO

[Hyperhaplo]

Firefox plugin BetterPrivacy - https://addons.mozilla.org/en-US/firefox/addon/6623/ - will delete LSOs

It can be set up to automatically delete LSO on browser exit; on a timer (every x minutes/hours/days) or manually

It allows you to set a whitelist (protection list).

It doesn't 'solve' the problem; but in the mean time it at least breaks part of the cycle.

Also: Ghostery - https://addons.mozilla.org/en-US/firefox/addon/9609/ - helps to stop the problem in the fire place.

Used with Ad Block Plus - https://addons.mozilla.org/en-US/firefox/addon/1865/ - it makes surfing the web much better.

The Wild West era ended when there was no one left to conflict with.. right?

Re:Flash Problem?

[redJag]

ActionScript isn't like JavaScript? They are both based on ECMA Script, they are very similar as languages.

ECMAScript is the scripting language standardized by Ecma International in the ECMA-262 specification and ISO/IEC 16262. The language is widely used for client-side scripting on the web, in the form of several well-known dialects such as JavaScript, JScript, and ActionScript.

I've (unfortunately) written a lot of both and they are extremely similar to each other. Yes, there are a lot of features inside that bloated Flash runtime, but that doesn't mean ActionScript is not like JavaScript.