Slashdot Mirror

← Back to Stories (view on slashdot.org)

Chrome, IE To Allow Users To Delete Flash Cookies

Posted by CmdrTaco on from the different-kind-of-flash dept.

Trailrunner7 writes "The upcoming release of Adobe Flash Player 10.3 will give users of most of the major browsers the ability to delete Flash cookies in much the same way that they're able to erase normal Web cookies, thanks to a better integration with privacy settings in Internet Explorer and Google Chrome. The addition of the ability for users to delete the cookies set by plug-ins and browser add-ons gives them better control of the security and privacy of the content on their machines and is designed to address a serious issue that's been plaguing Flash for some time. Security and privacy experts have warned about the implications of so-called Flash cookies, which are set by Flash and difficult for users to find and delete."

32 of 110 comments (clear)

  1. And what about evercookie? by elucido · · Score: 4, Interesting

    http://en.wikipedia.org/wiki/Evercookie
    http://samy.pl/evercookie/

    Evercookie is unstoppable, irrevocable, undeleteable, and it represents a new trend. When is Google and Microsoft going to do something about this? Or do they and others conspire to use this evil mega cookie to track us?

    1. Re:And what about evercookie? by The+MAZZTer · · Score: 5, Insightful

      File a bug on the Chrome bug tracker. The latest I can find is that Chrome should be erasing it all if you use Incognito, except for the Flash LSO.

    2. Re:And what about evercookie? by icebike · · Score: 4, Insightful

      Or run the browser and all of its minions (including flash) in a sandbox, which allows you to snap shot it at some point in time, and flush that sandbox after each browsing session and restore from the snapshot at the start of each new session.

      As long as every program has access to the Windows Registry, you will have to sandbox that as well, allowing access to a shadow copy.

      But the real problem here is that Joe Sixpack is not in a position to be knowledgeable about all of this. Criminal sanctions against users of Evercookie might keep corporate marketing droids from going down that path, but they won't stop the off-shore porn sites or gambling sites from embedding this type of technology.

      --
      Sig Battery depleted. Reverting to safe mode.
    3. Re:And what about evercookie? by h4rr4r · · Score: 2

      Windows Registry? I can't find one of those on any of my machines. Install browser in chroot, copy to another location. Then copy before version over after version.

      Joe Sixpack is not in a position to be knowledgeable about anything, no need to worry about it.

    4. Re:And what about evercookie? by icebike · · Score: 2

      Joe Sixpack is not in a position to be knowledgeable about anything, no need to worry about it.

      How very magnanimous of you.

      So in your little provincial world, the only people deserving of protection from cookie mining evil corporations and government spies are long practicing linux users? The rest are just cannon fodder?

      I suppose this means the only people deserving of medical privacy are the doctors themselves? The only ones deserving of police protection are the cops themselves?

      --
      Sig Battery depleted. Reverting to safe mode.
    5. Re:And what about evercookie? by Anonymous Coward · · Score: 2, Interesting

      In my tests incognito mode was enough to delete the evercookie. I simply quit the browser and restarted.. it didn't know who I was. Try it here http://samy.pl/evercookie/

    6. Re:And what about evercookie? by h4rr4r · · Score: 2

      Talk about putting words in my mouth.

      Users are not even interested in this, they don't care about their privacy. For a good example of just that go take a look at facebook. No need for anyone to worry about protecting those who do not care to be protected.

      Police protection is a joke. They investigate after, not protect you. The police are 30 minutes away, my own protection is much closer.

    7. Re:And what about evercookie? by causality · · Score: 2

      Joe Sixpack is not in a position to be knowledgeable about anything, no need to worry about it.

      Assuming he's literate, he's in a position that is as good as yours or mine.

      It's merely a question of willingness. I agree there's only so much you can possibly do for someone who won't lift a finger to help himself. That's a character weakness and I wouldn't be doing anyone any favors if I validated it. For that I make no apology.

      It reminds me of that joke: "a 'computer expert' is someone who can read the manual". Most end-user manuals I've seen appear to be targeting about a fifth-grade reading level and assume little or no technical prowess. They often have illustrated, step-by-step directions that don't require you to understand *why* the procedure works. If you expect the average adult to be able to handle that, people will call you a heartless elitist. So be it.

      Though I do find it amusing that those who scream "elitist" et al never seem to comprehend one basic fact: a real elitist would not expect a literate adult to handle such things. A real elitist would assume they're too stupid and could never be expected to inform themselves about relatively easy things.

      --
      It is a miracle that curiosity survives formal education. - Einstein
    8. Re:And what about evercookie? by h4rr4r · · Score: 4, Funny

      Considering the most sold beers in the USA include bud lite and miller lite, I can safely say he knows nothing about beer. He is a connoisseur of beer flavored waters though.

  2. Firefox by just_another_sean · · Score: 5, Informative

    And for Firefox users there is Better Privacy.

    From the Better Privacy site:

    Better Privacy serves to protect against not deletable longterm cookies, a new generation of 'Super-Cookie', which silently conquered the internet. This new cookie generation offers unlimited user tracking to industry and market research. Concerning privacy Flash- and DOM Storage objects are most critical.
    This addon was made to make users aware of those hidden, never expiring objects and to offer an easy way to get rid of them - since browsers are unable to do that for you.

    emphasis mine

    --
    Creationist Textbook Stickers Declared Unconstitutional by CowboyNeal
    1. Re:Firefox by BZ · · Score: 4, Informative

      Actually, Firefox 4 supports this as well, out of the box.

    2. Re:Firefox by Anonymous Coward · · Score: 2, Informative

      Yep. Has existed for several years now, including for older versions of Firefox like FF3.5
      (and maybe 3?)

      The only thing is it had to do it on disc due to lack of an Adobe API.

      However, Better Privacy works even with older versions of Flash, like 10.2 - unlike this new method which requires Adobe's cooperation.

    3. Re:Firefox by Jah-Wren+Ryel · · Score: 3, Interesting

      And for Firefox users there is Better Privacy [mozilla.org].

      Actually, Firefox 4 supports this as well, out of the box.

      FWIW - and it's worth it to me - Better Privacy provides better control in that I can set duration for the cookie. Mine are deleted after 5 minutes of last access. That works for sites like youtube that store the volume setting in the flash cookie, but still gives pretty good protection against flash cookies that might be misused due to lasting until I exit firefox (something I only do once or twice a month).

      --
      When information is power, privacy is freedom.
    4. Re:Firefox by BZ · · Score: 2

      Sure. Better Privacy is nice if you want its features. But it's not strictly necessary to just delete Flash cookies, which is what the article is about.

  3. Works in Firefox 4 as well by BZ · · Score: 5, Informative

    This also works in Firefox 4 last I checked; I'm not sure why the article just talks about Chrome and IE.

    1. Re:Works in Firefox 4 as well by asa · · Score: 4, Informative

      Boris is 100% correct. Mozilla shipped this feature in Firefox 4 and if you have the newest Flash version, it "just works."

      This story's headline is misleading. It should be "IE, Firefox, and Chrome..." because IE shipped it first, Firefox shipped it second, and Chrome just now got around to shipping it.

  4. Only one way to be sure... by Anonymous Coward · · Score: 5, Funny

    In linux just link ~/.macromedia to /dev/null

    It turns out /dev/null is something of a cookie monster.

  5. Flash cookie scourge by hodet · · Score: 2
    "The addition of the ability for users to delete the cookies set by plug-ins and browser add-ons gives them better control of the security and privacy of the content on their machines..."

    because its bad to have all those yourporn and redtube flash cookies on your work computer.

  6. Firefox already allows you to delete Flash cookies by CosaNostra+Pizza+Inc · · Score: 2

    If you have the "BetterPrivacy" addon, you have control over Flash cookies.

  7. Re:Define "Difficult" by beelsebob · · Score: 3

    Yeh you're right, because the average joe blogs on the street wants to understand where Flash puts it's cookies rather than simply selecting the "delete cookies" menu option.

    Oh wait no, that's bollocks ;).

  8. They don't NEED to conspire... by Kamiza+Ikioi · · Score: 2

    It's not unstoppable. I'd mod you up for informative, but you mention that it is so good that it is unstoppable. It is not unstoppable or undelete-able on all browsers. In fact, it can be removed from Chrome. It is therefore, not a limitation of the browser. They don't NEED conspire. Regular cookies rarely get deleted by most users.

    If you are wiping out your cookies and using ad blocking and script blocking software, they already know you are the least likely user to click an ad if you saw one. The only good reason for them to track you is to figure out how to sell you something. If you won't click an ad, you're not likely to buy anything they have to sell, and pretty much ignore you as a consequence of doing business on the Internet.

    If they were conspiring, they'd refuse to allow you to use their sites if you block content, including cookies. They could very simply say, "If no cookie, set cookie. If you still don't have cookie, no content."

    --
    I8-D
    1. Re:They don't NEED to conspire... by Nursie · · Score: 3, Interesting

      Really?

      Because you hear of deliberate violations of do-not-call lists, and everybody likes to make it hard to get off their spamvertising lists.

      It seems like common sense to you and me, but I'm not sure that the unethical marketing people (not all, but the unethical ones) have got there yet. They seem to think it's extra important to annoy the hell out of people who've already decided they don't want to be annoyed.

  9. Re:Evercookie, say hello to volatile storage. by h4rr4r · · Score: 3, Informative

    Hard links do not work across paritions/drives symlinks are what you want.

  10. Flash 10.3 beta helps too by mccalli · · Score: 3, Informative

    The 10.3 beta tells you when a Flash application is trying to write to your local machine. I've been hitting 'Deny' on everything and no ill effects been seen so far.

    Cheers,
    Ian

  11. ability to delete Flash cookies by doperative · · Score: 3, Informative

    Under Linux delete the ~/.macromedia directory ...

    1. Re:ability to delete Flash cookies by Flyers2391 · · Score: 2

      Exactly ... I keep this directory "list only" at all times. Sometimes sites don't work without being able to write there ... most of the time I don't care enough about the video to change rights, but I will if I'm watching The Daily Show or something.

      When I'm done, I clear the directory and re-lock it. I did the same for the ".adobe" directory, not sure if it's necessary

    2. Re:ability to delete Flash cookies by MrL0G1C · · Score: 4, Informative

      ..And for windows users, delete the /macromedia directory! (in ?:\Documents and Settings\UserName\Application Data\) or C:\Users\UserName\AppData\Roaming\

      --
      Waterfox - a Firefox fork with legacy extension support, security updates and better privacy by default.
  12. Damn by Tailhook · · Score: 2

    Widespread use of this will make marketers focus on new tracking techniques. As it is they rely on cookies that are easily eradicated with simple tools, but are usually left alone by users. They don't have to remain that easy to thwart. They won't if all their analysis goes to hell 24h after 10.3 is released and auto-installed everywhere.

    --
    Maw! Fire up the karma burner!
  13. How to delete Flash Cookies by brit74 · · Score: 2

    Hat tip to chrome and IE for making this easier, but for those who don't already know, there is a way to delete flash cookies. Just click the "delete all sites" button after arriving at this webpage: http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html

  14. Re:Why not Safari as well as Chrome? by CyberDragon777 · · Score: 2

    I haven't been able to find an equivalent in Firefox 4's NPAPI documentation, but it may exist. If it doesn't now, it will soon -- it's a really obvious feature to have.

    https://wiki.mozilla.org/NPAPI:ClearSiteData

    https://bugzilla.mozilla.org/show_bug.cgi?id=508167
    Looks like it was added in February.

    https://bugzilla.mozilla.org/show_bug.cgi?id=625496
    And "Clear recent history" will remove the cookies once flash 10.3 is released.

    --
    We both said a lot of things that you are going to regret.
  15. To zap my history on a Mac I use Automator... by atrocious+cowpat · · Score: 2
    ... I created an Automator-Script that moves these files/folders:

    ~/Library/Cookies/Cookies.plist
    ~/Library/Safari/History.plist
    ~/Library/Safari/HistoryIndex.sk
    ~/Library/Safari/LastSession.plist
    ~/Library/Safari/Downloads.plist
    ~/Library/Safari/Databases
    ~/Library/Safari/LocalStorage
    ~/Library/Safari/TopSites.plist
    ~/Library/Safari/WebpageIcons.db
    ~/Library/Preferences/Macromedia/Flash Player
    ~/Library/Caches/com.apple.Safari
    ~/Library/Caches/QuickTime
    ~/Library/Caches/Adobe/Flash Player/AssetCache
    ~/Library/Caches/Metadata/Safari

    ... to the thrash.

    Did I miss anything?

    --
    sig? Oh, that sig...
  16. Resolve the problem at the source by theweatherelectric · · Score: 2

    I avoid the problem to begin with by not installing Flash in the first place. It all depends on your usage patterns, of course, but I find I no longer need Flash. Yes, some websites or specific features of some websites just don't work without Flash but for me these cases are increasingly in the minority.