×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Flash Cookies, a Little-Known Privacy Threat

kdawson posted more than 5 years ago | from the flashblock-considered-mandatory dept.

Privacy 225

Wiini recommends a blog posting exploring Flash cookies, a little-known threat to privacy, and how you can get control of them. 98% of browsers have Macromedia Flash Player installed, and the cookies it enables have some interesting properties. They have no expiration date; they store 100 KB of data by default, with an unlimited maximum; they can't be deleted by your browser; and they send previous visit information and history, by default, without your permission. I was amazed at some of the sites, not visited in a year or more, that still had Flash cookies on my machine. Here's the user-unfriendly GUI for deleting them, one at a time, each one requiring confirmation.

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

225 comments

Old News (5, Informative)

AKAImBatman (238306) | more than 5 years ago | (#25372427)

1. Flash supports local shared objects, not "cookies". Cookies are submitted back to the server. Shared Objects are bits of storage available to movies from a particular domain. They must explicitly submit the information back to cause an information leak.

2. Using shared objects to save browsing history is dumb. If you wanted to do evil Flash tracking, use a unique id that you can look up on the server side.

3. You can delete and/or restrict the contents from inside a Flash movie. Use the right-click menu in Flash to access settings and set the storage level to 0 bytes. That will wipe everything out. It will also force Flash to prompt you every time it wishes to save something to disk.

4. This was added in Flash 6, which was released back in 2002. Since then, it has been used by a variety of Flash applications. Many of which you probably use every day. From saving your progress in your favorite Flash game to remembering the volume settings in that Youtube video, Local Shared Objects have been shown to be a valuable feature.

5. If you're worried about this, just wait until you guys see the Storage APIs [whatwg.org] in HTML5. You're going to freak.

Re:Old News (0, Offtopic)

m3j00 (606453) | more than 5 years ago | (#25372499)

Now that's a good frist prose!

Re:Old News (2, Interesting)

Ethanol-fueled (1125189) | more than 5 years ago | (#25372575)

From TFS:

Here's the user-unfriendly GUI for deleting them, one at a time, each one requiring confirmation.

Sounds a little ungrateful considering that many, many people didn't know about this and are now provided and easy way to view and delete these objects without rummaging through menus and settings. If you hate Flash that much then don't use it!

Re:Old News (2, Interesting)

BorgAssimilator (1167391) | more than 5 years ago | (#25372821)

Sounds a little ungrateful considering that many, many people didn't know about this and are now provided and easy way to view and delete these objects without rummaging through menus and settings. If you hate Flash that much then don't use it!

/agree

The "Delete all sites" button seemed to have worked pretty well too. The only thing is that I thought it was an image until I read the text under it stating that it wasn't, which is probably why the explanation was put there.

Re:Old News (1)

CrackerJackz (152930) | more than 5 years ago | (#25373547)

I'm not sure if they have updated the site or not, but I have a 'Delete All' button that quite nicely cleaned the list up with only two clicks ...

Re:Old News (5, Informative)

Sensible Clod (771142) | more than 5 years ago | (#25372625)

There used to be a Firefox extension for Local Shared Objects, called Objection [mozdev.org] , and I used it back then, but it's not compatible with Firefox 3.

Re:Old News (1)

TheGatesofBill (637809) | more than 5 years ago | (#25373689)

Seems like it is compatible with FF3. From their changelog: "0.3.0 bumped to run under FF3, fully tested so no problems with the bump"

Re:Old News (5, Informative)

Screaming Cactus (1230848) | more than 5 years ago | (#25374347)

There is a FF extension called Distrust, which deletes your "Flash Cookies" on exit ... I assume they're talking about the same thing here. It works with 3.

Re:Old News (-1)

ClickWir (166927) | more than 5 years ago | (#25372635)

"You can delete and/or restrict the contents from inside a Flash movie. Use the right-click menu in Flash to access settings and set the storage level to 0 bytes. That will wipe everything out. It will also force Flash to prompt you every time it wishes to save something to disk."

And since 2002 it hasn't worked. I have tried to set that setting ever since every few months, hoping they fixed it. Every time I go back in there, it's filled up again and not on the setting I choose. I really wish Adobe would give users more control and make it work. Make it actually save my settings, that's ok, because I don't want anything else saved.

Welcome (2, Interesting)

dolo666 (195584) | more than 5 years ago | (#25372647)

My specific comment to this news article and your response is that third party objects always reduce security as they increase features and that is a constant and yes that is not new.

A slight side-note...

You must be new here. Welcome to Slashdot.org where you can get news of many varieties. Some is stale dated, some is duplicated but it's all kinda interesting to talk about and that is why most of us like it here.

Because even if the news is old, the discussion at Slashdot is always new! (well at least the higher rated discussions)

Re:Welcome (5, Funny)

AKAImBatman (238306) | more than 5 years ago | (#25372715)

If you think I'm new here, you must be new here... ;-)

Re:Welcome (1)

cyber-vandal (148830) | more than 5 years ago | (#25372931)

Are you the same guy that used to drive Linux nerds mad on Linuxtoday or some site like that by sticking up for Windows and knocking Linux around 1999 / 2000 time?

Re:Old News (1)

bill_mcgonigle (4333) | more than 5 years ago | (#25372683)

All true.

It will also force Flash to prompt you every time it wishes to save something to disk.

Any idea why mine does it a dozen times for each request?

Re:Old News (0)

Anonymous Coward | more than 5 years ago | (#25373385)

Any idea why mine does it a dozen times for each request?

Because God hates you. Sorry, I couldn't resist.

Re:Old News (5, Informative)

Anonymous Coward | more than 5 years ago | (#25372723)

1. Flash supports local shared objects, not "cookies". Cookies are submitted back to the server. Shared Objects are bits of storage available to movies from a particular domain. They must explicitly submit the information back to cause an information leak.

2. Using shared objects to save browsing history is dumb. If you wanted to do evil Flash tracking, use a unique id that you can look up on the server side.

3. You can delete and/or restrict the contents from inside a Flash movie. Use the right-click menu in Flash to access settings and set the storage level to 0 bytes. That will wipe everything out. It will also force Flash to prompt you every time it wishes to save something to disk.

4. This was added in Flash 6, which was released back in 2002. Since then, it has been used by a variety of Flash applications. Many of which you probably use every day. From saving your progress in your favorite Flash game to remembering the volume settings in that Youtube video, Local Shared Objects have been shown to be a valuable feature.

5. If you're worried about this, just wait until you guys see the Storage APIs [whatwg.org] in HTML5. You're going to freak.

A bit more information...

1 - Flash can store, by default, 100 kb of any datatype in the SharedObject class. They could easily emulate a browser cookie cache. This is effective because 99% of people don't even have a clue the cookies are there, and no adware-sniffing program I've seen yet even looks at sharedobject data. This is a VERY effective way of sneaking a cookie (and/or other data) into a permanent spot on a user's machine.

2 - There is no point here: The sharedobject interface can easily store a cookie, and even if it didn't, it could probably safely store or backup more information based on the ignorance of the average user.

3 - This is true. You can delete sharedobjects as long as you have a move clip visible you can click on. However, many sites have hidden flash elements that cannot be seen or clicked on. These sites can set data.

4 - Sure they are useful, but the can and are misued. Best to be informed. Fortunately, you can find the storedobject data in "C:\Documents and Settings\\Application Data\Macromedia\Flash Player\#SharedObjects". Each site that stores data is found in a subdirectory bearing that site's name. You can pick and choose which sharedobjects to keep.

5 - Indeed.

Re:Old News (3, Interesting)

TubeSteak (669689) | more than 5 years ago | (#25374485)

4 - Sure they are useful, but the can and are misued. Best to be informed. Fortunately, you can find the storedobject data in "C:\Documents and Settings\\Application Data\Macromedia\Flash Player\#SharedObjects". Each site that stores data is found in a subdirectory bearing that site's name. You can pick and choose which sharedobjects to keep.

One of the things I discovered a long time ago is that emptying a #SharedObjects subdirectory and setting it to read-only does not work.

Now I just go through every once in a while and clear out the whole thing.

Re:Old News (2)

coolsnowmen (695297) | more than 5 years ago | (#25374565)

3 - This is true. You can delete sharedobjects as long as you have a move clip visible you can click on. However, many sites have hidden flash elements that cannot be seen or clicked on. These sites can set data.

Flashblock [mozdev.org]

Re:Old News (2, Insightful)

gravis777 (123605) | more than 5 years ago | (#25373967)

My question has always been, are cookies even really that bad? This may just be me, but I am not that concerned - unless a cookie for one site is actually tracking what I am DOING on another site - ie if Slashdot suddenly started tracking what I was doing at my bank. I may be totally ignorant here, but I did not think cookies worked that way. And who actually has time to poll through all that user data? I have a low-traffic website, and just for grins, I will go in sometimes and look at the server logs, but most of these is just kind of curiosity over what countries are visiting me. Sometimes I will look at the terms people typed into search engines to find me (this is not a cookie, just standard Apachee server logs), but that is about it. I do not have the time, nor the desire to look at mroe than that. In fact, I usually do nt have the time to look at even that.

So, let's just say that someone is using a shared object to store browsing history. So what? Unless my church saw that after I went to their website I visited some girl-on-girl site (or vice versa), I really don't care. Of course, it could just be me being ignorant, but cookies are not what I am worried about. I am worried about other people going to Smiley Central or Living Screensavers or Coupon Toolbar or something than about cookies.

Privacy mode bunk now? (1)

elashish14 (1302231) | more than 5 years ago | (#25372595)

So much for 'privacy mode' browsing. Then again, who needs flash when you're in privacy mode, right?

Duh department (1)

Gothmolly (148874) | more than 5 years ago | (#25372607)

This is super old news, yet another reason for Flashblock.

Re:Duh department (1, Insightful)

Gewalt (1200451) | more than 5 years ago | (#25373089)

Flashblock does not prevent loading of flash programs. All it does is hide them from view (and sound). Use NoScript instead. Block all 3rd party scripts and enable all 1st party scripts.

Re:Duh department (3, Informative)

GuldKalle (1065310) | more than 5 years ago | (#25373899)

Can you point to a source, please?
Because the front page of FlashBlocks site [mozdev.org] says something different:

Flashblock is an extension for the Mozilla, Firefox, and Netscape browsers that takes a pessimistic approach to dealing with Macromedia Flash content on a webpage and blocks ALL Flash content from loading. It then leaves placeholders on the webpage that allow you to click to download and then view the Flash content.

(Emphasis taken from source)

Don't allow sites to store stuff on your machine. (5, Interesting)

apathy maybe (922212) | more than 5 years ago | (#25372609)

I don't allow any site to store any information on my machine, except when it is beneficial to me. That means, Slashdot can store cookies (session only), RevLeft can store cookies for ever, and various email places can store session only cookies.

However, every other site is blocked by default (Firefox plugin called CookieSafe). With Flash, yes I'm using Macromedia's shit plugin, but even then the default (and I'm not going to change it) is to not allow any site to save any information.

Of course, I also use NoScript and AdBlock... Yada yada.

I'm on the web for my benefit, not for the benefit of advertisers and other scum.

I've also heard about a trick to delete the folder where the Macromedia plugin stores the stuff and replace it with a read only blank file of the same name. Look into that if you don't trust Adobe as far as you can kick them...

Re:Don't allow sites to store stuff on your machin (3, Interesting)

apathy maybe (922212) | more than 5 years ago | (#25372711)

And a quick follow up to that post. What happens if I hit a site that requires cookies (for no apparent reason)? I leave. The most common website is lyrics websites, and considering the number of them there are, I don't care if I miss out on one more.

The same with JavaScript, there are only a few websites that I've enabled JS by default (Slashdot is one). But for all the rest, unless they have an obvious use for it (and can't provide alternative content), I leave if it's required.

Screw them. I've got better things to do with my time then fuck around with websites that can't degrade gracefully.

Re:Don't allow sites to store stuff on your machin (0)

Anonymous Coward | more than 5 years ago | (#25373125)

Beer sites are a massive pain in the ass when it comes to requiring cookies. And JavaScript. And Flash.

Same with official sites of games, gaming companies, movies, etc... just about anything relating to entertainment. Even sites covering them are bad. I swear IGN deserves Guinness achievement award for having one of the absolute worst-designed, bloated and slow web sites on the face of the planet for so many years... and every time they change it, they make it worse. It's fucking disgusting, and it's massive corporate assholes like those who made AdBlock an essential tool for me and make me wish sites would go back to the way they were in the late 90s. Small, simple and fast (if you can get over the internet connection, that is... which, even then, was nothing compared to how slow IGN loads on my 2001-era computer now).

It would be nice if I could live peacefully without needing to use scripts of some sort (especially Flash) for the most retarded reasons. Until then, I use a combination of NoScript with my own nice little list of sites I want to add scripts and AdBlock Plus with Rick's EasyList. I messed around with CookieSafe/CS-Lite, but don't currently use it as it was a PITA to get it set up. I'm not sure which of the sites I visit actually *require* cookies, other than those I explicitly log in to and ask for it to save my login details.

Re:Don't allow sites to store stuff on your machin (5, Funny)

Anonymous Coward | more than 5 years ago | (#25373729)

Mod parent "OldManOnPorchWithShotgun"

Somewhat Misleading (5, Informative)

Aeonite (263338) | more than 5 years ago | (#25372623)

"Here's the user-unfriendly GUI for deleting them, one at a time, each one requiring confirmation."

Except there's a button to delete them all at once.

Re:Somewhat Misleading (1)

peskypescado (869865) | more than 5 years ago | (#25373101)

Somewhat Misleading? Try completely misleading. One-click and a confirm and they are all gone. The post should really be updated to correct that.

Re:Somewhat Misleading (0)

Anonymous Coward | more than 5 years ago | (#25373515)

You mean: like rm -rf ~/.macromedia ?

Get Flashblock now. (2, Insightful)

ajs (35943) | more than 5 years ago | (#25372637)

Seriously, get flashblock from the Firefox addons site. You need it. Badly. The number of sites with the equivalent of the pixel.gif tracking or the Google Analytics type JavaScript tracking, but as a small Flash plugin are growing astronomically, and Adobe has no reason to favor your privacy over their customer's demands. These little apps aren't there to serve your needs or improve you're browsing experience, and they just should never run. If you want to run a Flash app, that's fine: click on it to run it.

I use Flashblock and I've been watching Hulu and YouTube and enjoying all sorts of sites that use Flash. I'm also instantly aware of any site that's too lazy to present a standard Web page when I see a giant "click to run" button over the whole page, and I find another site. This is part of the process, and is an important way that neophyte Web developers learn that they can't just throw up Flash and not worry about Web standards.

Flashblock will not protect you (0)

Anonymous Coward | more than 5 years ago | (#25372825)

Flashblock doesn't actually stop flash from running, it just stops it fast. Flash cookies can still be written.

Re:Flashblock will not protect you (1)

sortia (1191847) | more than 5 years ago | (#25373037)

even if you are correct (i dont know if you are or not) then using noscript would stop flash before it loaded

Re:Get Flashblock now. (1)

fermion (181285) | more than 5 years ago | (#25373127)

I begun to notice a little flash bug appear in the upper corner of my screen 6-12 months ago. I figure it was the same thing as the more generic 1X1 pixel picture bug. I think it maybe is a google thing. 90% of what flash is used for is ads and pr0n, so as critical as these are to our very existence, I don't envision a massive exodus from flash. Therefore flashback is the only solution, and a mozilla based browser maybe the most expedient option.

In all earnestness, the only reason that flash is so popular is because unlike conventional images, IE and Safari does not have flash control built in. Unlike most media, it is something that is forced on the user through pre installation and push. Of course, Adobe has not felt the need to include a manual start option.

I don't see the MS competitor doing anything different. If history is any indication, MS will make it even more corporate friendly and user hostile than flash. OTOH, I would move to a MS solution is the specs were open like flash(oo.org can export a flash slide presentation), and content did not begin without user request.

LOLWTFBBQ!! (-1, Troll)

Creepy Crawler (680178) | more than 5 years ago | (#25372657)

I mean, who cares?

Data is saved when you go to a website!! Dont proxy caches do the same thing, then there's bridging proxies and nobody bitches about them.

All this is a bitching session about Flash. Ill just say this: You're a moron if you dont use some soft of Flash-delayer or blocker and a whitelist.

And this ... (4, Insightful)

gstoddart (321705) | more than 5 years ago | (#25372755)

This is why I don't install flash on my machines.

Way too much junk and irritating sites. A site which requires flash will be left and promptly forgotten about. If you can't provide an interface to your site without Flash, I don't care what your site has in it.

Cheers

Re:And this ... (2, Insightful)

Anonymous Coward | more than 5 years ago | (#25372891)

The parent sounds like the people who still use pine for checking their email. At some point, folks, the world is going to move on to new technology whether or not it is secure or you like it. I guess everyone has to make the decision to continue living life and embracing new technology or completely blocking it out and hoping it will go away. Websites that require flash aren't going to go away, folks: they are going to multiply. We shouldn't try to stop flash, or to ignore it, we should try to work toward helping them secure it. And I would take Flash over Silverlight any day-

Re:And this ... (1)

nschubach (922175) | more than 5 years ago | (#25373105)

At some point, folks, the world is going to move on to new technology whether or not it is secure or you like it.

I think you just described the Amish. (sort of)

Re:And this ... (4, Insightful)

Danny Rathjens (8471) | more than 5 years ago | (#25373589)

Imagine if people said the same thing about windows and gave up on linux. We can do much better than proprietary junk like flash.

Re:And this ... (1, Insightful)

Anonymous Coward | more than 5 years ago | (#25373799)

At some point, folks, the world is going to move on to new technology whether or not it is secure or you like it.

Calling Flash a "technology" is giving it too much credit.

But that aside, a lot of the world "moved on" to Windows, but the people who didn't do it, mostly all came out ahead. Sometimes going with the flow is just plain stupid. If everyone jumped off a cliff, would you? Maybe. Maybe it makes sense to do that. But really? No, it doesn't.

Re:And this ... (0)

Anonymous Coward | more than 5 years ago | (#25374439)

I bet you'd only take Flash over Silverlight because that's what you already know. If you had any real programming skills and knowledge, you'd know why Silverlight is better.

And why is proprietary Adobe technology considered more "free" than proprietary Microsoft technology? Oh, I forgot, if you hate M$ then anything else will do, even if it is only at best functionally equivalent or more likely functionally inferior.

Give me a mature and well-designed framework like .NET over some cobbled-together crap like Flex any day. Flash is old news, and its wrinkles are really starting to show.

Re:And this ... (1)

UtucXul (658400) | more than 5 years ago | (#25374561)

The parent sounds like the people who still use pine for checking their email. At some point, folks, the world is going to move on to new technology whether or not it is secure or you like it.

Hey, no need to be down on pine users. Some us of still use pine (or hopefully alpine) because we like how it works compared to other mail clients, not because we are stuck in the past. We use cvs because we are stuck in the past, but alpine/pine because we like it. And we even live in the modern world of html email and all that stuff. The anti-flash people are way worse then us. Really.

Re:And this ... (0)

Anonymous Coward | more than 5 years ago | (#25373073)

Amen.

I got rid of flash years ago. And ya know. I really havent missed it.

I havent seen a flash ad of any sort in years either. It's so nice.

Flash itself is a giant security hole. And not to mention its used by some of the biggest assholes on the planet. Advertisers.

Now punch the monkey you sheeple and go back to watching youtube.

Re:And this ... (0)

Anonymous Coward | more than 5 years ago | (#25373343)

sheeple

A word that applies universally to those who use it.

Re:And this ... (2, Funny)

Anonymous Coward | more than 5 years ago | (#25373453)

Photons are also used by Advertisers. Thats why I ripped my eyes out.

Re:And this ... (5, Funny)

elrous0 (869638) | more than 5 years ago | (#25373597)

And I'm even better than you because I use an Apple computer, don't even own a TV, and only listen to indie music. You should smell my flowery farts!

Re:And this ... (2, Insightful)

bongomanaic (755112) | more than 5 years ago | (#25374229)

It's also used by some of the best sites on the web, such as BBC iPlayer and Fora.tv because it is the only sensible way to deliver no-fuss cross-platform online video. It's also a lightweight and better looking alternative to java or ajax for all sorts of entertaining and educational applets. Non-assholes use flash too because it just works. Blocking all flash because it is sometimes used in ads is as sensible as blocking jpegs because they are sometimes used in ads. If the only flash you've come across is in ads then it is your taste is web sites, rather than flash, that is at fault.

Re:And this ... (2, Insightful)

Todd Fisher (680265) | more than 5 years ago | (#25373265)

I'm [webkinz.com] guessing [nickjr.com] you [myepets.com] don't [playhousedisney.com] have [clubpenguin.com] kids [lego.com] .

Re:And this ... (1)

FingerDemon (638040) | more than 5 years ago | (#25374253)

Amen to that, brother. The Hot Wheels site has a lot of flash games, too. So far, I have been able to convince my four year old that the games are not related to any toys we could actually buy. But it is only a matter of time before he figures out that I'm lying through my teeth.

Re:And this ... (0)

Anonymous Coward | more than 5 years ago | (#25374389)

Parent should be scored a 5. If you have kids, you have flash. And you learn how to live with it.

Re:And this ... (0)

Anonymous Coward | more than 5 years ago | (#25373719)

And your solution for people you use and enjoy youtube is...? Google didn't buy youtube for US$1.65 billion in Google stock, for nothing

Can you not just delete the files directly? (5, Informative)

BabyDave (575083) | more than 5 years ago | (#25372757)

On Windows, presumably the shared objects are the files stored in %USERPROFILE%\Application Data\Macromedia\Flash Player\#SharedObjects (usually c:\Documents And Settings\%USERNAME%\Application Data\... ) - can you not just delete the files directly?

To remove flash cache on Linux (2, Informative)

Khopesh (112447) | more than 5 years ago | (#25373195)

Yes, I do that on Linux regularly.

Just add this to your crontab:

0 * * * * rm -rf ~/.macromedia ~/.adobe

(If you actually use their other products, you might want to be more specific, like ~/.adobe/Flash_Player)

Re:To remove flash cache on Linux (1)

ericcantona (858624) | more than 5 years ago | (#25373397)

ho ho ho, very funny. Only, rm does not securely delete.

srm [wikipedia.org] is fairly safe.

Re:To remove flash cache on Linux (3, Insightful)

Khopesh (112447) | more than 5 years ago | (#25373663)

srm and shred aren't assured security if you're on a journaled filesystem. More importantly, if the Flash application is rooting through your filesystem looking for deleted data, "secure deletion" should be applied to Flash itself, not just its cache. That would be outrageous.

My point is that you're merely trying to delete cookies to prevent user tracking. Secure deletion on your physical disk is not needed unless you're looking at a very special kind of content. ... Using srm or shred here would be like running your newspaper through the shredder because you never know who might be looking for the smudge marks that indicate what you actually read.

Re:To remove flash cache on Linux (1)

ericcantona (858624) | more than 5 years ago | (#25374041)

Yes. Quite true.

However, srm & shred are secure-ish on ext3; since although ext3 is a journaling file system by default it only journals a file's metadata (so file erasing tools should be effective.)

But you're quite right. If you need to be getting up to shenanigans like this you either : (i) shouldn't be doing what you've been doing with flash (aka watching p0rn), or (ii) you should get really paranoid and knowledgeable and run on openbsd with an Encrypted Virtual Filesystem.

You can delete them without internet access (0)

Anonymous Coward | more than 5 years ago | (#25372781)

At least on a Mac, if you do a spotlight search for a site that uses Flash -- say, pandora.com -- you can find where these files are stored locally. There are two copies, one with a # in front and the other with just the site name. Be sure to delete both.

Quick fix? (2, Interesting)

elashish14 (1302231) | more than 5 years ago | (#25372787)

I did this and it seems to work: rm -r .macromedia ln -s /dev/null ~/.macromedia YMMV.

Re:Quick fix? (4, Informative)

elashish14 (1302231) | more than 5 years ago | (#25372815)

Er, a semicolon is helpful too: rm -r .macromedia; ln -s /dev/null ~/.macromedia

Re:Quick fix? (1)

Sapwatso (461933) | more than 5 years ago | (#25373841)

Interesting - do you ever run into flash applets you want to use but are broken due to not being able to store anything even temporarily?

Have you considered trying this:
          rm -r .macromedia;mkdir /tmp/$LOGNAME; mkdir /tmp/$LOGNAME/.macromedia; chmod 700 /tmp/$LOGNAME/.macromedia; ln -s /tmp/$LOGNAME/.macromedia ~/.macromedia

(Assuming you are using tmpfs or otherwise periodically cleaning out /tmp)

linux (0)

Anonymous Coward | more than 5 years ago | (#25372803)

IIRC, on linux everything is stored in .macromedia/ in your home directory. So you can use whatever GUI file manager you want to go through them. I would bet Windows has something similar.

If you're really concerned about privacy, you can just empty the whole directory and then chmod -w it.

Easily fixed from the same site linked in TFA (5, Informative)

Craptastic Weasel (770572) | more than 5 years ago | (#25372829)

Go to This site [macromedia.com]

1.) Go to Website Storage settings -> Delete all sites

2.) Go to Global Storage settings -> allow 0 kb of storage

3.) ????? 4.) Profit! (and/or continue going to porn sites...)

Re:Easily fixed from the same site linked in TFA (0)

Anonymous Coward | more than 5 years ago | (#25373735)

also you can just turn off 3rd party access

http://www.adobe.com/products/flashplayer/articles/thirdpartylso/#settings

I visit a lot of porn site (1)

aepervius (535155) | more than 5 years ago | (#25374045)

All those shared data I see on my computer are fropm cnn, nbc, edios, ea, youtube, etc.... Maybe then again that is because I am NOT stupid enough to allow java or flash on a shady site...

strange (0)

Anonymous Coward | more than 5 years ago | (#25374181)

Kind of odd how you have to go to there website to make that setting.

Then again, flash has always hidden its settings. I never understood why they didn't allow us to modify settings from a menu or submenu like the way adblock does.

or you can not allow them at all. (1)

dark whole (1220600) | more than 5 years ago | (#25372929)

find the folder they are stored in: Windows: C:\Documents and Settings\[username]\Application Data\Macromedia\Flash Player Mac: /Users/[username]/Library/Preferences/Macromedia/Flash Player Linux: ~/.macromedia and delete the folder, then create a file with the folder's name, so it cant be created.

mod u(p (-1, Troll)

Anonymous Coward | more than 5 years ago | (#25372967)

be on a wrong goals I personally followed. Obviously it just 0wnz.', members are a change to AND AS BSD SINKS successe5 with the very sick and its the accounting today. It's about (I always bring my the top. Or were, be fun. It used legitimise doing irc.secsup.org or MY BEDPOST UP MY The above is far And she ran the numbers. The to have to decide Too much formality well-known standpoint, I don't Took precedence marketing surveys to avoid so as to little-known that *BSD 0wned.

Re:mod u(p (0, Troll)

skuzzlebutt (177224) | more than 5 years ago | (#25373103)

"MY BEDPOST UP MY The above is far And she ran the numbers"

Good point...I couldn't agree more.

I, too, don't Took precedence marketing surveys to avoid so as to little-known that *BSD 0wned.

How are Cookies "Privacy Threats"? (4, Interesting)

Doc Ruby (173196) | more than 5 years ago | (#25373251)

I can understand if there's a bug that lets one site read or write another site's cookies. But how are properly functioning cookies any threat to privacy? They are indeed a threat to anonymity, only because they let a site ID a browser (or a Flash player or some other client) as "the same as that other time". But what private info other than that you are the same person (or maybe not, on a shared machine) is threatened? The remote site could just store on its server any info about your transactions. It could require that you login to verify that you're that same returning visitor. And even without cookies, a remote site could send any info it got from your transactions over to any other site without notifying you. Cookies have nothing to do with it.

Of course, any info stored on my machine should have a usable UI to manage it. But an inconvenient one isn't really a "privacy threat". After all, what is the threat? What goes wrong when it's abused?

Re:How are Cookies "Privacy Threats"? (1, Insightful)

Anonymous Coward | more than 5 years ago | (#25373779)

You'd be surprised how much can be inferred from a few visits that can be linked by "hey you're the same guy who was here that other time". When you can start finding patterns in aggregated data, the whole becomes more than the sum of its parts.

Of course you're right in that there's nothing inherently wrong with FSO's, but there is a need for user education on the subject (much like cookies). FSO's are more problematic in this way since they're less well-known and harder for a non-savvy user to manage.

Incidentally, a threat to anonymity is, by extension, a threat to privacy, since anonymity is a useful privacy tool.

Re:How are Cookies "Privacy Threats"? (1)

Doc Ruby (173196) | more than 5 years ago | (#25374019)

But that inference isn't really a threat to "privacy". That site was a party to those other transactions. Why doesn't it have the right to recognize the other party to those transactions, when its own identity is firmly established?

Anonymity and privacy are linked, but separate. Their conflation into seeing cookies as "privacy threats" would really be dispelled if the browser had an icon for "you are maintaining a cookie for this site" (greyed out when you aren't), that is clickable to manage that cookie, including setting "yes/no cookies (this site / all sites)" with just that click.

How to delete on OS X (1)

hogwaller (421) | more than 5 years ago | (#25373361)

rm -r /Users/username/Library/Preferences/Macromedia/Flash\ Player/#SharedObjects/*
rm -r /Users/username/Library/Preferences/Macromedia/Flash\ Player/macromedia.com/support/flashplayer/sys/*

Not only Flash SharedObjects... (1)

chrysalis (50680) | more than 5 years ago | (#25373405)

The same thing can apply to any browser-side storage : localStorage, globalStorage, userData, Google Gears and HTML5 database storage.

Purging those is not as easy as with cookies.

But they also have a lot of legitimate uses.

Re:Not only Flash SharedObjects... (1)

truedfx (802492) | more than 5 years ago | (#25373823)

Are you talking about purging them for specific domains, or globally? For specific domains, I can imagine why it might be a problem (though I'm not aware of how any of them are stored on disk), but if you mean globally, is there any problem in removing the relevant directories, exactly as at least I would do for cookies? Surely none of them are stored in the same directory as (for example) the browser bookmarks?

As for the legitimate uses, I suppose it depends on your viewing habits. There are not nearly enough good examples of use of even scripting and cookies for me to consider allowing them globally, and I happen to not need Flash at all. (In fairness, if I could not see the movies on Youtube etc. without Flash, I might have installed it.)

THAT IS BULL !@#$! (0, Flamebait)

UncleMantis (933076) | more than 5 years ago | (#25373469)

Unbeliveable! No wonder I have been seeing more and more flash ads! Those !@#$%! Once again BAN FLASH!

scare-monger (2, Insightful)

keatonj (940527) | more than 5 years ago | (#25373495)

"by default" it enables average users to use nifty adobe player functionality. (my pizza store, by default now remembers me and the last time i was there! wicked! You can also choose max disk space for these cookies, you can also easily delete them, and you can easily stop them from being saved. I agree the access to this information isnâ(TM)t "easy". but this is far from being a security problem. I had to go through just as much clicks to get to my firefox cookie, as to get to the flash cookies. They also store only information they request. Which in some cases means saved games files (for flash games) This article, with its hefty boldening of sentences, makes this out to be an OMG! situation, when it's not. Just as firefox, by DEFAULT, enables cookies and javascript code. Why can't flash? This panel can also be accessed when using almost ANY flash application, through the right click context menu. Seriously, this feels like very little investigation of comparison. American style scare-mongering at it's finest IMHO.

Re:scare-monger (2, Insightful)

ratboy666 (104074) | more than 5 years ago | (#25374281)

So, tell me... How is it that a flash application available on-line (from adobe) is able to delete and assign space to those very elements? You are telling me that it is not, in turn, able to access those very items? And, if it can access those items, is this not a far worse security issue than browser cookies?

Just wondering.

Now, add to this (the configuration panel for flash storage being available on-line, accessible without the need of a password) to the actual (closed source) implementation of flash -- aren't alarm bells going off in your head?

Reading confirmation ftw? (1)

Skuld-Chan (302449) | more than 5 years ago | (#25373767)

Here's the user-unfriendly GUI for deleting them one at a time, each one requiring confirmation.

I clicked on delete all sites - it asked if I wanted to and every one of them was gone in two clicks.

Solution (0)

Anonymous Coward | more than 5 years ago | (#25373813)

echo "rm -rf ~/.macromedia" > ~/.kde/Autostart/wipeflashcookies.sh

problem solved

Bring out the smug bastards! (0, Insightful)

Anonymous Coward | more than 5 years ago | (#25373845)

Okay, good, let's shut off another potentially useful feature because there's a fringe chance it can be used to remember who you are, which is Bad(tm) because then zomg Skynet. And better still, let's get rid of Flash entirely, AND be a smug dick about it, too. Brag about it constantly, just like how you don't own a TV.

From there, keep on bragging about how you don't use Javascript, either, and point to an edge case where a friend you knew was out browsing pr0n from his spam and now his entire identity has been erased. Keep pointing to it. Point HARDER. That should convince any sane individual to burn an effigy of the inventor of Javascript. Offer your diagrams to help them build such effigies.

Then all we'd need to do is get rid of images and multimedia, remove graphics from all computers, and before you know it, we'll finally have this "entertainment" flaw fixed. Then we can all get back to posting plaintext reviews of and arguments over Star Trek Battlestar Galactica episodes in peace. Goddamn progress.

Mmmm.. cookies (0)

Anonymous Coward | more than 5 years ago | (#25373923)

Am I the only one who read the article title as "Flash Cookies, a Little-Known Privacy TREAT" and thought it was some kind of snack? .. maybe I should go get something to eat. Mmmm.. flash cookies.

Simple fix... (0)

Anonymous Coward | more than 5 years ago | (#25373957)

cd ~
rm -rf .macromedia
mkdir .macromedia
chmod 000 .macromedia
# Has been working fine like this for a couple of months now.

Flash Cookies, a Little-Known Privacy Treat... (2, Insightful)

frito_x (1138353) | more than 5 years ago | (#25374177)

"... all your cookies are belong to us..."

- the Cookie Monster.

hmm... (0)

Anonymous Coward | more than 5 years ago | (#25374307)

# turn this shit off

rm -dfr ~/.macromedia/
rm ~/.mozilla/plugins/libflashplayer.so

# turn this shit on

cd /some/path/to/install_flash_player_9_linux/
. flashplayer-installer
# answer three stupid questions(with Enter, yes , no)
cd -
# now go to your favorite porn site, bonehead!

alternative: use w3m or lynx without risk :-)

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...