Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Adobe Flash Cookies Raising Privacy Questions Again

kdawson posted more than 4 years ago | from the flash-in-the-pan dept.

Privacy 103

Nearly a year after we discussed the privacy implications of Flash cookies, they are in the news again as the US government considers revising its cookie policy. Wired covers a study out of UC Berkeley exposing questionable practices used by many of the Internet's most-visited Web sites (abstract). The most questionable activity the report exposes is known as "respawning": after a user has deleted browser tracking cookies, some sites will use information in Flash cookies to recreate them. The report names two companies, Clearspring and QuantCast, whose technologies reinstate cookies for other Web sites. "Federal websites have traditionally been banned from using tracking cookies, despite being common around the web — a situation the Obama administration is proposing to change as part of an attempt to modernize government websites. But the debate shouldn't be about allowing browser cookies or not, according Ashkan Soltani, a UC Berkeley graduate student who helped lead the study. 'If users don't want to be tracked and there is a problem with tracking, then we should regulate tracking, not regulate cookies,' Soltani said."

cancel ×

103 comments

All i can say is (0)

Anonymous Coward | more than 4 years ago | (#29028979)

Porn mode ftw [mozilla.com] .

Re:All i can say is (5, Informative)

auric_dude (610172) | more than 4 years ago | (#29029037)

All I can say is BetterPrivacy via https://addons.mozilla.org/en-US/firefox/addon/6623 [mozilla.org]

MOD +5 this (1)

PetriBORG (518266) | more than 4 years ago | (#29029351)

Thanks for that link, very cool.

Re:All i can say is (4, Informative)

Dogers (446369) | more than 4 years ago | (#29029785)

And a way to view what you currently have..
http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html [macromedia.com]

Adobe needs a new CEO. (1, Interesting)

Anonymous Coward | more than 4 years ago | (#29029905)

Thanks for the link! Note: That does not clean multiple installations of Opera, or clean other browsers.

Adobe has become an evil, badly managed company, in my opinion. Buy Creative Suite, and the new DVD requires a download of more than 300 Megabytes to bring it up to date.

Re:Adobe needs a new CEO. (1)

muckracer (1204794) | more than 4 years ago | (#29034887)

> Thanks for the link! Note: That does not clean multiple installations of Opera, or clean other browsers.

Agreed...great extension but limited. What we need is something like CCleaner for Linux. Anything out there like that?

Re:Adobe needs a new CEO. (2, Informative)

muckracer (1204794) | more than 4 years ago | (#29035261)

Actually found one:

Bleachbit - http://bleachbit-project.appspot.com/ [appspot.com]

Open-Source and for Linux and Windows.

Still would love to find a command-line version of something like it to run on shutdown and/or from cron.

Re:All i can say is (1)

Mozk (844858) | more than 4 years ago | (#29032653)

This content requires Flash

Oh, sure, another website that requires Flash to function! I shouldn't need Flash just to delete my Flash cookies!</sarcasm>

Re:All i can say is (1, Redundant)

Philip K Dickhead (906971) | more than 4 years ago | (#29032747)

BETTER PRIVACY PLUGIN.

https://addons.mozilla.org/en-US/firefox/addon/6623 [mozilla.org]

100% compatible with Firefox 3.5*
Please do not ask me about missing updates here, read FAQ at the bottom of this page.

Better Privacy serves to protect against not deletable longterm cookies, a new generation of 'Super-Cookie', which silently conquered the internet. This new cookie generation offers unlimited user tracking to industry and market research. Concerning privacy Flash- and DOM Storage objects are most critical.
This addon was made to make users aware of those hidden, never expiring objects and to offer an easy way to get rid of them - since browsers are unable to do that for you.

Flash-cookies (Local Shared Objects, LSO) are pieces of information placed on your computer by a Flash plugin. Those Super-Cookies are placed in central system folders and so protected from deletion. They are frequently used like standard browser cookies. Although their thread potential is much higher as of conventional cookies, only few users began to take notice of them. It is of frequent occurrence that -after a time- hundreds of those Flash-cookies reside in special folders. And they won't be deleted - never.

BetterPrivacy can stop them, . by allowing to silently remove those objects on every browser exit. So this extension becomes sort of "install and forget add-on". Usually automatic deletion is safe (no negative impact on your browsing), especially if the deletion timer is activated. The timer can delay automatic deletion for new or modified Flash-cookies which might be in use. It also allows to delete those objects immediately if desired.

With BetterPrivacy it is possible to review, protect or delete new Flash-cookies individually. Users who wish to to manage all cookies manually can disable the automatic functions. BetterPrivacy also protects against 'DOM Storage' longterm tracking, a browser feature which has been granted by the major browser manufactures.

Some flash LSO-cookie properties in short...

they are never expiring - staying on your computer for an unlimited time.

by default they offer a storage of 100 KB (compare: Usual cookies 4 KB).

browsers are not aware of those cookies, LSO's usually cannot be removed by browsers.

via Flash they can access and store highly specific personal and technical information (system, user name, files,...).

ability to send the stored information to the appropriate server, without user's permission.

flash applications do not need to be visible

there is no easy way to tell which flash-cookie sites are tracking you.

shared folders allow cross-browser tracking, LSO's work in every flash-enabled application

the company doesn't provide a user-friendly way to manage LSO's, in fact it's incredible cumbersome.

many domains and tracking companies make extensive use of flash-cookies.

These cookies are not harmless.

IMPORTANT
IF YOU PERMIT DELETION OF LSO's,
THEN COOKIE-STORED INFORMATION LIKE
GAME SETTINGS OR LOGIN DATA (YAHOO SEAL)
MIGHT BE LOST! MAKE SURE THAT YOU EXCLUDED
IMPORTANT COOKIES FROM DELETION (SEE FAQ)

Frequently asked questions (FAQ):
Please scroll to the bottom of the page.

Recommended comprehensive Flash cookie article (topic: UC Berkeley research report)
http://www.wired.com/epicenter/2009/08/you-deleted-your-cookies-think-again/ [wired.com]

Wikipedia LSO information:
http://en.wikipedia.org/wiki/Local_Shared_Object [wikipedia.org]

See what Google finds:
http://google.com/search?q=flash-cookie+super-cookie [google.com]

Privacy test:
http://netticat.ath.cx/extensions.html [netticat.ath.cx]
Navigate to BetterPrivacy (right column)

Note:
NO SUPPORT POSSIBLE HERE!
If you have a problem, please visit my site so that I can answer. Do not post your questions in reviews (instead see support URL, scroll to the bottom of my page and click Support).

Support

Support for this add-on is provided by the developer at http://netticat.ath.cx/extensions.html [netticat.ath.cx]

Re:All i can say is (2, Informative)

trifish (826353) | more than 4 years ago | (#29030509)

Isn't this a way to permanently disable Flash cookies?

http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager03.html [macromedia.com]

Note that this isn't just documentation. If you have Flash installed, the first what looks like a screenshot is actually the Flash config panel.

Adobe could improve it by adding "Clear all cookies on exit".

Re:All i can say is (1)

mzs (595629) | more than 4 years ago | (#29030869)

For that user using that profile for that browser. Now consider a typical home computer with 2 or three users each with Firefox and IE or Firefox and Safari. Oh and guess where it stores that you do not wish to accept flash cookies?

Gnash is the solution, just rm -rf the correct dir when you are finished.

Re:All i can say is (3, Informative)

florescent_beige (608235) | more than 4 years ago | (#29031597)

I just started using bp last week and here is something important. The version on the Firefox addon site is not the latest. I got 1.41 at

http://netticat.ath.cx/BetterPrivacy/BetterPrivacy.htm [netticat.ath.cx]

because it added a bit of functionality. Specifically in the way it treats DOM storage.

DOM storage is not flash cookies (LSOs), it is a separate way sites can store data on your computer I had not heard about. The old version could only disable DS, but now BP can now treat DS like LSOs so it stays on but the data gets deleted on FF shutdown. Some sites like cnn video need DS turned on.

Also I set it to delete the default LSO. That one stores a list of every flash site you visit. Even if you turn Flash local storage completely off using:

http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager03.html [macromedia.com]

you will see a list of visited sites on the last tab on that control. Deleting the default cookie gets rid of that list.

Re:All i can say is (4, Informative)

NettiCat (1616619) | more than 4 years ago | (#29032789)

The version on the Firefox addon site is not the latest.

I wish the AMO folks would update BetterPrivacy to the latest version but I cannot do anything to accelerate that procedure. Thanks for your important note, I found it accidently while searching for related websites. NettiCat (author of BetterPrivacy, http://netticat.ath.cx/ [netticat.ath.cx]

Re:All i can say is (1)

florescent_beige (608235) | more than 4 years ago | (#29033083)

Wow, this is an unexpected pleasure. Your addon has really simplified my life (online at least). Thanks!

Re:All i can say is (1)

zobier (585066) | more than 4 years ago | (#29034555)

Yeah, thanks NettiCat. I also like and use your BabelFish addon.

Re:All i can say is (1)

muckracer (1204794) | more than 4 years ago | (#29035035)

> The version on the Firefox addon site is not the latest. I got 1.41 at [...]

The for me most important feature of the new version is the integration of LSO removal in the regular "Clear History when Firefox closes" config options. Simply check it there and LSO's get deleted on browser exit like it should be.

Speaking of which: FF 3.5+ got rid of the option to show the Clear History window on exit. I liked having it there simply to see it in action and also to override certain defaults when desired. Is there a way to turn it back on?

Re:All i can say is (2, Funny)

Mozk (844858) | more than 4 years ago | (#29032715)

Attempting to install the newer version of BetterPrivacy [netticat.ath.cx] , an addon that protects you from certain types of cookies to maintain privacy:

Downloads need activated script and cookies!

Umm...

Re:All i can say is (1)

guanxi (216397) | more than 4 years ago | (#29033751)

I've used BetterPrivacy for a little while. I'm using the options below, and I've never had a problem with any websites that I could trace to it:
  - Delete Flash cookies on Firefox exit
  - Also delete settings.sol
  - Also delete empty cookie folders
  - Disable DOMStorage
  - Disable Ping Tracking

When I first ran it, I was surprised to discover Flash cookies from websites I hadn't visited in years. Thanks Netticat!

Re:All i can say is (1)

mcgrew (92797) | more than 4 years ago | (#29036607)

All I can say is I hate Flash anyway. But it's just something I have to put up with if I want to see video. I wish a software company could get big without being evil; disallowing one to get rid of cookies is just pathetically evil.

Perhaps someone in a country with real privacy laws (not mine unfortunately) could file suit against adobe?

Piece of cake... (1, Interesting)

Anonymous Coward | more than 4 years ago | (#29029003)

ln -s /dev/null ~/.macromedia

Re:Piece of cake... (-1, Offtopic)

Anonymous Coward | more than 4 years ago | (#29029255)

It's a piece of cake to bake a pretty cake. If the way is hazy,
You gotta do the cooking by the book. You know you cant be lazy.
Never use a messy recipe, the cake will end up crazy.
If you do the cooking by the book...

Then you'll have a cake.
We gotta have it made.
You know that i love cake.
Finally, it's time to make a cake.

Re:Piece of cake... (2, Insightful)

Anonymous Coward | more than 4 years ago | (#29029765)

See, this is just a downright lie. Making a mediocre cake might be easy, but to make a superb cake requires refined knowledge of baking chemistry and experience. You can't just follow most recipes because they make all measurements by volume when you really should be making them by weight.

Re:Piece of cake... (3, Informative)

dc29A (636871) | more than 4 years ago | (#29029327)

Or on Windows, go to 'Document and Settings' (Users on Vista/7 if I am not mistaken), 'Application Data\Macromedia\Flash Player'.

Remove '#SharedObjects' folder, create a file with same name on it. Remove all security rights on it. Do same with 'macromedia.com' folder.

Problem solved. To test it, go to Youtube, set your volume to a certain level. Close browser, re-open and see if Youtube maintained the volume level. It shouldn't.

Re:Piece of cake... (0)

Anonymous Coward | more than 4 years ago | (#29030633)

Thanks! I tried a simple search, which oddly enough, does not show them.

Re:Piece of cake... (2, Informative)

elashish14 (1302231) | more than 4 years ago | (#29033417)

BAD solution! Some sites will break if you do this and you won't be able to watch videos.

There are many better solutions. Using an init or crond script is one to remove the directory regularly. Another is to mount ~/.macromedia to /tmp or a ramdisk which is what I do. Those cookies never even get to smell my hard drive and it's not like I'm doing anything better with the RAM.

Re:Piece of cake... (1)

Canazza (1428553) | more than 4 years ago | (#29035021)

I've got a batch script for deleting these as part of my development toolset, it wouldn't take too much to set it as a Startup item.

Stick the following .bat file in C:\Documents and Settings\*USERNAME*\Application Data\Macromedia\Flash Player\ (Windows XP)

rd /s /q #SharedObjects

run it whenever you want to delete shared objects

Re:Piece of cake... (0)

Anonymous Coward | more than 4 years ago | (#29029581)

H:\>ln -s /dev/null ~/.macromedia
'ln' is not recognized as an internal or external command,
operable program or batch file.

=(

Re:Piece of cake... (0)

Anonymous Coward | more than 4 years ago | (#29030807)

it's for bash, n00b.

Re:Piece of cake... (1)

cheftw (996831) | more than 4 years ago | (#29031641)

It should work in any shell where ln is installed... n00b

Re:Piece of cake... (0)

Anonymous Coward | more than 4 years ago | (#29037135)

* WHOOOOOSH *

Re:Piece of cake... (1)

PReDiToR (687141) | more than 4 years ago | (#29029623)

I think this [mozdev.org] might be a better solution.

Although I've had trouble getting it to work properly on a couple of machines, it seems to do what it says on the tin most of the time.

Re:Piece of cake... (1)

kitserve (1607129) | more than 4 years ago | (#29029947)

Unfortunately, linking to /dev/null makes some sites not work, though I forget which, it's been a while since I tried that method. I ended up setting a daily cron job to delete the .adobe and .macromedia directories from users' home directories. It's not ideal, but it does the trick.

Re:Piece of cake... (1)

hipifreq (1323407) | more than 4 years ago | (#29030281)

"Windows cannot find 'ln'. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and the click Search"

huh... For the MAJORITY of operating systems out there your technique doesn't work

go figure!

Re:Piece of cake... (2, Informative)

mad_robot (960268) | more than 4 years ago | (#29030399)

Doesn't Adobe's Flash settings widget [macromedia.com] work in Linux? It seems a bit drastic disabling Flash cookies for the whole internet when you can set preferences individually for each website you visit.

Confusion at Adobe? Bad management? (1)

Futurepower(R) (558542) | more than 4 years ago | (#29032691)

There is more than one URL: Adobe's Flash settings widget [macromedia.com] . You have settings_manager03.html. Adobe has been recommending settings_manager07.html.

The Flash updating tool is very buggy. It may update only your installation of Opera, instead of Opera and Firefox. If you have multiple installations of Opera, it will update only one of them.

In Windows, it is necessary to use the Replace.exe command [microsoft.com] to replace all instances of flashplayer.xpt, NPSWF32.dll, and NPSWF32_FlashUtil.exe. The latest version of the files is located at C:\WINDOWS\system32\Macromed\Flash after updating one installation of one browser.

Re:Confusion at Adobe? Bad management? (1)

mad_robot (960268) | more than 4 years ago | (#29035023)

The different URLs (containing the numbers 02, 03, 04, 06 and 07) are just part of the same widget. Click the tabs at the top to access them.

(Incidentally, there's another one at settings_manager05.html that doesn't appear to be accessible by clicking the tabs.)

Bad management policy (1)

Futurepower(R) (558542) | more than 4 years ago | (#29035365)

Consider the effect of that, which is to cause people to have even less confidence in Adobe.

Perhaps we should surveil the surveyors... (4, Interesting)

fuzzyfuzzyfungus (1223518) | more than 4 years ago | (#29029035)

Spread across a reasonable number of annoyed individuals, paying to have a private investigator tail high level officers and major shareholders of advertising corporations that engage in this sort of thing 24/7/365 would be fairly inexpensive and amusing.

Re:Perhaps we should surveil the surveyors... (4, Insightful)

johanatan (1159309) | more than 4 years ago | (#29029225)

I tend to think that it will come to that. In the near future, I expect everyone to record everything. The only question left for courts to decide will be the legitimacy of the material (i.e., whether it is authentic or counterfeit).

Re:Perhaps we should surveil the surveyors... (2, Insightful)

PetriBORG (518266) | more than 4 years ago | (#29029459)

Yeah but in case you hadn't noticed the courts accept a large amount of digital evidence in courts with less then a steller backing, or so it seems to me. As a programmer I know *nothing* on a computer is 100% reliable right down to the CPU microcode (blue pill hacks). It really is turtles all the way down.

Re:Perhaps we should surveil the surveyors... (1)

johanatan (1159309) | more than 4 years ago | (#29030107)

Yea, but that will surely start to change as controversy arises. Let's say that anyone with knowledge of such (or who has friends with knowledge of such) is involved in a case. Then, these more subtle points will come to light. Really, any case of high enough importance/profile (i.e., with parties of sufficient funding and consequences of sufficient severity) should already raise these questions.

Re:Perhaps we should surveil the surveyors... (1)

spleen_blender (949762) | more than 4 years ago | (#29029609)

Why aren't we doing this!

Re:Perhaps we should surveil the surveyors... (1)

SevenHands (984677) | more than 4 years ago | (#29030265)

And who would survey the surveyor's surveyor?

Re:Perhaps we should surveil the surveyors... (1)

Paaskonijn (1220996) | more than 4 years ago | (#29030179)

Watch the Watchmen, as it were.

If they've got nothing to hide they can't complain (0)

Anonymous Coward | more than 4 years ago | (#29031123)

Spread across a reasonable number of annoyed individuals, paying to have a private investigator tail high level officers and major shareholders of advertising corporations that engage in this sort of thing 24/7/365 would be fairly inexpensive and amusing.

I'm in. Where's the paypal button?

Sort of the opposite of the movie "Truman" (0)

Anonymous Coward | more than 4 years ago | (#29033989)

Great suggestion. Hell, I'd pay money to watch something like that.

And I'm not the only one. Remember Michael Moore's movie "Roger & Me" when he tailed people like the head of General Motors, and ridiculed rich folks like Bob Eubanks filming him living high on the hog at parties that actually degradingly hired people to stand still as human statues so as to entertain the party guests at a time when the city of Flint, Michigan was falling apart?

Millions of people paid money to watch that movie and see the lens turn for once.

http://en.wikipedia.org/wiki/Roger_&_Me [wikipedia.org]

Mmmmm. Adobe COOKIES !! (0, Funny)

Anonymous Coward | more than 4 years ago | (#29029049)

Droooooollllll!!

Unintended reinterpretation. (3, Insightful)

girlintraining (1395911) | more than 4 years ago | (#29029125)

"If users don't want to be tracked and there is a problem with tracking, then we should regulate tracking, not regulate cookies"

I'm glad we're agreed then. Cookies are used for tracking, so cookies should be regulated. But we won't treat cookies like they're special -- we'll regulate all other forms of tracking as well. That seems fair. In other, unrelated news -- anonymity doesn't exist. Sherlock Holmes may be a fictional character several hundred years dead now, but what he said back then applies today on the internet (which I paraphrase here) "Every place you go, you leave something behind and you take something with you." Tracking, therefore, is just a matter of following the (achem) tracks, and it's something anyone with a bit of skill can do.

The problem is, we're failing society as professionals in the IT field -- part of our work (which most likely isn't earning you money) is teaching our friends, family, and interested parties about these problems and how to protect themselves from it because nobody else can or will. That's what has allowed this kind of crap to permeate into the mainstream... It wouldn't be tolerated if people knew better.

Re:Unintended reinterpretation. (2, Insightful)

Darkness404 (1287218) | more than 4 years ago | (#29029539)

We should not regulate tracking cookies for non-government things any more than we are doing now. Its pathetically easy to clear cookies and anyone with a bit of knowledge can even clear these "impossible to remove" Flash cookies. The problem is, if we try to spread this around we end up with these super-paranoid users which honestly are more of a pain to deal with than those who enjoy running IE 6 on an unpatched XP install. Remember when the media did stuff on normal cookies? There were people who thought a cookie, a plain text file contained viruses! All this media paranoia has given rise to people who think that -anything- has viruses, that the .pdf on a trusted site -MUST- have a virus, that Firefox -MUST- be a virus, that anything -MUST- be a virus, and that even though they admit you know more about computers than them, you -MUST- be breaking their computers whenever you navigate to a site other than Google and a handful of others.

Re:Unintended reinterpretation. (1)

DrEldarion (114072) | more than 4 years ago | (#29029679)

Cookies are used for tracking, so cookies should be regulated.

Whatever happened to "if it's not the only thing it's used for, we shouldn't treat it like it is"?

If "p2p is used for piracy, so p2p should be regulated" were ever uttered around here, someone would get shot. Cookies should not be regulated. Cookies themselves are harmless, just like p2p itself is harmless. It's nefarious uses of either that people have problems with.

Re:Unintended reinterpretation. (3, Insightful)

Synchis (191050) | more than 4 years ago | (#29029709)

The problem is, we're failing society as professionals in the IT field -- part of our work (which most likely isn't earning you money) is teaching our friends, family, and interested parties about these problems and how to protect themselves from it because nobody else can or will. That's what has allowed this kind of crap to permeate into the mainstream... It wouldn't be tolerated if people knew better.

I disagree with this. I've spent a long time in the industry, and am pretty much the only "tech enabled" person in amongst many friends and family. Many of them use the computer recreationally, and without a care as to what harms may become of them. To the layman, the computer is just a tool, and to most of them, there is no perceived risk to themselves. Thus, when I try to inform them of the risks they take, or try to teach them safer browsing habits, good housekeeping, etc. It is often met with indifference, and sometimes hostility. People don't like to be told they are wrong, especially when most people use the computer in the way they think is correct, and in most cases, the only way they know how.

Many people are intimidated by computers, and to have somebody who is deeply involved in computers try to teach them best-practices, is sometimes insulting.

So yeah, we may feel we have a responsibility to protect those that know less than us, but in reality, instilling that knowledge is not always easy, practical, or even sometimes possible.

So no, I don't agree, I don't think we've failed. I think we're doing the best job we know how to do, in the face of at times massive and gross ignorance. Resistance does not mean I've given up. But I have learned over time which people are worth taking the time to teach, and which people are not worth the effort.

Re:Unintended reinterpretation. (1, Insightful)

Anonymous Coward | more than 4 years ago | (#29029715)

What the man means is that you shouldn't regulate the tool but the problem. In other words, if tracking is a problem, make laws/agreements/whatever for those, instead of prohibiting the use of cookies.
The same anology applies to p2p, terrorism and what-not.

Re:Unintended reinterpretation. (1, Insightful)

Anonymous Coward | more than 4 years ago | (#29029935)

People don't know better because they don't give a fuck. Try preaching to a layman about GPG sometime. They don't understand key exchange issues, but they understand the purpose of encryption, and their reply is: "I don't care if they are watching me."

These are the same people who still vote for Republicrats. You keep hitting them over the head with Clinton, Bush (and maybe some day Obama, though I try not to cynically damn him yet), and they keep voting for more. They're lazier than hippies (who will at least protest The Man).

Lazier than hippies! (Think about that.)

They can't be saved. They don't want it. They don't care. When people don't care what happens to them, then there isn't really a line between being led to the slaughter, and active suicide. It takes some will to live. Make them fucking show they've got it before you cry over the poor bastards. Because face it: they really are bastards, and they sure wouldn't lift a finger to help you.

Re:Unintended reinterpretation. (1, Insightful)

Anonymous Coward | more than 4 years ago | (#29032547)

Yes. People don't care. That is why software/browsers should be secure and ensure privacy without configuration.

Re:Unintended reinterpretation. (2, Interesting)

causality (777677) | more than 4 years ago | (#29030165)

The problem is, we're failing society as professionals in the IT field -- part of our work (which most likely isn't earning you money) is teaching our friends, family, and interested parties about these problems and how to protect themselves from it because nobody else can or will. That's what has allowed this kind of crap to permeate into the mainstream... It wouldn't be tolerated if people knew better.

I am all for spreading the word and teaching anyone who is willing to learn about these things. It's an important subject and it should be obvious that the current status quo where tracking is commonplace depends entirely on the widespread ignorance that is present. However, this is more like advocacy than prevention and only addresses part of the problem.

The real problem is that so many users are passive and rather uninvolved in their own experience. It's never good strategy to wait around for somebody else with an altruistic motive to assist you when the needed information is out there and basic literacy is the only requirement for using it. I am not arguing that every average user should become an expert, only that some personal responsibility is in order. Balking at the rather modest reading/research effort that would be necessary to have a solid understanding of the basics is a luxury that you can't afford in the face of active attempts to compromise your privacy. I would compare it to saying that you don't feel like getting up to bar the door when there is an enemy at your gates, and it makes about as much sense (i.e. none) in terms of decision-making.

Part of the reason why people "don't know better" is that they assume it's someone else's job. At a corporation where you are not a member of the IT staff, indeed it IS someone else's job. At home where you have full control over your LAN and your equipment, it's your job and you can either take care of it or fail to do so. The price for failing to do so is that you get taken advantage of for the sake of some marketer, or worse. If people could understand it that way, in terms of someone trying to screw them over without their consent, they would delight in the knowledge that there is something they can do about it. Suddenly it wouldn't be "boring computer stuff" but would be about personal empowerment. I think clearly showing that it has a price is the best chance to get rid of this willful helplessness. If you really want to see gigantic improvements not just in unethical tracking, but also in malware and botnets and online fraud, what you need are not informed users, but users who are willing to inform themselves. Then the information they need is not some black box bestowed upon them by members of an esoteric priesthood, but would instead become a useful tool that they take into their own hands.

Perhaps one day we'll have computing appliances that are essentially maintainence-free, so that safely using them requires no more understanding of computing than using your washer/dryer requires an understanding of plumbing and electrical engineering. Right now we don't have that, and I question just how desirable it would be anyway. Computers are not toys or curiosities anymore and haven't been for a long time now. They are increasingly essential to everyday life. Every time you make a financial transaction or surrender personal information, it behooves you to make some effort to have some understanding of what you are doing and how it can be used. Otherwise you are being irresponsible and are failing to protect your interests and there's nothing wrong with saying so. We live now in an age where any literate adult with access to Google can achieve knowledge and understanding that was once the exclusive domain of experts. What we really need is to restore the wonder and sense of empowerment that goes along with this so that people no longer view the most basic research as an unreasonable chore. If that doesn't happen, then this passive victim mentality will cause the average person to be little more than an electronic serf, only it will be a serfdom that they choose because something else was always more important to them.

Re:Unintended reinterpretation. (1)

moderatorrater (1095745) | more than 4 years ago | (#29030169)

Cookies are used for tracking, so cookies should be regulated. But we won't treat cookies like they're special -- we'll regulate all other forms of tracking as well.

No -- just regulate tracking. If you regulate the method, then when a new method comes it's legal. If you just regulate tracking, then you get the same results for all forms.

Re:Unintended reinterpretation. (1)

megamerican (1073936) | more than 4 years ago | (#29030249)

We are supposed to be a representative Constitutional Republic which means that we can dictate what the government can and can't do to us. Just because what we do can be easily tracked and traced whether on the Internet or not doesn't mean we should lay back and let them do it. We have the right to tell them to screw themselves.

If we don't want a corporation to do something we have the power to tell them no by the power of the purse (i.e. don't give them your money) and the power to create voluntary associations opposing them.

Don't look for the government to ever regulate itself or a corporation successfully. At the end of the day it is up to you and me. People have to become leaders no matter how small a contribution you may make.

Re:Unintended reinterpretation. (1)

Monkeedude1212 (1560403) | more than 4 years ago | (#29030289)

The problem is, we're failing society as professionals in the IT field -- part of our work (which most likely isn't earning you money) is teaching our friends, family, and interested parties about these problems and how to protect themselves from it because nobody else can or will.

Are you blaming Us or them?

Because its not that I don't want to teach them. I mean, I'm no different from the next guy, I hate explaining to my mother that what she has is MALWARE and NOT a real antivirus.

But it's because they don't want to have to worry about it. Most people either want:
A) An automated Security system set up by a professional which requires the least amount of user interaction possible
or B) Nothing of the sort to slow down their computer.

If someone ASKED (and they do on the rare occaison) me how to protect their PC I would show them the routine steps they need to preform weekly. I would teach them how to remove their own Malware. I would explain the simple details so they understand what they're doing, and not just following steps.

The problem isn't with us, its with them. They just ask us to fix it when it breaks. They ask us to set it up for them so they don't have to worry about it.

In short, they're asking for fish, not fishing lessons.

Re:Unintended reinterpretation. (0)

Anonymous Coward | more than 4 years ago | (#29030795)

I agree!

I'm a computer professional (not an IT expert) that has never heard of LSOs before today and have not gotten far enough along to have found answers all my questions...

I m looking at all the .sol files onone machine (thanks todc29a). Rather than just blindly delete all of them, I would like to first understand if I would want to keep some. For example, if my bank has a .sol file, do I want to keep that one (yes?) and will it be obviously labeled so that I know it's from my bank (no?). Dunno...

Re:Unintended reinterpretation. (0)

Anonymous Coward | more than 4 years ago | (#29031217)

Sherlock Holmes may be a fictional character several hundred years dead now, but what he said back then applies today on the internet (which I paraphrase here) "Every place you go, you leave something behind and you take something with you."

Um, would you believe less than 100 years [wikipedia.org] ?

For GirlInTraining (0)

Anonymous Coward | more than 4 years ago | (#29031623)

Just curious, do you ever actually read any responses to your posts? Or are you just another drive-by poster who has no intention of actually participating in anything resembling conversation? Seems like the latter case describes you. A lot of users identifying themselves as female seem to think that's a really cool thing to do. All it really means is that anyone with some sense won't bother reading or replying to anything you post.

Re:For GirlInTraining (0)

Anonymous Coward | more than 4 years ago | (#29032325)

FYI: GirlInTraining is in training to become a girl (this is easily verified by reading his/her posting history).

Re:For GirlInTraining (0)

girlintraining (1395911) | more than 4 years ago | (#29034003)

FYI: Girlintraining is a lesbian. -_-

Re:For GirlInTraining (0)

Anonymous Coward | more than 4 years ago | (#29036403)

your sexual orientation is your personal business and does not interest me at all. sorry to burst your bubble on that one as i am sure it's most fascinating to people you actually do know and probably provides you a nice source of free attention whenever you run low. it does interest me whether you actually intend to follow-up when i reply to you since that's much more relevant to slashdot and whether it's worth my time to respond to you. i only mentioned that you were female because the fact that you do something aloof/nonsensical like this is one of the strongest reasons why i believe you really are a woman and not just a guy pretending. anyway i'll probably ignore your posts in the future as you don't seem to value the two-way nature of posting here. maybe TV would be more to your liking?

No.... (1)

Darkness404 (1287218) | more than 4 years ago | (#29029273)

'If users don't want to be tracked and there is a problem with tracking, then we should regulate tracking, not regulate cookies,' Soltani said."

Really, I can't think of a single good reason for the government to use tracking cookies. There are a few simi-legitimate reasons for third-parties to use tracking cookies, but they should not be regulated. If you don't want cookies either

A) Configure your browser to reject certain cookies
B) Clear cookies
C) Clear your Flash cookies
D) Write to a few OSS developers and tell them if you want a privacy program, or add on

Seriously, if people are -that- paranoid they should do the research to figure out how to disable them. If Flash cookies scare them that much, use Flashblock or don't even install Flash.

The next thing we know the senate will try to pass a bill removing all cookies because those are the things that cause Windows to be slow and spread viruses right? Its just like the '90s, all over again.

Re:No.... (0)

Anonymous Coward | more than 4 years ago | (#29030111)

Really, not one good reason? Like the ability to create login sessions that allow both a logout function and the use of the back button? Or login sessions that do not re-submit your password with each new request? Or the ability to remember you search terms if you browse away from the search engine and then back?

Certainly there's the potential for more nefarious use, and it's worthwhile to offer protections against that, but there are 1001 legitimate uses for sessions tracking, most of which are widely in use on almost every non-government website in the world; the no cookies rule is a result of the original cookies scare from 15 years ago, when you could create global cookies to track every website a user visited, and the rule is just as outdated as the scare.

Re:No.... (2, Insightful)

causality (777677) | more than 4 years ago | (#29030405)

Really, not one good reason? Like the ability to create login sessions that allow both a logout function and the use of the back button? Or login sessions that do not re-submit your password with each new request? Or the ability to remember you search terms if you browse away from the search engine and then back?

Certainly there's the potential for more nefarious use, and it's worthwhile to offer protections against that, but there are 1001 legitimate uses for sessions tracking, most of which are widely in use on almost every non-government website in the world; the no cookies rule is a result of the original cookies scare from 15 years ago, when you could create global cookies to track every website a user visited, and the rule is just as outdated as the scare.

True but session cookies can arrange all of that. The case for persistent/permanently stored cookies is much harder to make.

If you are really that concerned... (0)

Anonymous Coward | more than 4 years ago | (#29029309)

...on Windows and on Linux (not sure about Mac OS X) Adobe keeps flash data in two directories. Under Linux you'll find them right in your user home directory hidden as ".adobe" and ".macromedia".

In Windows, you'll find them in the hidden directory "Application Data" in your user directory. They are named "Adobe" and "Macromedia" as well. In Windows 7 (I've been messing around with the RC) you'll find a hidden directory within a hidden directory called "Roaming". I don't know about Windows Vista because I never touched it. This "Roaming" folder should contain the same folders mentioned above.

In any event, if you are so concerned about this issue: DELETE THESE DIRECTORIES. I would advise to be careful of the "Adobe" directory if you use other Adobe software, as there will be more than just Flash player data. Poke around. It's not hard to spot what needs to go and what needs to stay. I don't use any other Adobe software myself so I just have scripts written up to kill these folders on a timed basis.

Flash, hosts, javascript, (1)

jginspace (678908) | more than 4 years ago | (#29029381)

Firstly what business have Clearspring and QuantCast doing anything on your machine? Block them in your hosts file.

Then block Flash for hosts you haven't explicitly allowed.

Optional third step: Block javascript for hosts you haven't explicitly allowed.

Finally, not many people know about this, there's a Firefox extension (mentioned in a post above) for deleting Flash cookies every time you close the browser. This should be a standard feature.

Re:Flash, hosts, javascript, (1)

Zerth (26112) | more than 4 years ago | (#29031511)

VirtualBox/vmware + Seamless mode + Revert State on Exit. Take a snapshot just after opening a browser, treat it like the browser alone.

Every time you close/restart your "browser", you get the ultimate reset button.

Better cookie deleters (1)

dbet (1607261) | more than 4 years ago | (#29029393)

There are some Firefox add-ons that supposedly delete these "super" cookies. Here [mozilla.org] is one example.

I have no idea how well they actually work.

Yet another reason for flashblock (1)

Eevee (535658) | more than 4 years ago | (#29029467)

Flashblock [mozilla.org]

Re:Yet another reason for flashblock (1)

jginspace (678908) | more than 4 years ago | (#29029941)

For Flashblock to run you've got to have javascript enabled. Flashblock is of limited use, particularly with the nasty domains mentioned in the summary. Best to not run anything from those domains.

Re:Yet another reason for flashblock (2, Informative)

Anonymous Coward | more than 4 years ago | (#29031569)

Use Flashblock and NoScript. When you allow scripts on the page, then Flashblock fires up and puts in the place holders.

Flash Website Storage Settings (5, Informative)

wile_e8 (958263) | more than 4 years ago | (#29029471)

Go here [macromedia.com] to see all the flash cookies and delete any and all you don't want. Might not be as easy as deleting a directory, but I don't necessarily want to delete them all.

Re:Flash Website Storage Settings (1, Informative)

Anonymous Coward | more than 4 years ago | (#29029973)

This content requires Flash

Download the free Flash Player now!

Re:Flash Website Storage Settings (1)

John Hasler (414242) | more than 4 years ago | (#29032063)

> Go here [macromedia.com] to see all the flash cookies... ...that Adobe wants you to see (and that their buggy software can detect).

Good browsers let the user choose (3, Informative)

gurps_npc (621217) | more than 4 years ago | (#29029633)

In Firefox, the "Better Privacy" addon deletes flash cookies. Any browser that doesn't offer that kind of control is not worth getting. In my opinion, Firefox without "TACO" (auto creates a bunch of "opt out" cookies without any identifing details), "Better Privacy" (removes flash cookies)and "NoScript" (prevents unwanted scripts - including site-jacking stuff), is not fully installed.

Re:Good browsers let the user choose (1)

gad_zuki! (70830) | more than 4 years ago | (#29030263)

>Any browser that doesn't offer that kind of control is not worth getting.

Well, without that add-on Firefox doesnt either. The question here is why doesnt Firefox do this natively?

Re:Good browsers let the user choose (1)

BenoitRen (998927) | more than 4 years ago | (#29030547)

Firefox doesn't do it natively because Flash is a plug-in that has full control. There is no way to stop the placement of Flash cookies. BetterPrivacy is a specific band-aid.

Re:Good browsers let the user choose (1)

gad_zuki! (70830) | more than 4 years ago | (#29031019)

That makes no sense to me. Whatever code that add-on can run, Firefox can run. The firefox maintainers just dont want it.

Re:Good browsers let the user choose (0)

Anonymous Coward | more than 4 years ago | (#29032365)

Then maybe you should read it again until it makes sense.

Flash is a third-party plug in that is not affiliated or related to Firefox in any way, shape, or form; so Firefox has no responsibility for, nor any business trying to clean up after Flash.

Re:Good browsers let the user choose (2, Insightful)

TopSpin (753) | more than 4 years ago | (#29031057)

The question here is why doesnt Firefox do this natively?

The answer is that the browser is ignorant of what Flash is doing with the hard drive. HTML cookies and Flash cookies (LSOs) are not related. Firefox is not aware of and has no mechanism to control what Flash does with your disk.

Flash Player (for Mozilla/Firefox) is based on the ancient and crufty NPAPI. This interface provides no generic "clear your temporary crap" hook for the host (browser.) It should; it's 2009 and this browser thing has been going on for 15 years now...

IE 7 has a feature in "Delete Browsing History" that prompts the user to delete "files and settings stored by add-ons." I've never confirmed whether this means "flash cookies" (because I don't rely on IE for anything...) but that is what is implied, so this isn't some novel idea unheard of in the traditions of the Internets.

Dear Mozilla,
    It is incumbent upon you as the present keeper of the NPAPI specification, such as it is, to extend said specification to provide a generic mechanism to monitor and control any and all storage utilized by third party plug-ins, and then encourage third parties (nasty warnings on plug-in invocation would work...) to adopt this extension. Please do so THIS decade. Do not continue to delay the obvious because NPAPI is an unholy mess; privacy trumps engineering elegance.
Thanks!

Erase them with BleachBit (0)

Anonymous Coward | more than 4 years ago | (#29029813)

BleachBit [appspot.com] is an open source cleaner for Linux and Windows. It cleans Flash cookies and 50 other items.

I use R-wipe to delete flash cookies/etc. (1)

dicobalt (1536225) | more than 4 years ago | (#29029833)

Got it scheduled to run periodically and it never causes a problem. Of course I also use ABP and Noscript so most the flash objects I do get are ones that are safe anyway. For those interested Flash stores it's crap in: C:\Users\nicon\AppData\Roaming\Macromedia\Flash Player\#SharedObjects Probably somewhat similar on other OS' user home directories as well.

View/delete your flash cookies (1)

Derrikex (1129819) | more than 4 years ago | (#29029909)

You can view/delete your flash cookies here: http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html [macromedia.com]

There's also a firefox plug-in: http://objection.mozdev.org/ [mozdev.org]

I agree, regular tracking regardless of the technology used.

Re:View/delete your flash cookies (1)

j-stroy (640921) | more than 4 years ago | (#29030903)

MOD PARENT UP. THANK YOU SO MUCH!!! There are several tabs which have essential settings.

Why can't they be blocked easily? (1)

Nom du Keyboard (633989) | more than 4 years ago | (#29029943)

Why can't the cookie blocker and/or cookie cleaner take these out as well? This is presented that only some arcane going to the Adobe website can deal with them. Why are they so hard to kill otherwise?

Re:Why can't they be blocked easily? (1)

zuperduperman (1206922) | more than 4 years ago | (#29031631)

Because Flash is a giant security hole that does an end run around the browser and stores it's own cookies completely separately. Your browser has no better idea of what flash cookies you are storing than it does what word processor documents you saved last week.

The security settings on Flash are simply obnoxious - changing them in any permanent manner is tedious, fragile and difficult. It's the main reason I have no flash plugin in my default browser (if I want to use flash I open the page in a different browser which I use only for that stuff).

Re:Why can't they be blocked easily? (1)

Kalriath (849904) | more than 4 years ago | (#29032679)

Personally, I use 64 bit IE. Not only do I not have Flash installed in the browser, the browser isn't capable of running 99% of malware (because who compiles their "toolbars" in 64 bit?)

Appears CCleaner will remove these Flash cookies (0)

Anonymous Coward | more than 4 years ago | (#29029969)

I tried the "Better Privace" addon to see which flash cookies I have and was surprised to see very few (gmail mainly). When running CCleaner, even these were removed (only the Adobe Flash settings were left).
http://www.ccleaner.com/ [ccleaner.com]

Clearspring-quantcast ips for hosts file (0)

Anonymous Coward | more than 4 years ago | (#29029993)

Anyone have an up-to-date list of the clearspring and quantcast ip addresses so we can 127.0.0.l them in our hosts file as an added protection measure besides the other solutions listed here? Thanks!

LocalStorage (0)

Anonymous Coward | more than 4 years ago | (#29030203)

... is also going to become another thing people will need to watch out for.
Any old site can use up to 5MB (10MB in IE) of space on your HDD for whatever the hell they want, really. (i think these were the numbers, it is what i read the other day there when looking up some stuff)

Although i'm not sure if a site has to be given permission beforehand, like how Gears asks for permission for sites to use it.
I would surely hope that this was a consideration for the spec, but i haven't gotten around to reading the full HTML5 spec yet. (might do that tomorrow actually)
I just hope they don't bullshit around with "only allow a site to host X bytes of storage" like in Flash, it is bad enough there is a difference between The Good Group and the Hell-spawn itself AKA Internet Explorer.

/dev/null (3, Informative)

dtschmitz (1601217) | more than 4 years ago | (#29030385)

What I do: #remove the existing macromedia directory and set a link to /dev/null
$cd && rm -rf .macromedia && ln -s /dev/null .macromedia
Be Safe!

Dietrich T. Schmitz & Associates [dtschmitz.com]
Cloud Computing Services

Re:/dev/null (0)

Anonymous Coward | more than 4 years ago | (#29030731)

Please keep your pagerank spam out of here. Thank you.

forget the cookies, what I want to know is why (2, Insightful)

fast turtle (1118037) | more than 4 years ago | (#29032287)

flash wants to grant access to my mic and camera to every damn website in the fucking world? Shouldn't it be denied by default and ask the user before granting that permission? To me this would certainly cut down on some of the flash vulnerabilities because now it's accessing other subsystems such as the MS Speech setup.

To any moron who would say 'regulation is bad' (1)

unity100 (970058) | more than 4 years ago | (#29032315)

i would like to remind that ANY kind of law is a regulation. including the laws that ban and punish murder, including the laws that prevents people from funding private armies, or cutting other people's heads.

if you dont oppose such laws, you shouldnt oppose proper regulations.

and no. there are no differences in between 'regulation' and 'laws'. that's some delusion that hordes of republicans have created in america through endless yelping.

Good article, thanks! (1)

LaraineMae (1516761) | more than 4 years ago | (#29033179)

Read the article and all the comments, installed BetterPrivacy and it works great. Using the default configuration, it deleted 140 Flash Cookies/LSOs. No problems with any of the sites I normally use. I also use Flashblock, Ghostery, and NoScript.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...