Beta

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Adobe Rolls Out Privacy Controls In Flash Player 10.3

Soulskill posted more than 3 years ago | from the things-most-people-will-ignore dept.

Media 63

adeelarshad82 writes "Adobe has released Flash Player 10.3, which includes enhanced privacy controls for how your activity is tracked online. Users can now clear local storage — sometimes known as 'Flash cookies' — on versions of Chrome, Internet Explorer, and Firefox. Flash cookies, or local shared objects, made headlines last year when the Federal Trade Commission released a report that called on browser makers to include a 'do not track' option in their products. The FTC also mentioned Adobe because it said the cookies gathered by Flash are collected regardless of the browser's settings."

cancel ×

63 comments

Sorry! There are no comments related to the filter you selected.

Flush (5, Informative)

conner_bw (120497) | more than 3 years ago | (#36121690)

I first took notice of these abominable cookies last year when I read an article about the Evercookie [slashdot.org] .

At the time I freaked out and found Flush [machacks.tv] for OSX. I've been using it ever since.

Flash Cookies are appended with `.sol`

Linux:

~/.macromedia/Flash_Player/#SharedObjects/

Mac OS X:

~/Library/Preferences/Macromedia/Flash Player/#SharedObjects
~/Library/Preferences/Macromedia/Flash Player/macromedia.com/support/flashplayer/sys

Windows:

%APPDATA%\Macromedia\Flash Player\#SharedObjects\
  %APPDATA%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\

In my spare time I play sudoko [sudokurush.com] .

Terrible.

Re:Flush (0)

Anonymous Coward | more than 3 years ago | (#36121792)

Very useful post. Thanks!

Just removed 30MB of crap. Entire ~/.macromedia folder, gone. I almost shed a tear ;)

Re:Flush (0)

Anonymous Coward | more than 3 years ago | (#36121812)

Linux:

#!/bin/bash
rm -rf ${HOME}/.{adobe,macromedia}/Flash_Player/

FTFY.

Re:Flush (2)

causality (777677) | more than 3 years ago | (#36122404)

Linux:

#!/bin/bash
rm -rf ${HOME}/.{adobe,macromedia}/Flash_Player/

FTFY.

Has anyone ever experienced a single ill effect, or even slight inconvenience, from deleting ~/.adobe and ~/.macromedia and replacing both with symlinks to /dev/null?

If not, I wonder how difficult it would be to make those an /etc/skel/ default in major distributions. It should be an easy sell, considering decisions with fewer benefits that cause problems for many more users (such as replacing ALSA with PulseAudio as a default sound system) have become default for several major distros.

Re:Flush (1)

starofale (1976650) | more than 3 years ago | (#36123042)

I've been deleting ~/.adobe and ~/.macromedia regularly for quite a while now and haven't had any unexpected problems. The only downside is that it deletes my progress in flash games.

Re:Flush (0)

Anonymous Coward | more than 3 years ago | (#36123954)

Has anyone ever experienced a single ill effect, or even slight inconvenience, from deleting ~/.adobe and ~/.macromedia and replacing both with symlinks to /dev/null?

That's what I've done for years. Youtube still works. Other streaming sites like blip.tv or justin.tv don't work, however. I made a shell script to enable/disable these directories as needed.

Re:Flush (1)

John Hasler (414242) | more than 3 years ago | (#36122558)

> Linux: ~/.macromedia/Flash_Player/#SharedObjects/

"~/.macromedia/Flash_Player/#SharedObjects/ -> /dev/null"
works for me. I also have "~/.adobe/Flash_Player/AssetCache -> /dev/null".

Re:Flush (1)

florescent_beige (608235) | more than 3 years ago | (#36123254)

Firefox: BetterPrivacy [mozilla.org]

Being able to manually delete LSO's is ok but too labour-intensive. The addon above lets you delete-on-close like regular cookies you flag as "allow for session" in FF.

Re:Flush (0)

Anonymous Coward | more than 3 years ago | (#36124050)

Seconded. Lets me protect my bank's supercookie and blows away the others on close. I just installed 10.3 and Flash settings shows only that one flash cookie I allow from my bank.

I check-marked the new Flash setting to ask permission for each site before storing a flash cookie, but I'll still use BetterPrivacy to blow those cookies away at the end of browser session for now.

Now we just need a Flash setting that keeps my laptop's batteries from draining due to all the Flash advertisements my gf has in her IE tabs. Even when I'm switch-usered out of her account in Win7, her IE sessions are battery-sucking vampires. You'd think with all the sophisticated power advisory crap in Windows these days, Flash advertisements would sleep when their windows aren't even visible.

Use a ramdisk? (2)

elashish14 (1302231) | more than 3 years ago | (#36123304)

I have my ~/.adobe and .macromedia folders linked to a ramdisk. Sometimes it's necessary to allow flash cookies for limited time uses. For example, once southparkstudios.com wouldn't load and temporarily enabling flash cookies resolved the problem (my memory is hazy, but I think this happened about a year and a half ago). Since I turn off my computer every night, it's (hopefully) not a big deal if my cookies are only saved for a few hours/days at a time. Likewise, I think it's relatively safe if I set firefox to save cookies only until my browser closes.

Re:Flush (1)

whereiswaldo (459052) | more than 3 years ago | (#36123912)

Install the Better Privacy [mozilla.org] addon for Firefox. It lets you manage LSOs and delete them on exit.

*sigh* on and on with this privacy BS (0)

countertrolling (1585477) | more than 3 years ago | (#36121694)

You do not, control, your privacy.. Your hardware and service provider do.. aieet?

Re:*sigh* on and on with this privacy BS (1)

spun (1352) | more than 3 years ago | (#36121868)

You might not control your privacy, but you could at least try to, control, your use, of commas. And I just have to ask, who controls your hardware and service provider?

Re:*sigh* on and on with this privacy BS (1)

Anonymous Coward | more than 3 years ago | (#36121912)

I read it as if he were trying to be a cheerleader. "You do not *clapclap* control *clapclap* your privacy!"

Re:*sigh* on and on with this privacy BS (1)

spun (1352) | more than 3 years ago | (#36121950)

He should have used an em dash for that purpose.

Re:*sigh* on and on with this privacy BS (1)

countertrolling (1585477) | more than 3 years ago | (#36122850)

Thank you, I'll make a note of it...

How do you make it render on Slashdot? Using two dashes is very... uncouth..

Re:*sigh* on and on with this privacy BS (1)

spun (1352) | more than 3 years ago | (#36123088)

Ampersand mdash semicolon — like so.

Re:*sigh* on and on with this privacy BS (3, Funny)

DaftDev (1864598) | more than 3 years ago | (#36121894)

You do not, control, your privacy..

William Shatner, is that you?

I'm almost as paranoid about online privacy, but I will take these small victories when I can.

Re:*sigh* on and on with this privacy BS (0)

Anonymous Coward | more than 3 years ago | (#36124102)

Lucy, in the sky [wikimedia.org] , with priceline-dot-com...

[ WARNING: do NOT listen to the clip from Mr. Tambourine Man if you value your sanity. ]

Re:*sigh* on and on with this privacy BS (-1)

Anonymous Coward | more than 3 years ago | (#36121944)

Suck a dick. Aieet?

Re:*sigh* on and on with this privacy BS (1)

uncanny (954868) | more than 3 years ago | (#36122028)

Orly? So if I leave all of my information unprotected on my laptop and it gets stolen, all I have to do is contact my ISP and everything is safe? And here I thought encryption, passwords, etc were helping, I'm, such, a, fool!,!,!,!,!
Hey everyone, my password is chol5era, go ahead try to use it, hardware and ISP will protect me!

Stupid cookie jar, with hands caught in it & s (1)

Toe, The (545098) | more than 3 years ago | (#36122064)

So the lesson is: providers do whatever the hell they want with your data until they get caught and enough people complain. Then within a year or two, they put out a "fix."

After that, you can be 100% positive that they are completely looking out for your privacy. Right? All you have to do is... um, well it is closed source. But they say it's OK now.

Gnash anyone? (1)

hedwards (940851) | more than 3 years ago | (#36121698)

Hmm, apparently, gnash has been ported to Windows. I'll have to see how well that works. But given that pretty much the only Flash I use is youtube, gnash ought to suffice.

Given how many things are wrong with Flash, this is barely a blip on the screen.

Re:Gnash anyone? (2)

Shikaku (1129753) | more than 3 years ago | (#36121772)

Pretty sure there are loads of greasemonkey scripts that make it an embed movie.
http://userscripts.org/scripts/show/50771 [userscripts.org]
Like this one.

Re:Gnash anyone? (1)

CharlyFoxtrot (1607527) | more than 3 years ago | (#36122670)

But given that pretty much the only Flash I use is youtube, gnash ought to suffice.

Have you considered using the Youtube HTML5 beta [youtube.com] ?

Re:Gnash anyone? (1)

lucian1900 (1698922) | more than 3 years ago | (#36123612)

Sadly, it's only active on a small subset of all videos, with missing features too.

Re:Gnash anyone? (1)

CharlyFoxtrot (1607527) | more than 3 years ago | (#36123704)

Maybe I'm just very lucky but I'm not seeing a lot of video's that don't load, this is with Safari maybe there are less WebM video's than H.264 ? The interface could use a little TLC but I guess non-flash technologies are taking a backseat at Google at the moment.

Re:Gnash anyone? (1)

lucian1900 (1698922) | more than 3 years ago | (#36126308)

Many videos are flash regardless of format. Also, all tv shows are flash.

What about enhanced security fixes (0)

Anonymous Coward | more than 3 years ago | (#36121728)

New vulnerabilities and outdated software versions seem to be the norm. Time to flush flash down the toilet.

Re:What about enhanced security fixes (2, Insightful)

icebike (68054) | more than 3 years ago | (#36121860)

I first knew Flash was evil when there were no such controls in the first version ever released.

How much more acceptance would there be of this product if they had just built in some level
of end-user control from the beginning? Cookie clearing, Don't play till I say, No sound till I say,
Continuous loops controls, etc, etc.

Instead they thru all their weight at supporting punch-the-monkey advertisers and to hell with
the users.

Re:What about enhanced security fixes (2)

causality (777677) | more than 3 years ago | (#36122306)

Instead they thru all their weight at supporting punch-the-monkey advertisers and to hell with the users.

Which made them an obscure company that only the most hardcore geeks have ever heard of, producing software that no one uses.

That would have been more ideal anyway.

Instead, "users" tend to display the same masochism as the most stereotypical battered spouses. "He didn't mean it, I'll give him benefit of doubt, this time he'll CHANGE, he said he'd change and I know he really means it, all those other times were different, this time it's for real!" No matter how asinine or abusive a company becomes, no matter how insecure their products, no matter how anti-customer their actions, people will keep coming back for more. That's the root cause of the problem; to address anything else is to get distracted by secondary and tertiary effects.

We'll have real privacy and security the moment average people value those things more than they value OOH SHINY! Until then it's difficult to blame the companies for treating them like ignorant sheep when they're so willing to assume that role. Don't get me wrong, the suits who make these decisions are still bastards but they're only responding to a sort of demand. If you're interested in effecting a permanent change you have to get over that and focus your efforts on convincing users to change their priorities and attitudes.

Re:What about enhanced security fixes (1)

Anonymous Coward | more than 3 years ago | (#36122510)

"I first knew Flash was evil when there were no such controls in the first version ever released."

Checking into reality can lead to less unhappiness. When Flash introduced local-storage towards 2002, there was also per-domain control. But a SWF can be any size, and Player has no native UI chrome. That's why the context-click to call up "Settings" brought up a webpage, which hosted a SWF using and controlling your own local data.

In the last few years browsers have also introduced local-storage, and so awareness grew. Adobe co-developed the NPAPI interface so browser UI can control plugin storage.

Rephrased, the control has always been there, but the interface is now more closely integrated with both browser and OS.

jd/adobe

Or .... (1)

gstoddart (321705) | more than 3 years ago | (#36121742)

Or, you don't install it.

Personally, I've hated Flash for almost a decade and don't install it if I can avoid it ... usually my work machines end up needing it for some 3rd party site they force us to use. But, I don't make a habit of having it enabled.

I'm not sure I can name one instance where I found Flash to be useful or something I'd want. Although, who knows, maybe I'm missing out on something really cool ... but my experience with Flash has primarily been about having half a dozen ads on screen that are all in motion.

Well, that and the fact that it's been a gaping security hole since forever.

Re:Or .... (2)

VortexCortex (1117377) | more than 3 years ago | (#36122074)

Or, you don't install it.

Personally, I've hated Flash for almost a decade and don't install it if I can avoid it ... usually my work machines end up needing it for some 3rd party site they force us to use. But, I don't make a habit of having it enabled.

I'm not sure I can name one instance where I found Flash to be useful or something I'd want. Although, who knows, maybe I'm missing out on something really cool ... but my experience with Flash has primarily been about having half a dozen ads on screen that are all in motion.

Well, that and the fact that it's been a gaping security hole since forever.

I agree... Besides, Flash is just like using JavaScript (well... ActionScript) to animate a bunch of graphics primitives or to stream a video. These are things that browsers can do without Flash -- I mean, HTML5 gives you almost all the same featu r e s --- HEY! Shit! We've been dupped into letting the browser makers create their own integrated version of Flash!

Oh, never mind -- It's all OK, it will be codified as a web standard...Just like the current HTML4.01 is -- What could possibly go wrong?

Re:Or .... (0)

Anonymous Coward | more than 3 years ago | (#36123440)

It isn't like Javascript, because I have a lot more control over what Javascript does, and I don't rely on any particular company to be able to run Javascript. (Including a dependence on their particular implementations)

Unlike HTML4, Flash has never been an open standard and there have always been many different implementations and a lot of freedom

Re:Or .... (1)

plover (150551) | more than 3 years ago | (#36122110)

Yay for flashblock and noscript. It is the only way to surf with any hope of safety from the drive-by crapware, and even then I don't have a lot of warm fuzzies.

Re:Or .... (1)

drinkypoo (153816) | more than 3 years ago | (#36122132)

Noscript has *block built in now... you don't need flashblock any more. Works with the noscript trust lists and uses placeholders just like flashblock (Except a noscript icon.)

tracking (1)

Anonymous Coward | more than 3 years ago | (#36121836)

A bit more important addition is more tracking : http://slashdot.org/submission/1581820/Flash-Player-103-adds-tracking

Re:tracking (0)

Anonymous Coward | more than 3 years ago | (#36122098)

Yuck. http://www.omniture.com/en/products/online_analytics/sitecatalyst
I use adblock to block out analytic and other tracking sites. I don't suppose that will be possible if the analytics are collected through a flash video.

Re:tracking (1)

icebike (68054) | more than 3 years ago | (#36122134)

A bit more important addition is more tracking : http://slashdot.org/submission/1581820/Flash-Player-103-adds-tracking [slashdot.org]

Its not at all clear that this is tracking. That term was introduced by the link you posted.

From the source quoted in the link you posted:

Media Measurement for Flash allows companies to get real-time, aggregated reporting of how their video content is distributed, what the audience reach is, and how much video is played.

How distributed, Audience numbers, and how much of the video is actually viewed seem pretty innocuous on their face.
The devil, of course. is in the details. It could be all server side, with no tracking per say, everything you could currently get from from a web server log (user agent ID, hit counts) plus additional info (such as percent/bytes transmitted) from the streaming engine.

But this is Adobe. So we are left with assuming evil intent or simple incompetence. My Hanlon Meter [wikiquote.org] pegs both pins when Adobe is involved.

Re:tracking (1)

causality (777677) | more than 3 years ago | (#36122370)

A bit more important addition is more tracking : http://slashdot.org/submission/1581820/Flash-Player-103-adds-tracking [slashdot.org]

Its not at all clear that this is tracking. That term was introduced by the link you posted.

From the source quoted in the link you posted:

Media Measurement for Flash allows companies to get real-time, aggregated reporting of how their video content is distributed, what the audience reach is, and how much video is played.

How distributed, Audience numbers, and how much of the video is actually viewed seem pretty innocuous on their face.
The devil, of course. is in the details. It could be all server side, with no tracking per say, everything you could currently get from from a web server log (user agent ID, hit counts) plus additional info (such as percent/bytes transmitted) from the streaming engine.

But this is Adobe. So we are left with assuming evil intent or simple incompetence. My Hanlon Meter [wikiquote.org] pegs both pins when Adobe is involved.

That's just it. The reasonable assumption is that there is no sense in implementing a new "feature" that doesn't tell companies anything they couldn't already know from their HTTP logs. There is already a plethora of tools for parsing HTTP logs and gleaning usage information. As a business decision it wouldn't make much sense for Adobe to create a "me too!" reinvention of that wheel; the resources would be better spent elsewhere. It's well-founded to assume until proven otherwise that this is a more intrusive method of tracking users.

Nifty control panel applets (0)

Anonymous Coward | more than 3 years ago | (#36121846)

It's nice that Adobe finally gave users the ability to change some of the flash settings with its own control panel applet instead of having to do it with a flash application already running in the browser. It's especially nice that they included one for Linux as well.

Re:Nifty control panel applets (0)

Anonymous Coward | more than 3 years ago | (#36121968)

But unfortunately Adobe forgot how to build the 64bit plugin about 6 months ago, or managed to outsource all the development to some third world country where they can't afford 64bit cpus.

no autoload (3, Interesting)

fermion (181285) | more than 3 years ago | (#36121878)

All I want is a button that will set flash content to load only with approval. This is already done third party, but if Adobe did it one might think Flash was more than just a method to push near pornographic advertising onto innocent users. As it is, the infrastructure to approve cookies is horribly unreliable.

Re:no autoload (0)

Anonymous Coward | more than 3 years ago | (#36122358)

You would trust Adobe with the henhouse keys? I think its good the 'control' can be enforced by a third party.

Adobe have two great evils to their name - Flash and PDF. And a string of lesser evils no doubt. Their otherwise brilliant PhotoShop has been tainted by the dial-home marketing division (2 of my legit licenses self-vaporized - I won't pay Adobe ever again).

Re:no autoload (1)

lucian1900 (1698922) | more than 3 years ago | (#36123622)

The PDF format is actually pretty good. Why hate on it?

Amazing! (1, Insightful)

neoform (551705) | more than 3 years ago | (#36121926)

It's only taken until version 10 for them to add such advanced features such as deleting cookies...

Re:Amazing! (0)

Anonymous Coward | more than 3 years ago | (#36123168)

It's only taken until version 10 for them to add such advanced features such as deleting cookies...

well, if it makes you feel better, they were only introduced with version 6

Re:Amazing! (1)

blindseer (891256) | more than 3 years ago | (#36125304)

That's nothing compared to how long it took car manufacturers to take ash trays out of cars.

Does that qualify as a car analogy?

Re:Amazing! (2)

Alistair Hutton (889794) | more than 3 years ago | (#36125418)

No, they've just added an easier way of deleting cookies. Deleting cookies has been available for as long as they've had LSOs as far as I am aware.

OMG!!! (0)

Anonymous Coward | more than 3 years ago | (#36122054)

Adobe released a new version of flash that wasn't required to fix gaping security holes???

Yet 90% of my web browsing is with Flash disabled (1)

XahXhaX (730306) | more than 3 years ago | (#36122660)

Over umpteen versions and so many years, and they still haven't added settings to disable audio (banners and embedded video commercials with audio enabled have become worse over time) and it has only grown increasingly bloated over hogging processing and memory. Thankfully Opera makes it simple and accessible to disable the plugin for the majority of browsing, or even on a per-site basis for the worst offenders. But these are things that Adobe should be implementing so users can take control of what plays on their PC.

One of the things I had to consider when I bought my iPhone recently was that it couldn't play Flash--and the more I debated this the more I realized that 99% of Flash on the web is now junk. Despite the occasional Flash game or intentionally viewing an embedded video, I suspect we would all be better off without it on most sites.

And it'll still be an insecure CPU hog. (2)

gstrickler (920733) | more than 3 years ago | (#36122674)

I've been running Flash free for several months, except for Flash built in to Chrome. I don't use Chrome as my primary browser, so sites see me as someone without Flash. When I need to access something that requires Flash, I open it in Chrome. If it requires Flash and it won't work in Chrome, I won't use the site.

Interesting side note, most sites that require Flash give me an incorrect message saying:

"WE'RE SORRY"

You need to update your Flash Player.

I don't need to update anything, I don't have Flash installed, and I want it that way. Very few give me a message saying I need to install Flash Player for the site to function (correctly). Note to site developers, STOP designing sites that require Flash to work.

These were good tool against fraud... (1)

nichachr (98296) | more than 3 years ago | (#36122820)

While I'm happy to see this as an end user - they did have good applications as well. They were a great mechanism for tracking fraudsters across cookie wipes... The more savvy ones knew better but for those who didn't it saved us a lot of losses...

64-bit (3, Informative)

cratermoon (765155) | more than 3 years ago | (#36122888)

Still no official support for 64-bit platforms. That Nov 2010 release of 'Square' is the only thing that works on my Firefox 4 64-bit build with Snow Leopard.

Re:64-bit (1)

The One KEA (707661) | more than 3 years ago | (#36124034)

Agreed. The continued silence from Adobe regarding native 64-bit-capable Flash players for ANY platform is a major problem on their part that needs to be fixed - I haven't heard a word about new 64-bit releases for Windows or Mac OS X, much less Linux.

Re:64-bit (1)

lolcutusofbong (2041610) | more than 3 years ago | (#36124256)

Linux had 64-bit Flash by mid-2008. They just scrapped it, since it sucked horribly, and 'Square' is the beginning of essentially Flash64 version 2.x.

Re:64-bit (1)

Billly Gates (198444) | more than 3 years ago | (#36131122)

It seems non Windows users are left in the cold whether they use 64 bit or not.

The mac I think finally has video acceleration but the Windows users still have the best experience ... this is for the 32 bit version. Windows 7 has had full hardware acceleration with 64 bit since 10.1.

Slim Version (2)

MrL0G1C (867445) | more than 3 years ago | (#36123488)

Slim quick install versions without crapware at the bottom of page on Adobes site here:
Slim Version [adobe.com]

Camera and Mic (1)

Anonymous Coward | more than 3 years ago | (#36123682)

It still accesses the camera and mic. It ain't safe if we can't have the choice of not installing that functionality in the first place.

Can now delete flash cookies? Um, that's no new (1)

Alistair Hutton (889794) | more than 3 years ago | (#36125412)

For as long as I've used flash you've had the ability to delete the flash cookies. Does 10.3 make this somehow easier? Becaus otherwise that's a load of bull to mention that as a new feature.

EDIT: Okay, I've now read TFA, they've made it easier - not that they've made it possible.

iPad Convinced Me Flash is Unnecessary (1)

bedouin (248624) | more than 3 years ago | (#36125720)

For about 15 years I would install Flash upon getting a new machine or restoring one. I might go by a few days without downloading the plugin, but eventually there would be some circumstance where I conceded.

I've been using the iPad most of the day lately and the lack of Flash is rarely a problem, certainly not one that would convince me to leave the couch and go to my desktop. When I do encounter Flash my first thought is, "Good thing this will soon disappear like RealPlayer eventually did.". If your website didn't have enough foresight not to use Flash in 2011, then it's not worth visiting.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?
or Connect with...

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>