Flash cookies are a new way of tracing your movement and storing a lot more information about you than with normal cookies. One major disadvantage of flash cookies is that you can’t locate them in your browser. They are not shown in the list of cookies that you can see when you take a look at the cookies that are currently saved in your web browser. Normal HTTP cookies can’t save more than 4 Kilobyte of data while Flash cookies can save up to 100 Kilobyte. If you want to try out how they work you could do the following.
Go to Youtube, increase or decrease the volume of the videos and delete all cookies afterwards. You will notice that the volume level is still at the same level when you close your browser and open it again. This is done with so called Local Shared Objects, better known as Flash cookies. The main question is of course how a computer can be checked for Flash cookies and how it would be possible to delete those cookies again.
This is actually a very tricky thing. I was searching for a way to check them on my computer but could not find it. After reading some information on the Adobe Flash Player website I was able to realize that the only possibility to check them was to open a page on the Adobe site which would show them.
The so called Settings Manager can be accessed from the Adobe website but is running locally on your computer. The Website Storage Settings display all Flash cookies that are currently saved on your computer. You can delete flash cookies from individual sites or all at once. It is also possible to increase or decrease the Kilobyte size of all information that are stored on your computer.
Adobe does not have access to the settings that you see in the Settings Manager or to personal information on your computer.
No Flash Cookies will be saved if you go into Global Storage Settings and disable the option “Allow third-party Flash content to store data on your computer”.
47 websites did store Flash cookies on my computer and I decided to delete all of them and disable the feature to be on the safe site. Did you know about Flash cookies ? How many did you find on your pc ?
Related posts:
- Manage Flash Cookies with Better Privacy
- Delete Flash Cookies
- Four Options To Deal With Flash Cookies
- Display Detailed Flash Cookies Information With Flash Cookies View
- Flash Player 10.1 To Support Private Browsing
- Add And Edit Cookies Firefox Extension
- Mozilla Checks Flash Version After Firefox Updates
- Install Adobe Flash Without Adobe DLM
Even more funny is when Flash makes the webcam and the microphone send everything you do in front of your screen. It is worth to learn what Adobe Flash can do and how to parameter it.
Great tip Martin. Good to know what browsers can do on your local machines.
have a look in
dir “%appdata%\macromedia\flash player\#sharedobjects”
This is the first time I hear about this, and it is a very disturbing info!
Thank you for an excellent post!!!
I’ve made a Quick-and-dirty Flash-Cookie-Killer after reading this post. Feel free to use it :-)
Download (15.388 Bytes) : http://dropster.org/3lob8czc063f/fck_0_5_0.zip
Hi Martin,
Flash Cookies are stored in directories depending on the OS.
In Windows it is in,
[Root drive]:\Documents and Settings\[username]\Application Data\Macromedia\Flash Player\#SharedObjects\
where [Root drive] is the drive on which the OS is installed and [username] may vary for all users.
I usually delete everything I find in the above dir.
Flash Cookies are files with a .SOL extension.
For non-Windows users,
Macintosh OSX /Users/[username]/Library/Preferences/Macromedia/Flash Player
GNU-Linux ~/.macromedia
Cheers..
Tech Xpress
Thanks for this info. I wasn’t aware of this bit of spyware. To those of you who wish to have control over deleting this junk, write the following batch file in NotePad and put it into the [All Programs] [StartUp] tab of your Windows [Start] button:
del /f C:\Documents and Settings\[your user directory here]\Application Data\Macromedia\Flash Player
This delete batch file will run everytime your Windows boots up.
Note I’m suggesting deleting the entire Flash Player directory, not just the \Flash Player\#SharedObjects sudirectory, as I have found some info also stored in the \Flash Player\macromedia.com\support\flashplayer\sys subdirectory.
Flash cookies are nothing new. Local Shared Objects have been around since at least Flash 6. I have use LSO’s for a long time. They have been used to keep track of local high scores in flash based games and MANY other tasks. So you need to make a correction, and withdraw it being new. Unless you are consider 3+ year technology new.
Jamie they are probably not new but relatively unknown to many users on the Internet.
They were certainly unknown to me. Now that I found out, I now trust Adobe/Macromedia as much as I trust Sony and it’s rootkits — NOT!
Thanks a lot for the great feedback. I’ve implemented your most wishes in this update.
http://dropster.org/grab/3kfyw8taoenv/fck_0_5_1.zip?origin=web
Excellent Post!!
I knew about separate type of cookies for flash but didn’t know that they can be accessed only from a macromedia.com page. Very informative post.
Copies of these LSO’s files persist even after you think remove them using the nonintuitive & hidden Adobe control panel. Check \Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys after deleting the LSO’s.
I think Adobe intentionally tries to deflect privacy concerns about these LSO files by putting the settings related to them on multiple different tabs, and referring to them as “storage” settings rather than “security” or “privacy” settings, as cookies are in most web browsers.
Flash wouldn’t work very well without these little helpers. Most of the applications you use have to use these files for basic function. You can be on the safe side and delete these files if you wish, but really, you need to stop entering personal information into flash forms anyways. Thats the only way any data like that would be written on to your computer.
Kinda creepy you guys are so paranoid…YouTube, Myspace, all that jazz, are social networks. Anything you put out their, and anything you watch is up for grabs. Youtube get it…its TV all about you.
I agree with Levi. The only difference between Flash cookies at browser cookies is size. So what if Flash cookies can be bigger? You can easily store all your most sensitive information in the a 4K browser cookie, so it’s really about the same “security risk”. In fact it’s possible from Flash to exchange cookies with the browser anyway!
As Levi said, just make sure you trust the site presenting a form for you to type personal information into. Given to the wrong party, it can be abused no matter what kind of cookie is used. Surf safe!
Hey gHacks, do you know if it’s possible to read / view the contents of these flash cookies? Thx a lot!
Thanks for this important info. When I located the folder that stored the cookies, I found that there were loads of them. All put there to spy on me. Disgusting. They should be exposed for this covert spying.
Actually, even doing that isn’t enough. I followed the steps outlined above and am currently running macromedia’s flash under linux and it continues to save stuff to my computer. Granted, it’s no longer doing so under the SharedObjects folder, it’s still allowing stuff to be saved to the /support/flashplayer/sys/, even though I additionally set the storage space to nil. Don’t worry, I’m sure Adobe is SUPER concerned about your privacy. :rolleyes:
What’s creepy is the notion that anyone can fairly easily access almost any webcam etc, using a simple webpage. I don’t have a webcam but I wouldn’t say that for everyone who does it then means they want anyone to be able to watch them.
I have windows on my house too – they aren’t there for other people to look into.
I certainly don’t want any trackable or identifiable data being saved on my machine, especially if I can’t easily delete it and control the settings.
Thanks for this, it seems to work going by what I checked. Deleted the cookies, revisited a site I was using – it didn’t remember me having been there, when I was previously being logged in. That is using Puppy linux.
The easiest way I’ve found to locate and clean up these cookies is just Start Button/Search *.sol and there they are. Just delete the ones you don’t like.
FYI here is what I did:
within the sol-files you will find other settings that you may want to keep (privacy-settings e.g.), so:
edit the sol-file (free editor 4win: http://sourceforge.net/projects/soleditor/),
then copy the edited file to another directory.
write/have s’one write a batch-script:
- to erase the content of the directory containing the original sol-file,
- then find the Flash/#SharedObjects Directory and set the batch-script to erase this directory, or its contents.
- tell the script to *copy* the backed up (edited) sol-file to its original location.
- make the batch-script start at system start or browser shutdown, whatever you prefer.
Please be aware that you will loose e.g. game-settings for flash-games you play online or the like.
bart
You might be interested in MAXA Cookie Manager, a software that can manage Flash cookies togerther with conventional cooies of all major browsers.
A lite-version is available for free on http://www.maxa-tools.com/cookie.php?lang=en
thank you! i had a ton of data and none was important
Thanks for this great info – I had no idea about these cookies, which seem to be a lot more powerful and intrusive than ‘normal’ cookies.
I’ve now accessed the Setttings Manager and done what’s necessary :-)
Are LSO/flash cookies shared between browsers?
Yes they are, all browsers using the flash plugin share the data.
I’ve found all of the suggested .bat files to be rather error prone. My best solution was to go to the Documents and Settings\USERID\Application Data\Macromedia\Flash Player folder and remove write privileges on this directory. I don’t want any site writing data to track me. These damn flash objects are shared between sites. So your Bank of American FSOs can be taken off of your PC by another site you visit.
No more FSOs…
tom wrote: “These damn flash objects are shared between sites.”
You are totally wrong here!
Flash cookies are _not_ shared across domains.
I have been in the belly of the beast. This is long-winded…
About 10 years ago, I worked for a company that developed e-marketing software. To marketing companies, the Internet represents a literal “gold mine” (money, money, money) of user information unlike anything they had seen in the past (such as in the pre-Internet days). Marketers “own” YOUR data, own YOUR e-mail address, and anything you do, and anywhere you go on the Web. And marketers have their reasons NOT to be upfront and honest about their numerous tracking habits.
Even 10 years ago, marketers were concerned about people who dumped or blocked their browser cookies, so they developed alternate means to cookie tracking. Through the extremely popular use of JavaScript (and I know that developers love JS), marketers have found alternate methods maintaining other means of protecting their gold mine of marketing research data from users, without their direct express knowledge or consent.
Companies’ privacy policies might tell you about how they use traditional browser cookies (and often quite truthfully), but notice how they don’t tell you about their alternate use of LSO Flash cookies or DOM Storage Objects!
Like politicians and attorneys, marketers are masters at double-speak. That is how and why the Direct Marketing Association (DMA) issues “anti-spam” press releases, but yet conveniently grope to redefine what spam is and isn’t to suit their members, who are MARKETERS. I know. I have attended DMA conferences.
You know the “Do no evil” edict by a well-known and popular Web search company? That’s another example of double-speak. They own doubleclick, which has a long-winded disgusting reputation “to serve their clients”.
CCleaner an excellent privacy keeper /cleaner tool , allows you to clean these automatically or at will:
http://www.filehippo.com/download_ccleaner/
Flash cookies are also used in ecommerce/affiliate marketing because so many people are paranoid about cookies that they delete them, which means that if an affiliate referred a customer for a merchant, that affiliate won’t get the credit if the merchant’s affiliate tracking system relies just on cookies.
Some affiliate tracking systems go further and check ip address, but with mobile growing and dsl switching ip addresses, ip tracking is not so reliable as a backup to cookies. Flash cookies ensure that more affiliates get credit for referred sales, which results in more motivated affiliates and more happy merchants.
There are just a few affiliate tracking systems that support flash cookies, and super affiliates are demanding this feature more and more as they realize that some merchants are not giving them the credit for sales they sent them, because the cookies were deleted by some paranoid shopper.
Sure this tracking method can be used in bad ways by some sites, but that’s nothing new and there’s many worse scenarios with js injection and drive by viruses on sites you visit.
If you have a problem with it then turn it off.
But then you ALSO need to consider the increased hassle you are making for yourself by having to re-enter data for sites like Google, YouTube, Flickr, Twitter and other respectable sites that use flash cookie tracking too. You can’t have it both ways.
Hello Peter,
you are completely right with everything you say, except:
“But then you ALSO need to consider the increased hassle you are making for yourself by having to re-enter data for sites like Google, YouTube, Flickr, Twitter and other respectable sites that use flash cookie tracking too. You can’t have it both ways.”
If you are using a sophisticated Cookie Manager like MAXA Cookie Manager, you can specify which cookies you want to keep (whitelist) and which ones you want to immediately delete or block (blacklist). As it support flash cookies togerther with all conventional variants of cookies, you can have it both ways indeed, using MAXA Cookie Manager:
http://www.maxa-tools.com/cookie.php?lang=en
Still, these Flash Cookies are quite usefull for me as a game developer. So there not all that evil. Otherwise u wont actualy be able to save your game (unles u want to use a SQL server).
flash cookies URL?
If Macromedia/Adobe’s intentions were honorable, then they would have made it possible for the user to manage these cookies.
Guess this is one of the reasons God created FlashBlocker?
@#$^&@!! @$#$%^ adobe
On linux:
rm -R /home/user/.macromedia
ln -s /dev/null /home/user/.macromedia
Max
I found 546 flash cookies on my site, some recent activity on my machine has prompted to find changes on my machine. Apparently there is some capacity for malicious behavior with these cookies, phishing and such. My mac is not safe any longer. waugh!
Thanks for the info.
There’s a reason for Flashblock, and it’s fuckwittery like this (not the article, which is excellent, Adobe’s behaviour).
in some cases flash cookies are urgently required.
For example, one of my favorite sites uses flash extensively in delivering content. I have to accept their cookies or their site won’t store my preferences and my experience there would be severely adversely limited.
Not all flash cookies are the devil.
But, its great to now have some control over them. Thanks for the referral to that site.
Thats it! no more inter webs for me! lol
Excellent summary re flash cookies. Thanks
Rad
Haha paranoid! All your clicks and visits on the web are being monitored anyways, ip’s, location, time stored. It’s a public space. I bet you scared victorians found some porn links in your .sol folder; what’s wrong with that; your not the only one watching xtube.
It is not necessary to use cookies in order to save temporary information required for whatever is needed.
The point is that they don’t want you to have the CONTROL of the amount of personal information you deliver and leave viewable for ANYONE every time you are surfing the net.
Just think why didn’t they implemented that Adobe Control Panel and you only have access through the web (and its unknown still today). And this panel doesn’t remove all the information just part of it.