Flash Cookies – Spyware By Any Other Name

imageI first wrote on the issue of Flash cookies back in September 2009, and since then, I’ve watched as these obnoxious web trackers and privacy invaders multiply like a virus. Based on the number of questions I continue to get on the Flash cookie issue, it’s apparent – confusion reigns when it comes to this underhanded privacy threat.

One of the better forum comments I’ve seen referencing Flash cookies:

“I think many people may not realize how serious it is. In many ways, I see it as the virtual equivalent of dumpster diving or taping together a shredded document. It is deliberately ignoring a data owners deletion of data by an entity that has no business doing so.”

This practice of  web sites dropping Flash cookies onto your computer, which occurs without your knowledge or permission, is akin to hacking – according to some in the security community. Frankly, I agree.

Continuing developments in tracking technologies, and a complete disregard for fundamental privacy rights, should be a major topic of conversation in the security community – until such time as the issue has been resolved in favor of consumers.

In the meantime, we’re on our own. It’s up to us, as individual consumers, to take the appropriate steps to safeguard our privacy (as best we can), while interacting with the Internet.

Here’s what we’re up against – and, this is just one small example.

From Disinformation.com

McDonald’s, CBS, Mazda, Microsoft Sued For Tracking Internet Users’ Histories

In a complaint filed Tuesday with the U.S. District Court for the Southern District of New York, Sonal Bose alleges that McDonald’s and the other companies “acted in concert with Interclick,” to mine users’ Web surfing history for marketing purposes. “Defendants circumvented the privacy and security controls of consumers who, like plaintiff, had configured their browsers to prevent third-party advertisers from monitoring their online activities,” Bose alleges.

The lawsuit alleges that the companies violated the federal computer fraud law, wiretap law and other statutes. She is seeking class-action status. This lawsuit comes several weeks after Bose sued Interclick for allegedly using history-sniffing technology and Flash cookies to track her online activity.

History-sniffing technology exploits a vulnerability in browsers to discover the Web sites users previously visited. Researchers from the University of California, San Diego recently brought the technique to light when they published a paper explaining the technique and naming 46 Web sites where history-sniffing technology was being deployed. In at least some cases, ad company Interclick reportedly used the technology without the publishers’ knowledge.

Bose also says in her complaint that she believes that the defendants used Flash cookies for tracking purposes. Flash cookies are stored in a different place in the browser than HTTP cookies, and therefore, require additional effort to delete.

Flash cookie quick facts:

They never expire

Can store up to 100 KB of information compared to a text cookie’s 4 KB.

Internet browsers are not aware of those cookies.

LSO’s usually cannot be removed by browsers.

Using Flash they can access and store highly specific personal and technical information (system, user name, files,…).

Can send the stored information to the appropriate server, without user’s permission.

Flash applications do not need to be visible.

There is no easy way to tell which flash-cookie sites are tracking you.

Shared folders allow cross-browser tracking – LSO’s work in every flash-enabled application

No user-friendly way to manage LSO’s, in fact it’s incredible cumbersome.

Many domains and tracking companies make extensive use of flash-cookies.

If you value your privacy, then without a doubt you need to control these highly invasive objects, and if you are a Firefox user there is a solution – BetterPrivacy – a free Firefox add-on.

From the BetterPrivacy page:

“Better Privacy serves to protect against not delectable, long-term cookies, a new generation of ‘Super-Cookie’, which silently conquered the internet.

This new cookie generation offers unlimited user tracking to industry and market research. Concerning privacy Flash- and DOM Storage objects are most critical.

This add-on was made to make users aware of those hidden, never expiring objects and to offer an easy way to get rid of them – since browsers are unable to do that for you”.

In the following screen capture (click to expand to original), you’ll notice BetterPrivacy has deleted a cumulative total of 6188 Super Cookies.

image

The Options and Help tab (shown in the following screen shot), will allow you to choose specific deletion methods. You should consider selecting “Disable Ping Tracking”, which will prohibit sites from following you as you surf the Net.

image

image

Download at: Mozilla

For a more detailed breakdown on flash cookies, and the danger they represent to personal privacy, checkout The Electronic Privacy Information Center.

Google Chrome users can take advantage of the Click&Clean Extension (works with Firefox as well).

The following screen capture of Click&Clean’s Options menu, illustrates the application’s ability to deal with Flash cookies.

image

Fast facts:

Delete your browsing history
Clear records from your download history
Remove cookies and Empty cache
Delete temporary files
Remove Flash Local Shared Objects (LSO)
Delete private data when Firefox closes
Automatically close all windows/tabs
Clean up your hard drives and Free up more disk space – including secure file deletion
Launch external applications, like CCleaner, Wise Disk Cleaner etc. on Windows – or Janitor, BleachBit, etc. on Linux

Download the Firefox version at: Mozilla

Download the Chrome version at: The Chrome Web store

You can read a full review of this application – Clean Up With Click&Clean Firefox and Chrome Extension, on this site.

If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.

About these ads

19 Comments

Filed under Browser add-ons, Chrome Add-ons, downloads, Firefox Add-ons, Flash Cookies, Freeware, Privacy, Windows Tips and Tools

19 responses to “Flash Cookies – Spyware By Any Other Name

  1. Hi Bill. :-)

    I’m back to using the faithful Firefox after problems with the latest version of Opera. Not serious problems, just annoying ones.

    I used to have both Click&Clean and Better Privacy installed. Now I just use Better Privacy. Is the one application enough or should I go back to using both? I use Linux Fedora 15, if that has any bearing one this issue.
    Best Wishes,

    Paul

    • Hi Paul,

      I think one is all you need. The OS doesn’t matter since these cookies are Browser specific.

      Personally, I’ve stayed with BetterPrivacy (not because it’s better) – I just tend to stay with apps I’ve gotten used to. Change plays hell with my weakening brain cells. :)

      Have a great Labour Day weekend.

      • Thanks, Bill. :-)
        Looks like I made the right choice.

        I’m not good at change either, although my wife would disagree, the number of times I’ve changed my blog. lol

        I hope you have a great weekend too!

        It’s actually sunny here today.

        Best Wishes,

        Paul

  2. Fred

    Bill,
    I downloaded the Better Privacy add on, funnily enough Firefox blocked the attempt until I hit the allow! Restarted per instructions then opened Mozilla and went to add ons then clicked BP and hit button for eliminate flash cookies. Then a window popped up saying couldn’t connect to remote computer, redialing in… I thought it could search for the cookies offline, just as MBAM or MSE does–do I have to be connected to the internet to use this app? Does that Click&Clean work offline?
    Is this BP an easy removal, I’ve read that some add ons you can’t great of easily if at all.
    Still learning,
    Fred

    • Fred

      “I’ve read that some add ons you can’t great of easily if at all.”
      should read “can’t GET RID of easily”
      Have a Happy Labor Day bill, I didn’t know that Canada celebrates that at same time as US. Or does it.

      • Hey Fred,

        There may be add-ons that are difficult to delete but I haven’t seen one.

        As for Labor Day – it’s been celebrated here since 1882 (a little before my time). :)

        Bill

    • Hey Fred,

      Firefox always blocks add-ons until the user gives specific permission – this is a safety feature.

      Both these applications are designed to work after you have closed your Browser – in other word, when you are off-line. Neither one can clean, if the Browser is still open.

      Bill

  3. Mal

    Hey Bill,
    The Ghostery addon for Firefox also has, in its options, a “delete Flash and Silverlight cookies on exit” box. Another layer of protection I guess.

    Cheers
    Mal

  4. H Shah

    Do these Flash cookies have a common suffix/extension? How do the cleaning programs recognize them?

  5. Pingback: Flash Cookies ? Spyware By Any Other Name | Bill Mullins' Weblog … | patricksapnn

  6. Pingback: Playstation 3 Blog News

  7. Fred Bloggs

    This has been put on the Ghostery Add-On page:- Any Comments on the truth of this??
    “Beware the scammers Rated 1 out of 5 stars

    by toniejoo on September 5, 2011

    Ghostery is bought by betteradvertising.com. Your data is being used to better understand customer behavior and what they want. Try the ghotery blog and you find that when you search for keywords about it, you can’t find anything. They pretend that you can make comments on the blog, but just try it, you can’t. Ghostery is evil and should be removed from the add on page by Mozilla. “

    • Hi Fred,

      This is old news. See – Better Advertising Acquires Ghostery (January 19, 2010).

      I’ll go on to say – unsupported accusations such as “Ghostery is evil” have no value. This one reminds me of a similar comment sometime back that WOT (Web of Trust), was “evil”. Considered opinion, backed up with proof, should be taken seriously – not a nonsense comment pulled out of thin air.

      Bill

  8. Fred Bloggs

    Hi Bill,
    Thanks for your opinion. Which do you consider to be better..Better Privacy or Ghostery?

  9. Ben

    I run Ccleaner on a schedule once a week and it supposedly cleans out both flash cookies and normal ones. Is this sufficient for removing cookies? Or do I need to have Better Privacy too?

    • Hey Ben,

      It really depends on your browsing habits.

      I run CCleaner automatically as a sub function of Click&Clean when I close my Browser. As for BetterPrivacy – the reason I run this is; I can protect certain cookies(my Gmail for example), from deletion.

      Bill