Invasive Web Sites – Flash Cookies Revisited

imageI first wrote on the issue of Flash Cookies back in September 2009, (LSO (Flash Cookies) – A Serious Attack on Your Privacy), and since then, if my own experience with these obnoxious web trackers is any indication, these “privacy invaders”, have multiplied like a virus.

Just like you I suspect, I have a list of particular sites that I visit nearly every day. In my case, that amounts to roughly 30 different sites. In my initial investigation of Flash Cookies, these 30 or so sites, left a total of 7 Flash Cookies. That total has now increased to 13 for these same sites – not quite a 100% increase, but close enough.

image Crafty business learned long ago that names and the connotations that surround names are important. It just wouldn’t do, for example, to call a piece of computer spyware – “spyware”, or “tracker”, or “privacy invader”. Doing so, would be sure to upset the unwitting victim.

So, instead of “tracker”, why not call the item a “cookie”? Good name, good connotations – happy memories of arriving home from school to a plate of cookies and a glass of milk.

Equally as important, from a business perspective, is the need to convince the victim that the questionable item has value, is constructive, and will make their Internet experience a smoother ride. But don’t believe it.

Cookies are there for the benefit of advertisers; not the web site visitor – plain and simple. Keep in mind, that it’s critically important to advertisers to generate advertising that is specific to the web site visitor at the time of the visit – not later, but right then. And cookies are the tool that facilitates this happening.

Luckily, today’s Internet browsers can be set to allow full user control over cookies including accepting, rejecting, or wiping private data which includes wiping cookies. That is, until recently.

It appears that a user’s decision to control cookies in this way is simply not acceptable to advertisers and certain web sites, and so we now have the Flash Cookie (LSO) – Local Shared Objects.

There is a major advantage for an advertiser to employ Flash cookies, not the least of which is; they are virtually unknown to the average user. Equally as important from an advertisers perspective is; they remain active on a system even after the user has cleared cookies and privacy settings.

If you think this practice is restricted to shady web sites, you’d be wrong. Of the top 100 web sites, 50+ use Flash Cookies. So I was not particularly surprised, when I found some of my favorite sites involved in this invasive practice.

Quick LSO facts:

Never expire

Can store up to 100 KB of information compared to a text cookie’s 4 KB.

Internet browsers are not aware of those cookies.

LSO’s usually cannot be removed by browsers.

Using Flash they can access and store highly specific personal and technical information (system, user name, files,…).

Can send the stored information to the appropriate server, without user’s permission.

Flash applications do not need to be visible.

There is no easy way to tell which flash-cookie sites are tracking you.

Shared folders allow cross-browser tracking – LSO’s work in every flash-enabled application

No user-friendly way to manage LSO’s, in fact it’s incredible cumbersome.

Many domains and tracking companies make extensive use of flash-cookies.

Without a doubt, you need to control these highly invasive objects, and if you are a Firefox user there is a solution – BetterPrivacy – a free Firefox add-on.

From the BetterPrivacy page:

“Better Privacy serves to protect against not deletable, long-term cookies, a new generation of ‘Super-Cookie’, which silently conquered the internet.

This new cookie generation offers unlimited user tracking to industry and market research. Concerning privacy Flash- and DOM Storage objects are most critical.

This add-on was made to make users aware of those hidden, never expiring objects and to offer an easy way to get rid of them – since browsers are unable to do that for you”.


Note: The small “G” in the above graphic, lets me know that GeSWall, part of my layered anti-malware defense, is working correctly.

Download at: Mozilla

Simple HTTP cookies can be subject to attack by cyber criminals, so it won’t be long before flash cookies will be subject to the same manipulation. Better you should learn how to control them now – not later.

Privacy, in all areas of our life is under constant attack, but that shouldn’t mean that we give up. We need to learn to fight back with every tool that’s available.

I have tried to write this article in a non-technical way, to make it easy for the average computer user to understand. For a more detailed breakdown on flash cookies, and the danger they represent to personal privacy, checkout The Electronic Privacy Information Center.

If you enjoyed this article, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.


Filed under Adware, Browser add-ons, downloads, Firefox Add-ons, Freeware, Interconnectivity, Online Safety, Privacy, Software, Spyware - Adware Protection, Surveillance, Windows Tips and Tools

10 responses to “Invasive Web Sites – Flash Cookies Revisited

  1. Hi Bill,
    Thanks for stopping by today!
    I’m a Torontonian as well.
    Is your blog for business or pleasure? Either way, I think you should look into Twitter – if you haven’t already.
    All the best,

    Trevor Thomas

  2. Mal

    Hey Bill,

    Great timing, as I recently added Better Privacy to Firefox. Excellent little add-on, no doubt. I am starting to lean more and more to Firefox for my secure web browsing.


    • Bill Mullins

      Hey Mal,

      Firefox, with all the available security add-ons, is definitely the way to go. Gotta love Better Privacy!


  3. Hi Bill,

    I remember you talking about this subject before, and I think it was you who pointed me to the Adobe Flash Player Settings page

    I use Opera as a browser (I’m loathe to change as I’m used to it) so I don’t know if there are any add ons to protect me from flash cookies. I’m not even sure if the flash settings panel does anything to stop the cookies, except for denying use of a camera or mic’.

    Anyway, I wouldn’t have known about them at all if I hadn’t read your article.

    Thanks Bill.

    • Bill Mullins

      Hey Paul,

      Familiarity may breed contempt, but not with a web browser. No question, staying with what you know and are comfortable with, is proper. I still can’t find a remover for Opera, but I’ll let you know when/if I do.

      Thanks for visiting.


  4. Ramblinrick


    Great article (as always)… You just taught me a few things about flash cookies that I was not even aware of. I often wonder what little morsels land on our PCs that are used for “whatever”; that we do not even know about.


    • Bill Mullins


      Users are often surprised at the number of apps/applets/items, that access their HD without their permission, or knowledge. Because of this, techs like you and I, strongly recommend the layered approach to security. I’ve just finished testing a relatively new anti-keylogger, one that works on Win7, that had a few surprises.

      Thanks for visiting.


  5. Bill,
    Just downloaded “Better Privacy” thanks for the great tip.