If you hear something repeated often enough, then that “something” takes on a veneer of truth. It doesn’t necessarily mean that it is true of course – but, it appears to be true. The “truth” regarding Internet site cookies, falls into that category.
Most of us have heard that “truth” – without cookies (and now, Flash cookies), your Web experience would be terrible. You’d be starting from scratch each time you did anything on a given site online. Or, something along that line.
Nonsense! For years, I have deleted cookies at every Browser shut down, and have experienced no perceptible difference in performance when visiting the same 30 or so sites, that I visit every day
Here’s the reality:
Cookies are there for the benefit of advertisers; not the web site visitor – plain and simple. Keep in mind, that it’s critically important to advertisers to generate advertising that is specific to the web site visitor at the time of the visit – not later, but right then. And a cookie is the tool that facilitates this happening.
Luckily, Internet browsers can be set to allow full user control over cookies including accepting, rejecting, or wiping private data which includes wiping cookies. That is, until recently.
It appears that a user’s decision to control cookies, in this way, is simply not acceptable to advertisers and certain web sites, and so, we now have the Flash Cookie (LSO) – Local Shared Objects.
There is a major advantage for an advertiser to employ Flash cookies, not the least of which is; they are virtually unknown to the average user. Equally as important, from an advertisers perspective is; they remain active on a system even after the user has cleared cookies and privacy settings.
This practice of web sites dropping Flash cookies onto your computer, which occurs without your knowledge or permission, according to some in the security community, is akin to hacking. Frankly, I agree.
If you think this practice is restricted to shady web sites, you’d be wrong. Of the top 100 web sites, 50+ use Flash Cookies. So, I was not particularly surprised, when I found some of my favorite sites involved in this invasive practice.
I first wrote on the issue of Flash Cookies back in September 2009, and since then, I’ve watched as these obnoxious web trackers and privacy invaders multiply like a virus.
Quick Flash cookie facts:
They never expire
Can store up to 100 KB of information compared to a text cookie’s 4 KB.
Internet browsers are not aware of those cookies.
LSO’s usually cannot be removed by browsers.
Using Flash they can access and store highly specific personal and technical information (system, user name, files,…).
Can send the stored information to the appropriate server, without user’s permission.
Flash applications do not need to be visible.
There is no easy way to tell which flash-cookie sites are tracking you.
Shared folders allow cross-browser tracking – LSO’s work in every flash-enabled application
No user-friendly way to manage LSO’s, in fact it’s incredible cumbersome.
Many domains and tracking companies make extensive use of flash-cookies.
If you value your privacy, then without a doubt you need to control these highly invasive objects, and if you are a Firefox user there is a solution – BetterPrivacy – a free Firefox add-on.
From the BetterPrivacy page:
“Better Privacy serves to protect against not delectable, long-term cookies, a new generation of ‘Super-Cookie’, which silently conquered the internet.
This new cookie generation offers unlimited user tracking to industry and market research. Concerning privacy Flash- and DOM Storage objects are most critical.
This add-on was made to make users aware of those hidden, never expiring objects and to offer an easy way to get rid of them – since browsers are unable to do that for you”.
Download at: Mozilla
Simple HTTP cookies (ordinary cookies), can be subject to attack by cyber criminals, so it won’t be long before flash cookies will be subject to the same manipulation. Better you should learn how to control them now – not later.
Privacy, in all areas of our life is under constant attack, but that shouldn’t mean that we give up. We need to learn to fight back with every tool that’s available.
I have tried to write this article in a non-technical way, to make it easy for the average computer user to understand. For a more detailed breakdown on flash cookies, and the danger they represent to personal privacy, checkout The Electronic Privacy Information Center.
If you found this article useful, why not subscribe to this Blog via RSS, or email? It’s easy; just click on this link and you’ll never miss another Tech Thoughts article.
Bill Mullins' Weblog - Tech Thoughts 
I agree Bill. Like you, I clear my Browser every time I log off. In my case, I use CCleaner. Makes no difference that cookies have been deleted.
Just another Internet myth.
Liam
Hi Liam,
I hear ya. Those Internet myths get us every time. 🙂
Bill
Hey Bill,
This is another great addon for Firefox that is always running on my machine. There is another one that is good for Google Chrome, called Click & Clean, which enables you to, amongst other things, clear LSO’s when you exit Google Chrome.
Cheers
Hey Mal,
Yeah, for a high level user it’s absolutely essential isn’t it?
Thanks for the heads up on Click and Clean – I’ll check that out.
Best,
Bill
Hey Bill,
Yep, C&C is a great extension. I’ve uninstalled Google Chrome for now, wasn’t playing nicely with Sandboxie at times, which was frustrating because I had to keep rebooting so I could clear the Sandbox. But my trusty Firefox is always running well.
Cheers
Hey Mal,
I’ve tried and tried with Chrome – and every other Browser for that matter. But no matter what, I still come back to Firefox. I just don’t think it can be beat. Not with the huge number of available extensions.
Not being able to clear the sandbox, without rebooting, would definitely suck.
Best,
Bill
###
Hi Bill ~ I will try Better Privacy, but before I do I would like to know..
What my super cookies are called
How large they are &
Where they live on my PC’s…
Is there a Mozilla app that can tell me those things ?
Peace’n’Love ~ nightjar
###
Hey Nightjar,
In order:
I can’t tell you the individual names of your super cookie (that’s site specific), but every cookie will have the extension – .SOL
A super cookie can be as large as 100 K – which is HUGE for a text file. As an example, I have one on my machine at the moment for Gmail, but it’s only 4 K
Flash cookies are stored here – C:\Documents and Settings\[username]\Application Data\Macromedia\……. Here’s the problem with that – depending on the version of Windows you’re running, you may not have access to this folder. If you can’t access the folder, then read my article – Access Denied in Windows 7? Download Free TOwnership (Take Ownership), https://billmullins.wordpress.com/2010/06/21/access-denied-in-windows-7-download-free-townership-take-ownership/ , for further instructions.
I don’t know of a Firefox extension, other than BetterPrivacy, that deals with Flash Cookies, but the page with additional information that I recommend in the article, can be found here – http://epic.org/privacy/cookies/flash.html.
As you can see, Web sites (advertisers and data collectors), make it very difficult for users to address the issue of Flash cookies. Digging them up, requires a lot of effort.
Best,
Bill
I am an idiot savant when it comes to techie stuff. I knew all along they were messing with my computer. I am really not a conspiracy theorist, but I had this feeling…LOL
This blog post is appreciated. I installed my add on and will share this knowledge with others.
Hi Bill! I’ve been using Better Privacy for as long as I can remember (which gets shorter every year) as well as, more recently, Click&Clean in Chrome. Interestingly, Steve Gibson praised Better Privacy in his latest Security Now podcast.
Regards,
Dave K
i am certainly going to try this. i made a problem for myself a few months ago
and delete somethings i shouldn’t have trying to get rid of cookies, what a headache.
Hi Kenneth,
I know the feeling – you’re in good company. I’ve made some major mistakes myself over the years.
Thanks for commenting.
Bill
A question:
How do we know that these various apps for Foxfire are safe, i.e., not harboring some tracking mechanism of their own?
Hi Braveheart,
A very good question. The fact is we don’t know, (for sure), except by reputation. The one safeguard we do have is – since the majority of these add-ons are open source, any shenanigans should be obvious to the open source community which, informal though it may be, is highly active in pursuing this issue.
At the end of the day though, we need to keep in mind that these add-ons are not certified by Mozilla.
Bill
Pingback: URL Manipulation