Tracking Cookies in Flash?

You’ve been a careful PC user. You’ve disabled third-party tracking cookies in your web browser. You’ve been careful about what sites can set and read cookies from your web browser.

A cookie is a cookie, right?

Not exactly. Adobe Flash has a “feature” that works very much like a cookie, but they call them “local shared objects” or LSOs. Like a cookie, an LSO is a small text file that is set by the websites you visit. Like cookies, LSOs only contain personally identifying data if you provided it to the website that set the LSO. They can’t access your PC, scan your hard drive, or send away your email address or checking account login.

LSOs act like cookies, but they really aren’t. They aren’t stored with your cookies. Your web browser does not track or offer any control over LSOs. You can’t find a setting to list them or block third-party tracking LSOs in your browser.

What is a third-party tracking local shared object?

Basically, it’s an LSO set by a website that is not the one you’re visiting. Like with other cross-site tracking methods – “webbugs,” which are small graphical images on the page that tell the tracking company “he is here,” and unwanted real third-party tracking cookies – do you really want unknown, remote organizations tracking where you go on the Internet and knowing what your browsing preferences and habits are?

Probably not.

How do you find out which LSOs are present on your PC?

Start by going to this page at Adobe.

http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html

(If you’re using NoScript with Firefox, you’ll need to right-click the NoScript icon in the System Tray and select “Allow macromedia.com” in order to see the control panel.) Here’s what it looks like.

If it does not open to this panel, please click the sixth tab. In the lower section of the panel is the list of all the websites you’ve visited that have set an LSO. Look through the list to see how many of them you recognize. Any that you don’t recognize could be third-party LSOs. You have the option of deleting individual LSOs or dumping the entire list. The slider sets the maximum storage for an LSO. It runs from none, to 10 MB, to unlimited. I set mine to 10 KB.

Here’s what’s under the second tab.

This is where you can set storage allotments for websites that you visit in the future. Note the first check box. That’s where you can elect not to allow third-party Flash content from setting content on your PC. I selected that and set the slider to 10 KB.

And here’s the third tab, which is a continuation of the Global Storage Settings.

This tab actually deals with outgoing communications from Flash content (FLV and SWF files) on your PC.

Adobe changed the security rules for Flash content communication in Flash Player 8. Older Flash applications may not be aware of this change. If you have older content, you may wish to allow this. However, it was common for Flash applications to be used for communications between websites, some of which you may be unaware. These could also be used for a tracking purpose or to exploit a flaw in Flash security, so ask yourself if you really need to enable older applications or newer applications that may be maliciously and deliberately trying to use the outmoded form of security.

My selection was “Always deny.”

The other tabs in the Settings Manager deal with sharing the PC’s webcam and/or microphone.

There’s also no big SAVE button, but the page reloads and saves changes when you change tabs.

So there you have it - how to detect, delete, and control local shared objects in Flash.

I would consider myself a careful PC user. I have Firefox set to reject all third-party cookies and run NoScript in Firefox to block unwanted scripts like Java, Javascript, Flash, Silverlight, and cross-site-scripting (XSS) attempts, as well as FoxBeacon to warn me about webbugs.

As I mentioned above, LSOs came as a surprise to me, and I was further surprised to find that I had a bunch of them (more than one hundred). Many were from websites and companies I did not recognize. I elected to dump the entire lot of them and start over.

I believe that forewarned is forearmed, so I hope this helps you take control over your Macromedia Flash local shared objects.

Further Reading

How to Block Third Party Sharing Cookies in Internet Explorer and Firefox - Are you leaving tracks everywhere you go online? If your browser is sharing cookies with a website you're not even (knowingly) visiting, you've got third-party tracking cookies on your PC. This article defines cookies and looks at blocking a certain type.

How to Change the Order of Startup Applications in Vista - Are so many different applications trying to start at the same time during Vista's boot up that it's bogging down your PC so much that it's minutes before you can use it? This article addresses stopping unneeded services and streamlining the startup process in Windows Vista.

Holographic Storage for Computer Systems - Long a staple of science fiction, holographic data storage on physical media is now available for computer systems. The industry is young and the entrance pricey, but it offers many benefits over conventional storage. The creation of this device required science, dedication, and good luck.

Tutorial: How to Clone a Laptop Hard Drive With Acronis True Image Home 2009 - Hard drive filling up and declining hard drive prices getting your attention? If you're ready to move up to a bigger hard drive for your laptop, this tutorial will show you step-by-step in pictures how it's done in Acronis True Image Home 2009.