Delete Flash cookies to protect online privacy

Flash cookies are a much-discussed , and many users think they are more insidious than regular HTTP cookies. So first, let’s look at how these cookies are different.

Regular HTTP cookies are basically a way to track your activity online. They are common and these days mostly harmless. I say “harmless” here, because there’s plenty of information out there to help users delete them and customize the browser settings that control their behavior. On the other hand, Flash cookies seem to be less well understood, even by many in the IT community.

Flash cookies, or Local Shared Objects, generally serve the same tracking function as HTTP cookies, but with some significant differences. First, they can hold a lot more data, up to 100 Kilobytes, where a standard HTTP cookie is only 4 Kilobytes. They have no default expiration date. They are stored in different locations on your machine so even if you go hunting for files with the .SOL extension, which Flash cookies use, you may have a hard time find them all. And last, the security settings on your computer have no effect on them.

All of this obscurity makes a lot of security- and privacy-conscious people nervous.

This same obscurity, of course, is also what has made Flash cookies so popular with Web developers. For savvy users who caught on to HTTP cookies and learned how to find and delete them very easily, the Flash cookie became the answer.

In a nutshell, Web sites can use Flash applets embedded on their sites to write information into a preference file stored on the computer that visits the site — that’s the Flash cookie.

In fact, sites can also use Flash cookies to re-create an HTTP cookie that a user previously deleted.

So, how can you see which sites have placed Flash cookies on your machine, and how do you control this behavior?

Annoyingly, both of these questions are answered using the Adobe Flash Player Settings Manager, which you must access through a Flash element on Adobe’s Flash Player support Web site. I’ll post the specific address in the notes.

From this page, you can manage the settings of the Flash Player install on your machine. For example, from the Global Privacy Settings panel, you can prevent Web sites from accessing, or even asking permission to access, your camera and microphone.

If you want to see which Web sites have placed Flash cookies on your machine, check out the Website Storage Settings panel. Here you can see the name of the Web site, the amount of disk space each site uses to store information on your machine, the maximum amount of disk space a Web site can use before asking for more space, and the privacy setting you have specified for each site. From this panel you can also delete the Flash cookies stored by specific sites or all sites.

Now, if you want to prevent Flash cookies from being stored at all, switch to the Global Storage Settings panel and remove the check next to  Allow third-party Flash content to store data on your computer.

And if you’re really concerned about Flash cookies, you may also want to try a Firefox add-on called BetterPrivacy, which promises to remove all flash cookies each time the Web browser is closed.

Just remember that whether you disable Flash cookies through the Settings Manager or delete them with a browser add-on, once you do so, sites that use Flash cookies may not function as you expect. Sure, you should still be able to watch Flash videos, but all those high scores in your favorite Flash-based game may be gone.

To manager the Flash player settings on your machine, visit the Adobe Flash Player Help – Settings Manager Web page. Click on the links under Settings Manager in the left navigation bar to access each section of the Flash Player Settings Manager.

This entry was posted in Technical Archive. Bookmark the permalink.