Apps

Video: Delete Flash cookies to protect online privacy

Bill Detwiler explains what Flash cookies are, how they work, and how you can control them on your computer.

IT Pros and most savvy users know all about the role of Web site cookies that are placed on your PC and how to delete them. However, Flash cookies are different and their role is probably much less understood, even by the pros. During this episode of TR Dojo, I give you a brief rundown of what Flash cookies are, how they work, and how you can control them on your computer.

To manage the Flash player settings on your machine, visit the Adobe Flash Player Help - Settings Manager Web page. Click on the links under Settings Manager in the left navigation bar to access each section of the Flash Player Settings Manager.

If you want to go one step further, check out the BetterPrivacy Firefox add-on, which promises to remove all Flash cookies each time you close the browser.

For those of you who prefer text to video, you can click the Transcript link that appears below the video player window or read Michael Kassner's article, "Flash cookies: What's new with online privacy," and William Jones' article, "Flash Cookies? What are Flash Cookies?," on which this episode is based. You can also read

You can also sign up to receive the latest TR Dojo lessons through one or more of the following methods:

About

Bill Detwiler is Managing Editor of TechRepublic and Tech Pro Research and the host of Cracking Open, CNET and TechRepublic's popular online show. Prior to joining TechRepublic in 2000, Bill was an IT manager, database administrator, and desktop supp...

48 comments
systemadapter
systemadapter

I clicked yes in pool. But maybe there should be general specification for every kind of non user object saved to system, and these objects should have registration, and so browser-built in managing. I don't know, maybe Flash disappears by time ... for browser designers it's just one of many.. for security level it's one before all. That's why I am not much sure with any solution...

ralphbreensr
ralphbreensr

Good job Bill. The info on Flash cookies was good. Everyone needs to stay on their toes with security concerns as these. BUT! The outtakes were GREAT!!! Love it and the "on the fly" idea about the poetry. Great way to keep the interest peaked and keep people smiling while learning or just being reminded of important security issues. Good for you. Keep up the good work.

harryxebec
harryxebec

Not being stupid enough to install that flash crap in the first place, flash cookies are not a problem for me.

k2harrell
k2harrell

Just an FYI for those folks who play flash games (e.g. Facebook game such as Farmtown), if you change this setting, the game will not load. I opted for the Firefox add-in to delete the cookies when I close my browser. Otherwise, this is great info to know.

BALTHOR
BALTHOR

I don't like the cookies files at all.Now why does my computer speed up when I set my display to it's lowest resoultion?

lynxman
lynxman

Stuff Adobe, too bloated & insecure. I use Foxit & flashblock so I don't even see the flash crap unless vital. I hate flash.

mnemennth
mnemennth

I first became concerned with the unacceptable amount of control Flash objects are given over one's system when it became a common means for web developers to disable copy/paste on websites. Flash objects are also usually responsible for most "strange behaviors" that one experiences on the web; be it the annoying LOUD advert video that plays on the bottom of a website without your permission, to the annoying popup/popunder/hover over objects that defy ALL popup blocker settings. Unfortunately, Adobe is one of the infrastructure presences on the www; sure, you can DISABLE Flash on your browser (I do it ALL THE TIME) but in doing so, you disable easily half the content on the www. Flash has become one of the www's dirty little secrets, just like Java; like a protection racketeer it leverages your own web use against you. If you want to use pretty much ANY interesting website out there you have to suck it up and enable Flash and Java on your machine; but along with it, you have to take every bit of garbage that the eyeball thieves want to throw at you. Microsoft WISHES they had such market penetration; the .net framework is amateur hour compared to these guys. In my opinion, control over how ANY external source uses your PC should be integrated into the browser; once upon a time, FireFox had such controls and they WERE effective. This of course led to it's popularity, and also led to the popularity among web developers of other means of stealing control of one's computer from the user; as always, the old cat & mouse game of obfuscation vs the user's desire to not be annoyed ALL THE TIME forces one to become better educated. It sucks that you NEED to learn how to PREVENT yourself from being mugged every day by advertisers. I spend enough of my valuable time sifting through CONTENT that may or may not be of value; it really irritates me to have to continually fend off sorties by the Stef Murky contingent just for the PRIVILEGE of looking for that needle in a haystack.

dayen
dayen

I check both Flash setting on the Video and Web site. the Web site give you more options use the web site also I need more info on how safe this is what are the risks are there maleware flash cookies

Deadly Ernest
Deadly Ernest

Flash or allowing Flash on your system. Considering Adobe's history on privacy, I don't think we can trust them to be telling us the whole truth about what the Flash Cookies do and if their software will do the job properly.

Bill Detwiler
Bill Detwiler

In the above TR Dojo post, I explain what Flash cookies are, how they work, and how you can control them on your computer. Original post: http://blogs.techrepublic.com.com/itdojo/?p=1424 Although the embedded Flash Player Settings Manager (referenced in the video), works, I think many (if not most) users are unaware that their browser privacy/security settings do not also control the Flash Player. Do you think Adobe and browser developers make it easier for users to delete/manage Flash cookies by integrating the controls with the browser's privacy/security settings? Take the poll in the blog post and let me know.

Fyrewerx
Fyrewerx

Lately, I find myself wondering if Adobe has taken the place of Real (Audio) in the world of evil.

Deadly Ernest
Deadly Ernest

who use Adobe products like DreamWeaver to make web pages and web sites just by using drag and drop routines in DW to make a site that looks 'pretty' but is not efficient or effective in the use of the Internet. Every web site that I've seen that uses a lot of Java or Flash or any user end scripting has been so badly designed it uses about four to fourteen times the amount of bandwidth really needed to do the same if properly codes in html or other less obtrusive manners. When I find such sites, I send a complaint to the web master about being unable to view it in a standard browser. If they get enough complaints, most will change the site.

cnet
cnet

I agree w/ mnemennth but would add another Adobe product to the complaint list: why is Adobe Reader required by my broker, my banker and others? Their sites actually break when I use Foxit, because they expect Adobe integrated into the browser. Your interest seems mostly to avoid advertising; my concern is security and personal choice about what s/w I use. Java, Adobe Reader and Adobe Flash are much less secure than the IE or Windows I use nowadays. Yet they are essential to most my web interaction. I would accept a MS product to stand in for these.

JCitizen
JCitizen

at filebuzz than get rid of flash cookies; or at least you may have a bigger problem on your hands if you go there, even if it works! That has been flagged as a dangerous site.

nscafidi
nscafidi

I use CCLEANER to remove flash cookies. www.ccleaner.com

yonman
yonman

As always, TR has brought to us readers another excellent, informative & thought provoking video. On behalf of your followers, thanks Bill!

TobiF
TobiF

Ordinary cookies are confined to one browser. I can logon a site as mr X in IE and as Mr Y in FF. BUT: The flash cookies are SHARED between different browsers, thus enabling web servers to track you even when you approach them via a different browser!!! (Yes, since long, I kill all flash cookies I can get my hands on!)

tarekokail
tarekokail

That's my question. I know that Flash is flashy and splashy and all the rage, but I dont' understand why Adobe feels it is necessary to make the security controls only accessible if you're connected to their website. Obscurity is not a defense against malicious software.

Zwort
Zwort

Bill, there's no need to go to Adobe's home page; if you are viewing a flash object right click on it, then start setting the options. I have just checked them by doing so on your video. Thanks for everything, and a happy new year.

Hans.Hilberink
Hans.Hilberink

Thanks Bill for the informative video, I have learned a lot again. Keep on the good work!!! Hans.

btab
btab

It's a great topic of discussion to improve the browser clients by adding a feature to also remove Flash cookies. And the Mozilla add-on "Better Privacy" is definitely welcome. But I must say that the benefits of Flash cookies do have an argument. For example, when using a Flash video player and you adjust the volume - as not to disturb your co-workers, etc. A Flash cookie can save the level of volume, even your last viewed position of the video for you. And this is after you close the browser. But I don't agree with Flash cookies being used to reproduce a HTML cookie.

jeslurkin
jeslurkin

...by the fact that decades ago, 'flash' was a pseudonym for vomit. :) That is also my opinion of it. Ironic that the article is presented as a video,... so I did not view it. ;)

Deadly Ernest
Deadly Ernest

also flag sites as dangerous if they refuse to pay a fee to the flagging organisation.

bus66vw
bus66vw

I watch TV shows using Flash Player. If I disable flash cookies, using the player is almost impossible. My work-around has been to use Ccleaner. I have even found a way to automate the running of Ccleaner via the task scheduler in Vista (very useful on computer that only goes into sleep mode and is not shut down). I wonder how long it will be till the cookies will be delete proof. Will it come to reformatting and re-installing just to have a clean machine.

Bill Detwiler
Bill Detwiler

Thanks for the comment. Unfortunately when you right-click a Flash object on a Web site (such as our TR Dojo videos) and click Settings, the menu which appears only allows you to manipulate the Flash settings for that specific Web site. You must use the Adobe Flash Player Settings Manager described in the video and blog post to control the player's global settings for all Web sites.

Deadly Ernest
Deadly Ernest

appropriate for Macromedia / Adobe Flash. I'm more used to flash being used to designated the obscene activities of certain brain dead perverts who wear little clothing.

spartodd
spartodd

I've been using Advanced System Care's free version for a couple of months. I like it a little better than CCleaner, but it's mostly a personal preference. Nevertheless, I had no idea what Flash cookies were until I noticed ASC was flagging them for removal. BTW, Bill D, this is a great topic.

bus66vw
bus66vw

I tried the banning approach using Flash Setting Manager, but kept getting those annoying pop-ups asking for permission and if I failed to hit the allow button like 20 times the show did not run or was blocked by the pop-ups reoccurring. Maybe I didn't set it right. I have found just trashing the cookies when I'm done makes life easier. I did have some luck with this banning approach for Cnet "how to classes" but not for the TV shows.

TobiF
TobiF

In the flash settings manager, you can indicate how much storage you allow particular sites to use. So you can allow your TV provider to store cookies but ban any other flash cookies.

senaa
senaa

That option is unticked, but I had to make the "settings.sol" file located in the "sys" folder (global settings LSO created on Macromedia's settings page) a "Read only" file and set the folder as a "protected folder" in BetterPrivacy's settings in order to keep it from being overwritten by other Web sites or deleted by BetterPrivacy anyway. Not all of BetterPrivacy's settings work as expected or implied. Also, the site that sets the LSOs is not the only site with access to their LSOs. I have watched this closely, and I've found that other Web sites replace the settings LSO with their own, which completely undoes the time spent on Macromedia's site setting the global settings. Since making the settings LSO "read only," I have been able to keep the global settings intact. However, there are a couple of sites that try to overwrite the settings.sol file. Since it is now a read only file, the LSO that the sites try to write are written, but with an ".sxx" file extension, which renders them pretty much useless. LSOs aside, I'm sure that there are times when a Flash application needs access to a user's webcam or microphone; but a Flash video player isn't one of them! It ticks me off to no end when a video site, which should have no use whatsoever for accessing either my cam or mic tries to covertly give itself permission to access both. It smacks of FBI, CIA, and/or NSA involvement, using the simplest means at their disposal--means provided by Adobe through a combination of its Flash player architecture and LSOs--to gain eyes and ears in the homes of American citizens to spy or eavesdrop on conversations that should be private discourses between a husband and wife, or parents and their children, or lovers. Even having those options on a Flash player is ludicrous. The heck of it is that it isn't just the federal agencies who spy on us in these ways. Now corporations seem to think they're entitled somehow to gather info about individuals. How legal or illegal, ethical or unethical their methods are seems to be of no concern to them. Ad agencies and corporations are using the same covert, unethical tactics as the federal agencies. No commercial company in the nation should be allowed to use such tactics to invade our privacy. I'm d*** tired of it, and I think that computer users are going to have to stand up to companies like Adobe and everyone else who uses LSOs and other "sneak-and-peek" ware to spy on, track, and otherwise infringe our basic human rights, not to mention our civil and constitutional rights. If Linux works for you, then more power to you. I haven't gone over to Linux because it won't let me use the type of graphics card I need, and I have yet to get a wireless adapter to work correctly on Linux. I would have to downgrade my graphics capabilities in order to use Linux. I paid too much for the graphics card I have to just toss it aside so I can use Linux. I have too much work to do on my computer that relates to making a living to have to waste time fiddling for days trying to get a peripheral, sound card, my Internet connection, or some other little thing to work. I've tried the wrapper thingy that Linux has that is supposed to allow the user to use Windows drivers for certain graphics cards, but it doesn't work--not for my purposes, anyway, even though the video card maker and Linux say it "should." Linux just has too far to go to be viable for me. Downgrading the graphics capability would make some of what I do impossible. I need the extra horsepower that the higher end graphics cards provide. I don't play online games, in case that's what you're thinking. In fact, the only games I play, when I have the time, are chess, solitaire, and mahjong. My grandkids do play games on this machine occasionally, though; but they're 4 and 6 years old; so their games aren't that intense--yet. I just found Linux to be too restrictive--too limited. There's more to using a computer than just surfing the Net, reading e-mails, gaming, watching low-quality flv videos online, watching and listening to DVDs and CDs, and tinkering with the OS. The machine and OS that I have do what I need when I need it done. I have never had a crash, I've had no hardware issues, and have not had to reformat the hard drive and reinstall the OS at all. If anything does go wrong, I know how to troubleshoot and fix it, be it software or hardware. This minor thing with the LSOs, though aggravating, isn't a serious problem, and certainly not serious enough for me to give up the trouble free setup I now have. If it ain't broke, don't fix it. To do otherwise would be foolish. I'll give up Macromedia in all its insidious forms before I'll give up a perfectly good system that allows me to concentrate on my work and actually get eight hours of work done in as many hours. I'm glad to hear that it works for you, though. "Different strokes for different folks," as the song goes. "And so on, and so on, and scooby-dooby-dooby!" Peace & Love!

TobiF
TobiF

From your description, it sounds as if "Better Privacy" simply will delete anything it finds in the Flash storage location. And the bad thing is that this way it will delete any privacy settings you have entered in the flash control panel. I agree that the way one is supposed to set the privacy properties in the flash player is weird. One shouldn't have to go to some place on the internet in order to reach a panel that is anyway stored locally on your own computer... However, I'd like to point out that inside the settings for the flash player, you actually CAN specify the kind of settings you outlned. The player will remember per site settings you have made regarding allowed storage space, and may ask you whenever a new site tries to throw flash cookies at you. (Soon enough, you'll have the player to stop asking, though, and only if you notice that an important page is broken, then you'll specifically allow storage for that site...) But of course not a single site will tell you what they want to store, and for what purpose.

Deadly Ernest
Deadly Ernest

that's because I use Fire Fox on a Linux system and the system only allows the LSOs to be placed in the one directory - /home/NAME/.macromedia Having had my gloat, if you've got Better Privacy installed, you may wish to go: Tools - Add-ons Select Better Privacy and click on Preferences Select the tab Options and Help About half way down that window is a radio check box, set by default to action, that says "Also delete Flashplayer default cookies. It stores Flashplayer settings (e.g. update interval) as well as all visited flash sites. With this default setting activated, Better Privacy will delet your stored settings every time you close FF. So i suggest you untick this box and see if the settings will hold then.

senaa
senaa

I have tried a dozen or more times to set the global settings at Adobe's site in Firefox, but they don't hold. Things that I select to deny are reset either to "allow" or "ask". I set the amount of storage space to allow on my machine to zero, and it always resets it to 100 KB. Web site settings don't hold, either. Every time I set it, the site sets a different LSO with different settings, overwriting my settings altogether. Setting Global Settings from IE 8 works to a degree; but the Web site settings seem to have little--and limited--effect on the actual Web site. I have noticed, too, that many sites that have no visible Flash apps or ads on them still set Flash cookies. Even those who do have Flash apps on them do not depend on the LSO to function properly. I experimented to see if the Flash videos on YouTube would play correctly without the LSO, and I found that it made no difference at all in the appearance of the player on the page, the loading of the video, or the playback functions, including full-screen, volume, etc. I checked several times by deleting the cookies before, during, and after the video download and playback, and found no difference whatsoever in functionality. I found, too, that using BetterPrivacy is more of a placebo than a remedy. There are, in reality, two locations to which Web sites place Flash cookies. By default, it is in the C:\Documents and Settings\Owner.NAME\Application Data\Macromedia\Flash Player\#SharedObjects directory. It is that directory that BetterPrivacy monitors by default. However, I've found on most Web sites that if BetterPrivacy is set to monitor that directory, the LSOs for that site will be placed in the directory: C:\Documents and Settings\Owner.NAME\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys. If BetterPrivacy is changed to monitor the ..\sys directory, then the LSOs are placed in the ..\#SharedObjects directory. I tried changing the settings several times and going to the same Web sites afterward, and I had the same results every time. The only way to really delete the flash cookies from the hard drive after installing BetterPrivacy is to have Windows Explorer open to the expanded Macromedia directory so the ..\sys and ..\#SharedObjects folders are visible and delete the cookies manually. For BetterPrivacy to be a remedy instead of a placebo, it would have to allow the user to input a list of more than one file paths to monitor. As it is, it is ineffective. I don't know if the trick of detecting BetterPrivacy's settings and circumventing them is a recent tactic employed by Webmasters or if it is written into the script that sets the LSOs already. Either way, BetterPrivacy doesn't live up to its claims. I brought this information to the attention of the developer who created BetterPrivacy, but he replied that he has no intention of modifying BetterPrivacy to monitor more than one directory, that it isn't necessary--but it is. He said he would not discuss it any further. What we really need is for Macromedia to develop and distribute free of charge a stand-alone program with browser plug-ins to monitor and control incoming LSOs whereby users can allow, block, track, locate, modify, or delete all LSOs that are placed on the user's hard drive. Macromedia created those monsters, and it is their responsibility to give users the means to control or block them at the user's discretion. Clearly Adobe's idea of controlling the settings from the company's Web site is not working. Neither is the third party add-on BetterPrivacy. I want the ability to block the LSOs from being put onto my machine in the first place, not after it has installed and had time to gather personal info and phone it home. If you really look at it, LSOs are nothing more or less than a hacking tool and Trojan rolled into one, especially considering that they have the ability to access a user's webcam and microphone. I have disconnected my webcam and unplugged my mic because of LSOs. There's too much potential for spying and eavesdropping. In my opinion, LSOs should be made illegal. So, that's what I've found by just monkeying around with LSOs and the tools that falsely claim to control or eliminate them. I'll send you a summary, Bill, complete with screen shots of the settings and the results of my little experiments--if TechRepublic will allow me to do that via e-mail or its "contact us" page. I haven't looked to see yet. Actually, there are seven known places on a typical Windows XP system connected to a LAN where LSOs can be stored: the LocalService (2), NetworkService (2), Owner (2), and Windows\system32\config (1) directories--but that's another story.

cloakedrun2001
cloakedrun2001

I do not mind using a http interface to access the settings. I do however object strongly to having to have internet access to control them via the Adobe web-site! SO... if the connection to the Adobe web-site is eliminated or disrupted I have no way of adjusting settings on my local machine? I guess Adobe never heard of time honoured things like privacy and fail-over. I am starting to see an alarming trend to companies thinking that it is OK to try and force everything onto "the cloud". VERY presumptuous! Not everyone has a dedicated connection available. Some people are still on dial-up and will be for a long time. Even when a connection is available for these people, not all will opt-in. I am reminded of my 83 year old mother who still uses and loves her rotary-dial wall phone with a 1.5 foot cord on it and sees no special reason to get a DTMF phone, let alone a phone jack. You get my point. This is just a BAD idea. Time for a 3rd party LOCAL utility which can by-pass the Adobe site!

pkohler01
pkohler01

GreatScot, my response to you is brief: WORD!!

GreatScot
GreatScot

This is an invasion of privacy of the highest order. Having a website that, by default, and with no option to turn it off, has the control panel to my personal property is unethical. I think FCC complaints are in order.