August 11th, 2009, 06:11 PM
Just read this article on Wired.com.
I hope I'm not the only one who had never heard of this (even though it seems to be pretty old) :s
If you hadn't either, you might want to check this page: http://www.macromedia.com/support/do...manager06.html
Those are your actual Flash player's privacy settings, and let's just say that, by default, there isn't much privacy there...
Now excuse me while I go find out how to use this technique to micro-monitor our customers...
You Deleted Your Cookies? Think Again
More than half of the internet’s top websites use a little known capability of Adobe’s Flash plugin to track users and store information about them, but only four of them mention the so-called Flash Cookies in their privacy policies, UC Berkeley researchers reported Monday.
Unlike traditional browser cookies, Flash cookies are relatively unknown to web users, and they are not controlled through the cookie privacy controls in a browser. That means even if a user thinks they have cleared their computer of tracking objects, they most likely have not.
What’s even sneakier?
Several services even use the surreptitious data storage to reinstate traditional cookies that a user deleted, which is called ‘re-spawning’ in homage to video games where zombies come back to life even after being “killed,” the report found. So even if a user gets rid of a website’s tracking cookie, that cookie’s unique ID will be assigned back to a new cookie again using the Flash data as the “backup.”
Last edited by Negative; August 11th, 2009 at 06:18 PM.
August 11th, 2009, 06:50 PM
I did some experimenting with this, and this is pretty interesting. Pandora.com, for example, uses one called v4_UserCredentials, which stores username and password. Username is plain text, password is encrypted, but still... all you need to do is copy those two values onto another computer, go to Pandora.com, and it automatically logs you in to my account...
August 12th, 2009, 03:25 AM
Interesting Article Negative.
Just something i'd like to share, but ever since i can remember i've always disabled the Flash to store anything during the session.
I usually do this via the Global Storage Settings panel.
Usually while the flash app is loaded you can right click on it and select the settings menu, select the 2nd tab at the bottom, and change the settings.
August 12th, 2009, 03:36 AM
Yet another reason to hate Adobe. Frickin sneaky bastards indeed.
Good find Neg. Thanks.
In God We Trust....Everything else we backup.
August 13th, 2009, 12:59 PM
In FireFox, the BetterPrivacy "Super-Cookie Safeguard" plug-in should do the job
August 13th, 2009, 02:45 PM
Good thing I dumped Pandora in favor of Spotify... Pandora doesn't work without Flash cookies.
By SDK in forum General Programming Questions
Last Post: March 30th, 2005, 11:19 PM
By thuongtamnhan in forum AntiOnline's General Chit Chat
Last Post: November 1st, 2003, 02:45 PM
By Szafran in forum AntiOnline's General Chit Chat
Last Post: September 13th, 2003, 04:21 PM
By morfius in forum Other Tutorials Forum
Last Post: June 7th, 2002, 01:48 PM
By ac1dsp3ctrum in forum The Security Tutorials Forum
Last Post: February 13th, 2002, 11:36 AM