Flash cookies
Results 1 to 6 of 6

Thread: Flash cookies

  1. #1
    Banned
    Join Date
    Aug 2001
    Location
    Yes
    Posts
    4,424

    Flash cookies

    Just read this article on Wired.com.

    I hope I'm not the only one who had never heard of this (even though it seems to be pretty old) :s

    If you hadn't either, you might want to check this page: http://www.macromedia.com/support/do...manager06.html

    Those are your actual Flash player's privacy settings, and let's just say that, by default, there isn't much privacy there...

    http://www.wired.com/epicenter/2009/...s-think-again/

    You Deleted Your Cookies? Think Again

    More than half of the internet’s top websites use a little known capability of Adobe’s Flash plugin to track users and store information about them, but only four of them mention the so-called Flash Cookies in their privacy policies, UC Berkeley researchers reported Monday.

    Unlike traditional browser cookies, Flash cookies are relatively unknown to web users, and they are not controlled through the cookie privacy controls in a browser. That means even if a user thinks they have cleared their computer of tracking objects, they most likely have not.

    What’s even sneakier?

    Several services even use the surreptitious data storage to reinstate traditional cookies that a user deleted, which is called ‘re-spawning’ in homage to video games where zombies come back to life even after being “killed,” the report found. So even if a user gets rid of a website’s tracking cookie, that cookie’s unique ID will be assigned back to a new cookie again using the Flash data as the “backup.”

    ...
    Now excuse me while I go find out how to use this technique to micro-monitor our customers...
    Last edited by Negative; August 11th, 2009 at 07:18 PM.

  2. #2
    Banned
    Join Date
    Aug 2001
    Location
    Yes
    Posts
    4,424
    I did some experimenting with this, and this is pretty interesting. Pandora.com, for example, uses one called v4_UserCredentials, which stores username and password. Username is plain text, password is encrypted, but still... all you need to do is copy those two values onto another computer, go to Pandora.com, and it automatically logs you in to my account...

  3. #3
    Senior Member t34b4g5's Avatar
    Join Date
    Sep 2003
    Location
    Australia.
    Posts
    2,391
    Interesting Article Negative.

    Just something i'd like to share, but ever since i can remember i've always disabled the Flash to store anything during the session.

    I usually do this via the Global Storage Settings panel.

    Usually while the flash app is loaded you can right click on it and select the settings menu, select the 2nd tab at the bottom, and change the settings.

  4. #4
    AO's Filibustier Cheap Scotch Ron's Avatar
    Join Date
    Nov 2008
    Location
    Swamps of Jersey
    Posts
    378
    Yet another reason to hate Adobe. Frickin sneaky bastards indeed.

    Good find Neg. Thanks.
    In God We Trust....Everything else we backup.

  5. #5
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    In FireFox, the BetterPrivacy "Super-Cookie Safeguard" plug-in should do the job

  6. #6
    Banned
    Join Date
    Aug 2001
    Location
    Yes
    Posts
    4,424
    Good thing I dumped Pandora in favor of Spotify... Pandora doesn't work without Flash cookies.

Similar Threads

  1. Turns .Net to Flash
    By SDK in forum General Programming Questions
    Replies: 0
    Last Post: March 31st, 2005, 12:19 AM
  2. flash for website !!!!!!!!!!!!!!
    By thuongtamnhan in forum AntiOnline's General Chit Chat
    Replies: 3
    Last Post: November 1st, 2003, 03:45 PM
  3. About Cookies
    By Szafran in forum AntiOnline's General Chit Chat
    Replies: 3
    Last Post: September 13th, 2003, 05:21 PM
  4. Flash Tutorial: The Basics
    By morfius in forum Other Tutorials Forum
    Replies: 8
    Last Post: June 7th, 2002, 02:48 PM
  5. Anonymoity Tutorial
    By ac1dsp3ctrum in forum The Security Tutorials Forum
    Replies: 8
    Last Post: February 13th, 2002, 12:36 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •