Flash cookies

Printable View

August 11th, 2009, 06:11 PM
Negative

Flash cookies

Just read this article on Wired.com.

I hope I'm not the only one who had never heard of this (even though it seems to be pretty old) :s

If you hadn't either, you might want to check this page: http://www.macromedia.com/support/do...manager06.html

Those are your actual Flash player's privacy settings, and let's just say that, by default, there isn't much privacy there...

Quote:

http://www.wired.com/epicenter/2009/...s-think-again/

You Deleted Your Cookies? Think Again

More than half of the internet’s top websites use a little known capability of Adobe’s Flash plugin to track users and store information about them, but only four of them mention the so-called Flash Cookies in their privacy policies, UC Berkeley researchers reported Monday.

Unlike traditional browser cookies, Flash cookies are relatively unknown to web users, and they are not controlled through the cookie privacy controls in a browser. That means even if a user thinks they have cleared their computer of tracking objects, they most likely have not.

What’s even sneakier?

Several services even use the surreptitious data storage to reinstate traditional cookies that a user deleted, which is called ‘re-spawning’ in homage to video games where zombies come back to life even after being “killed,” the report found. So even if a user gets rid of a website’s tracking cookie, that cookie’s unique ID will be assigned back to a new cookie again using the Flash data as the “backup.”

...

Now excuse me while I go find out how to use this technique to micro-monitor our customers...
August 11th, 2009, 06:50 PM
Negative

I did some experimenting with this, and this is pretty interesting. Pandora.com, for example, uses one called v4_UserCredentials, which stores username and password. Username is plain text, password is encrypted, but still... all you need to do is copy those two values onto another computer, go to Pandora.com, and it automatically logs you in to my account...
August 12th, 2009, 03:25 AM
t34b4g5

Interesting Article Negative. :)

Just something i'd like to share, but ever since i can remember i've always disabled the Flash to store anything during the session.

I usually do this via the Global Storage Settings panel.

Usually while the flash app is loaded you can right click on it and select the settings menu, select the 2nd tab at the bottom, and change the settings. :)
August 12th, 2009, 03:36 AM
Cheap Scotch Ron

Yet another reason to hate Adobe. Frickin sneaky bastards indeed.

Good find Neg. Thanks.
August 13th, 2009, 12:59 PM
nihil

In FireFox, the BetterPrivacy "Super-Cookie Safeguard" plug-in should do the job ;)
August 13th, 2009, 02:45 PM
Negative

Good thing I dumped Pandora in favor of Spotify... Pandora doesn't work without Flash cookies.