Flash Cookies Are A Type Of Spyware. What Are Ways To Clean Flash Cookies?

Local Shared Objects -- "Flash Cookies"

Introduction

Cookies are small text files used to salve information about an individual or their utilize of a web site. For instance, a cookie can be used to salvage your login name, your preferences for viewing content, or to track you as you browse the Internet.

With the advent of spyware and spyware removal programs, also as media attention and the increase of online literacy, users now understand the purposes and risks of using cookies. Recently, users have become more vigilant in purging cookies from their computers. According to a Jupiter Inquiry study, 58% of online users accept deleted cookies from their computer and 39% of users do so on a monthly footing. This regular "cookie tossing" is causing direct marketers to run into more than invasive methods to track individuals. One of those methods is to set a "Local Shared Object," as well known as a "Flash cookie" to rails individuals. Simply put, the idea backside this tracking is to set two cookies on the user'due south machine--a standard cookie that the consumer may erase, and a second Flash cookie that the user probably will proceed, because the existence of Flash cookies is non well known.

Wink cookies are set up through a mechanism in Macromedia'southward Flash MX player. Co-ordinate to Macromedia, 98% of computer have some version of Flash on their computers.

What is a Local Shared Object (Flash cookie)?

Using previous versions of Flash, developers could salvage information between sessions by using 'normal' cookies, simply the procedure was considered difficult for developers to implement. Placing a normal web cookie requires the use of a scripting language outside of Wink (Javascript or ASP, for instance). Placing a Local Shared Object but requires the use of ActionScript--the scripting language that controls Flash movies. In its newest version, Flash MX, Macromedia introduced the Local Shared Object, which provided an easier way to shop data. Wink cookies can be considered to exist equivalent to 'normal' cookies, salve for a few small-scale differences.

Wink cookies provide the merely method past which a flash movie tin store information on a user's reckoner. Intended uses of the object include storing a user's name, a favorite color or the progress in a game. The actual data is stored in a .SOL file in a special directory on the user'south computer. Using the wink configuration tool, the user can decline Flash cookies by domain also equally control the corporeality of data a site is immune to store. By default, sites are permitted to shop 100kB of information without prompting a user.�

Unfortunately, few consumers are enlightened of where Flash cookies are stored or how to control their utilize. Normal web cookies can exist managed via the preferences dialog of about web browsers, only no like utility is included for these Flash cookies. It is possible for Wink cookies to remain on user's reckoner indefinitely, as there is no machinery to set an expiration date on Wink cookies.

How do Wink cookies permit Identification on individuals?

The type of data stored in a Flash cookie is limited only by the information that the creating Flash picture show has admission to. According to Macromedia's Flash MX Security Whitepaper, this is limited to:

Annihilation in the actual film file
Any information the user provides
Some configuration information nearly the computer running the moving-picture show
Flash cookies created by the aforementioned domain from which the moving picture originated
Servers in the domain from which the moving picture originated

Using some or all of the above categories, the Flash moving-picture show can create a unique ID and store that ID in a Flash cookie on a user's computer. The Wink movie tin can then communicate this data to a database, or other applications. Subsequent visits by the same users could be tracked past reading the ID contained in the Wink cookie.

Who tin can admission a Flash cookie?

As with normal web cookies, a domain can just admission data that it created; information technology is not allowed to read Flash cookies created by other domains. This prevents sites from observing user beliefs at other sites.

How can users prevent Wink cookie tracking?

Like normal cookies, Flash cookies are represented as pocket-size files on users' computers. To preclude Wink cookies from beingness placed, users tin can arrange preferences on a per site basis in the Macromedia Website Privacy Settings Panel. Using this tool, Wink cookies can be completely disabled or allowed on a per domain basis.

To get to the settings console, right click on any Flash movie, click settings and so avant-garde. Macromedia has published a walk through guide to assistance users disable Wink cookies.

Users can get rid of the current Wink cookies and their tracking information simply going to the correct folder (come across below) and deleting them. The Flash cookies are organized in folders co-ordinate to the site that placed them, so users can choose which objects to keep.

Firefox users tin apply Objection, a recently developed extension that adds a LSO deletion tool to Firefox preferences.

Where are Flash cookies stored?

Flash cookies are stored in a special directory depending on the operating system on the client machine. They are bundled in directories according to the site that placed them on the computer (look for a file with a .SOL extension):

Windows C:\Documents and Settings\[username]\Application Data\Macromedia\Flash Thespian
Macintosh OSX /Users/[username]/Library/Preferences/Macromedia/Flash Player
GNU-Linux ~/.macromedia

Persistent Identification Element ("PIE")

United Virtualities (UV), an online marketing firm, has introduced a tracking platform that takes reward of the relative obscurity of Flash cookies. In a press release this March, UV announced PIE, a backup ID system for cookies. Mookie Tenembaum, founder of United Virtualities, explained the reasoning behind the product, "All advertisers, websites and networks use cookies for targeted advertising, but cookies are under attack. According to current enquiry they are being erased past twoscore% of users creating serious problems."

UV's press release as well claims that the PIE system can restore deleted web cookies. Although there is footling official information on the implementation of the PIE organisation, information technology is not likely that the cookie is actually restored. Instead, information technology appears that the Wink cookie acts as a redundancy. That is, the PIE organisation uses Wink cookies as a backup. A site interested in tracking a user would set up a normal cookie and a Flash cookie. If the user erased the normal cookie, the PIE-enabled site could use the redundant Flash cookie to track the user.

To justify this tracking mechanism, UV'due south Tenembaum said, "The user is not proficient plenty in technology to know if the cookie is good or bad, or how it works."

This practice is highly deceptive. By deleting cookies, consumers are clearly rejecting attempts to track them. Using an obscure technology to subvert these wishes is a practice that should be stopped. Cookies have many beneficial purposes and can make the cease user's spider web feel better. Websites should be honest and upwardly front about how they use cookies, and they should respect the decisions of those users who do not want to be tracked via cookies.

News

Tessa Wegert, The Web cookie is crumbling � and marketers feel the fallout, The Globe and Mail, July 21, 2005.
Matt Marshall, Escalation in the Cookie Wars, The Mercury News, Apr eighteen, 2005.
Michael Cohn, Wink Thespian Worries Privacy Advocates, InternetWeek, April 15, 2005.
Tool can resurrect deleted cookies, Out-Police.com, Apr 5, 2005.
Roger Park, United Virtualities Develops ID Fill-in, iMedia Connection, April 1, 2005.
Antone Gonsalves, Company Bypasses Cookie-Deleting Consumers, InformationWeek, March 31, 2005.

Resources

Macromedia.com, How to disable Local Shared Objects.
Trevor Zion Bauknight, Cookies and PIE � An Introduction to Flash Security Cafeid.com.
Waleed Anbar, Your Privacy and Macromedia Flash Player, Macromedia.com.