Why are Flash cookies a privacy hazard?
Local Shared Objects (LSO), commonly known as Flash cookies, are used by any website that contains Flash based animations or videos, the Flash Player uses a sandbox security model and the cookies it installs are not handled by your browser, this means that you can not delete them using the browser cookie manager.
There is relatively little public awareness of Local Shared Objects, many of the most popular sites on the web are dependent on Flash, and thus a high percentage of Internet users have installed the Flash plug-in.
Adobe Flash Player default settings does not seek the user’s permission to store Flash cookies on the hard disk, those cookies are then used for tracking purposes by websites. Online banks, merchants or advertisers all may use hard to erase Flash cookies for tracking purposes.
Flash cookies storage mechanism is sometimes used by evercookies and since they are not browser based there is currently no easy way for the average user to remove them, simply deleting the files does the job but a user would need to know where they are located. This makes Flash cookies very persistent on the local system and hard to erase without specialist software.
The private browsing features in Chrome and Firefox are a complete false sense of privacy and security since both browsers do not have build in protection against Flash cookies not even in private mode browsing.
Differences between conventional cookies and Flash cookies
The Flash standard incorporates local Shared Objects (LSOs), which allows data such as preferences to be stored in the local Flash instance on a user’s machine. Flash cookies are stored as individual files with a .sol file extension, by default they are less than 100 Kb in size and unlike traditional HTTP cookies, they have no expiration date.
- A browser cookie has a limit of just 4Kb while flash cookies can store up to 100Kb.
- A browser cookie has an expiration date a flash cookie does not expire.
- A browser cookie can be deleted using the browser cookie manager, a Flash cookie can not.
Flash Cookies give very similar information to what we find in traditional HTTP cookies such as what websites were visited, when the site was first and last visited and since the .sol (Flash cookie extension) files are saved individually, there are also a set of file system timestamps that give away the date and time certain website was visited.
Important to note that Flash based advertisements also have the ability to save Flash cookies in your computer and you do not need to have visited their domain in order to have one of its cookies stored in your hard disk, just viewing and advertisement from that website will be enough reason to have one of its Flash cookies in your hard disk.
MAXA cookies manager
Firefox plugins to delete flash cookies
NoScript FireFox plugin: The NoScript Firefox extension provides extra protection for Firefox, Seamonkey and other Mozilla-based browsers. This free open source add-on allows JavaScript, Java and Flash and other plugins to be executed only by the trusted web sites of your choice.
BetterPrivacy FireFox plugin: BetterPrivacy is a safeguard which protects from usually not deletable Flash cookies on Google, YouTube, Ebay. Better Privacy Firefox extension is a free tool for identifying and removing Flash cookies from your local system.
Ghostery FireFox plugin: FireFox plugin to detect trackers, web bugs, pixels, and beacons placed on web pages by ad networks, behavioral data providers, web publishers, and other companies interested in your activity. Ghostery allows you to block scripts from companies that you don’t trust, delete local shared objects, and even block images and iframes.
Click&Clean FireFox plugin: This Firefox plugin can erase all temporary Internet files, remove downloaded files history, cookies (including Flash cookies) and typed URLs. Quick&Clean allows to delete private data when Firefox closes.
Windows software to delete Flash cookies
Flash Cookie Cleaner: Freeware application that allows you to view and delete the flash cookies from your computer, it does not offer customization but gets the job done quickly and efficiently.
Maxa Cookie Manager: A windows tool that can manage Flash cookies together with conventional cookies, works with all major browsers and handles all kinds of cookies in a centralized way. The Pro version allows you to keep some cookies while deleting the tracking cookies and web bugs.
.sol Editor (Flash Shared Object): This open source Flash cookie editor can open and create a Macromedia Flash shared object file (.sol), display the content of the file and allow you to change the values.
Macromedia Flash manager: By visiting Macromedia Flash settings website you can view Flash cookies locally stored in your computer and use the Adobe Flash player manager to delete Flash cookies as well as deciding to trust or reject them permanently in the future.
To make sure your system is clean of Flash cookies you can perform a search of your entire hard disk, including hidden and system files, for the extension *.sol, since Flash cookies use the .sol extension.
Why is this post tagged EVERCOOKIES? There is NOTHING in this post about evercookies!
You are correct Xiaoindg, this post only deals with flash cookies, when creating a new cookie evercookies sometimes use Local Shared Objects (Flash Cookies) but the post should not have been labelled that way, the title has now been changed. Thank you for bringing this up.