Flash Cookies- another privacy concern

Virus & Spyware

Virus & Spyware
Perspectives on PC security, including antivirus, anti-spyware and firewall solutions.

Flash Cookies- another privacy concern

This question is not answered

If you use Adobe Flash Player, as almost all do, you should be aware that it sets flash cookies, also known as Local Shared Objects (LSOs) on your computer. This is not new info, but is seldom discussed.

"With the default settings, Adobe Flash Player does not seek the user's permission to store LSO files on the hard disk. LSOs contain cookie-like data stored by individual web sites or domains. Indeed, as with cookies, online banks, merchants or advertisers may use LSOs for tracking purposes."
- http://en.wikipedia.org/wiki/Local_Shared_Object

Unlike traditional tracking cookies, you cannot block or delete LSOs in your browser. Tracking cookies are limited to 4 KB; Flash Cookies store up to 100 KB of info on you- and give it to websites you visit.

These flash cookies typically have an *.sol extension. I found several  in the following (XP) folder:
C:\Documents and Settings\<user>\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys

I opened one of these settings.sol files in notepad, which revealed the following:

 ¿   TCSO      settings     gain @I        echosuppression   defaultmicrophone   
defaultcamera Angel MPEG Device 
defaultklimit          
defaultalways  windowlessDisable   autoUpdateDisabled   autoUpdateInterval @        autoUpdateLastCheck Br£Ð|«€   crossdomainAllow   crossdomainAlways  secureCrossDomainCacheSize ¿ð        allowThirdPartyLSOAccess  trustedPaths     safefullscreen   domains www.maserati.com www.weather.com www.theglobeandmail.com www.dellswarm.com www.futureshop.ca msnbcmedia.msn.com www.theonion.com www.pcpitstop.com  e.blip.tv www.wthitv.com www.wimp.com ca.mg2.mail.yahoo.com
www.cbc.ca webmessenger.yahoo.com fora.tv wreathsacrossamerica.org
www.ctstv.com
d.yimg.com
www.bbc.co.uk www.paypal.com www.myfoxla.com
news.cnet.com www.dailymotion.com cnettv.cnet.com www.audi.ca www.merriam-webster.com www.vancouver2010.com
l.yimg.com www.poodwaddle.com poodwaddle.com www.ireport.com www.nbcolympics.com www.ctvolympics.ca news.bbc.co.uk www.expertreviews.co.uk store.nike.com neulion.com www-tc.pbs.org videostore2.ctstv.com www.channel4.com news.sky.com www.pbs.org macromedia.com s.ytimg.com ak.c.ooyala.com p.ooyala.com video.google.com s.mcstatic.com mcstatic.com inplay.tubemogul.com www.necn.com publish.vx.roo.com ia.media-imdb.com g-ecx.images-amazon.com cdn.livestream.com admin.brightcove.com media.theonion.com i.cdn.turner.com cdn1.ustream.tv newsimg.bbc.co.uk videocafe.crooksandliars.com lads.myspacecdn.com www.collegehumor.com media.cnbc.com howcast.com www.howcast.com static.ak.fbcdn.net cdn.abclocal.go.com  s.wsj.net www.streetfire.net online.wsj.com www.democracynow.org     panel ?ð        autoUpdateDefaultUpdated  disallowP2PUplink

Obviously a lot of info on websites I have visited, plus other info about my system. Some of those websites I visited years ago, which shows how long these LSOs persist.

You can block these LSOs using the Macromedia Flash Player control panel.

Tutorial on how to do this: How to manage and disable Local Shared Objects

If you want to see if you have these Flash Cookies, and remove them from your system, I can recommend the free utility Flash Cookies Cleaner 1.2, available from Softpedia here:
http://www.softpedia.com/get/Security/Secure-cleaning/Flash-Cookies-Cleaner.shtml

It is a small simple program, that found and deleted over 30 of these files on my system.

More info:
http://www.imasuper.com/66/technology/flash-cookies-the-silent-privacy-killer/

_________________________________________

Dell Forum Member since 2,000

WOT Web of Trust    Use OpenDNS   MalwareBytes' Anti-Malware Free

(Mostly) Free Security Software- A Primer

Windows 7 Home Premium (64- Bit), Panda Cloud AV Free, OpenDNS, SpywareBlaster, MVPS Hosts file, WinPatrol PLUS, IE11, HitmanPro (on-demand 2nd opinion AV scanner),HitmanPro.Alert. Windows software firewall, MBAM Premium, CryptoPrevent, Zemana Antilogger Free, Secunia PSI, WOT, Sandboxie, CCleaner Free, Emsisoft Anti-Malware Free.(yeah, it's probably overkill).

All Replies
  • Joe,

    My understanding is that CCleaner removes Flash Cookies (Applications / Multimedia / Adobe Flash Player).

    Free Internet Security - WOT Web of Trust       Use OpenDNS       MalwareBytes Anti-Malware

    Windows 7 Pro SP1 (64-bit), avast! v2014 Free, MBAM Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, EMET+MBAE, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, IE11 & Firefox (both using WOT [IE set to WARN, FF set to BLOCK]), CryptoPrevent, Secunia PSI.

    [I believe computer-users who sandbox (Sandboxie) are acting prudently.]

  • ky331

    Joe,

    My understanding is that CCleaner removes Flash Cookies (Applications / Multimedia / Adobe Flash Player).

    ky331:

    That was my understanding also.

    I always had that Multimedia/Adobe Flash Player box checked for deletion, and ran CCleaner every night.

    But when I ran Flash Cookies Cleaner 1.2, I discovered otherwise, which prompted the above post.

    _________________________________________

    Dell Forum Member since 2,000

    WOT Web of Trust    Use OpenDNS   MalwareBytes' Anti-Malware Free

    (Mostly) Free Security Software- A Primer

    Windows 7 Home Premium (64- Bit), Panda Cloud AV Free, OpenDNS, SpywareBlaster, MVPS Hosts file, WinPatrol PLUS, IE11, HitmanPro (on-demand 2nd opinion AV scanner),HitmanPro.Alert. Windows software firewall, MBAM Premium, CryptoPrevent, Zemana Antilogger Free, Secunia PSI, WOT, Sandboxie, CCleaner Free, Emsisoft Anti-Malware Free.(yeah, it's probably overkill).

  • Joe,

    My understanding is that the particular flash cookie

    C:\Documents and Settings\user's_name\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol

    holds all the choices/customizations that you make at the Flash Player Control Panel.

    If so, the first advice you offer that "You can block these LSOs using the Macromedia Flash Player control panel",

    is then defeated/undone by using the Flash Cookies Cleaner program to remove that cookie!!

    (or by running CCleaner to remove "all" Flash Cookies.... I have made that one particular cookie an exception in CCleaner:   Options / Exclude.)

    You might want to test this out further, to see if you can confirm or refute what I've just said.

    ----

    On this machine, CCleaner initially found only 2 Flash Cookies (aside from the one I've made an exception).   whereas Flash Cookie Cleaner claimed there were a total of 12 cookies AND FOLDERS (including my exception) [I believe it was 3 cookies and 9 folders].   After removing the 2 Flash cookies via CCleaner, Flash Cookie Cleaner then found only 2 Flash "Objects" remaining:   the exceptional cookie, and an empty FOLDER. 

    Free Internet Security - WOT Web of Trust       Use OpenDNS       MalwareBytes Anti-Malware

    Windows 7 Pro SP1 (64-bit), avast! v2014 Free, MBAM Pro, Windows Firewall, OpenDNS Family Shield, SpywareBlaster, MVPS HOSTS file, EMET+MBAE, MCShield, WinPatrol PLUS, SAS (on-demand scanner), Zemana AntiLogger Free, IE11 & Firefox (both using WOT [IE set to WARN, FF set to BLOCK]), CryptoPrevent, Secunia PSI.

    [I believe computer-users who sandbox (Sandboxie) are acting prudently.]

  • You are correct! Thanks.

    Because I had not been excluding the settings.sol file from that particular folder in CCleaner's exlusions, I kept erasing my Flash security settings every time I ran CCleaner, and thus kept getting Flash cookies placed on my system.

    Thus CCleaner seems to be the more efficient program to use to erase and block these Flash files while maintaining your Flash security settings, providing CCleaner and Flash Player Control Panel are properly configured.

    Flash Cookies Cleaner 1.2 is still of some use to detect the presence of  *.sol files (being quicker than running a search). After configuring CCleaner correctly to exclude that file, I'm seeing only that one (empty) alpha-numeric titled folder, and only that one settings.sol file also.

    For those who are as confused by all of this as I was, and who use both Flash Player and CCleaner, I would suggest:

    1) Open your Flash Player Control Panel to set your security & privacy settings here.

    For maximum security, set your:
    - Global Privacy Settings to "Always deny ..."
    - Global Storage Settings slider to "Zero" (the far left), and uncheck all the options below this,
    - Global Security Settings to "Always deny ..."
    - Global Notification Settings to check "Notify me when an update to Flash Player is available"
    - Website Privacy Settings to "Always deny"
    - Website Storage Settings slider to "zero" (the far left)
    - Peer Assisted Networking Settings: check "Disable P2P uplink for all"
    - Close the FP Control Panel

    2) Configure CCleaner to delete those Flash Cookies, yet maintain your Flash Player security settings:
    - Open CCleaner>Applications tab>Under Multimedia put a check next to "Adobe Flash Player"
    - In the left-hand column, click on Options>Exclude>Add button (right-hand column)
    - Under "Files and folders to exclude", browse to:
    C:\Documents and Settings\<username>\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol >click OK
    - Close CCleaner

     

     

     

    _________________________________________

    Dell Forum Member since 2,000

    WOT Web of Trust    Use OpenDNS   MalwareBytes' Anti-Malware Free

    (Mostly) Free Security Software- A Primer

    Windows 7 Home Premium (64- Bit), Panda Cloud AV Free, OpenDNS, SpywareBlaster, MVPS Hosts file, WinPatrol PLUS, IE11, HitmanPro (on-demand 2nd opinion AV scanner),HitmanPro.Alert. Windows software firewall, MBAM Premium, CryptoPrevent, Zemana Antilogger Free, Secunia PSI, WOT, Sandboxie, CCleaner Free, Emsisoft Anti-Malware Free.(yeah, it's probably overkill).

  • joe53

    - Under "Files and folders to exclude", browse to:

    C:\Documents and Settings\<username>\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol >click OK

    - Close CCleaner

     

    For Vista/Win7 x86 users, the path would be:

    C:\Users\<username>\Application Data\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol.

    (Not sure if this would also be the same for 64 bit systems)

     

    If like me, you have Flash installed for a non-IE browser only, and not IE, CCleaner won't even list Flashplayer.

    THIS THREAD contains the info needed to modify CCleaners .INI file so that non-IE flash shows up.

     

    For Firefox users, there is a nice addon that takes care of Flash Cookies - BetterPrivacy. I tried this addon earlier and it works very well.

    Even if you don't use this addon, the notes and FAQ's on the download page make pretty interesting reading.

    BetterPrivacy FAQ's

    Q: I notice that when I go to the Flash Player settings manager site I still get a list of visited pages.

    A: In default configuration BetterPrivacy does *not* delete the Flash-Player-default cookie. Some users consider the default cookie as important since it keeps Flash-Player update settings as well as some camera or microphone settings. The default cookie also keeps a complete list of all visited flash-cookie pages. However, the stored data associated with those visited pages will be deleted by BetterPrivacy though.

    As long as the default cookie is kept, Flash-Player's settings-manager still shows a complete list of all visited pages, even if BetterPrivacy deleted all data storing objects. Go to BetterPrivacy's options and check 'Also delete Flash-Player default cookie' in order to remove the list of visited pages as well as the Flash-Player settings.

    Regards,