Are Flash Cookies Devouring Your Privacy?

Even if you delete normal tracking cookies regularly to evade tracking by snooping sites and eager advertisers, little-known Flash cookies may be making an end run around your attempts to preserve your privacy.

Flash cookies (also known as local shared objects or LSOs) can save certain Adobe Flash-related settings--storing preferences for watching Flash video on a certain site, for example, or caching a music file for better playback.

But Flash cookies can also store unique identifiers that track the sites you visit, much as regular tracking cookies do. Deleting the regular cookies on your ma­­chine via a standard browser option such as Clear Private Data•Cookies (in Firefox) or Tools•?Delete Browsing History•Delete cookies... (in Internet Explorer) doesn't affect Flash cookies, which are stored elsewhere on your PC.

Flash Cookie Research

A recent study called "Flash Cookies and Privacy" reports that even the private browsing modes in the latest browsers won't hamper LSOs.

Students and researchers at the University of California, Berkeley, and at other universities found that a number of sneaky online actors use Flash cookies to re-create regular tracking cookies that users delete. According to the study, more than half of the top 100 Web sites used Flash cookies, and third-party advertisers tended to be behind the underhanded cookie re-creation effort.

If you don't want your privacy preferences to be ignored, you can try a couple of options. If you use Firefox, you can install an add-on called Better Privacy that displays a summary of your current LSOs and lets you arrange to delete Flash and regular cookies automatically whenever you stop or start the browser. It works well for me.

Flash Player Settings Box

If you don't use Firefox, you'll have to dig into the settings box at Macromedia's Flash Player Help page, which lets you change settings for the Flash Player on your system.

If you want your computer to prompt you for permission to proceed whenever a site wishes to store a Flash cookie on the PC, move the Global Storage Settings slider bar all the way to the left (from ‘100KB' to ‘None'). To disable LSOs, check the Never Ask Again box (doing so is likely to prevent many sites that use Flash content from working correctly).

Likewise, unchecking the ‘Allow third-party Flash content...' option could prevent advertisers from storing Flash cookies on your PC, but it may also prevent Flash video from working correctly on some sites (including 9 out of the 100 sites in the research report).

To delete all existing Flash cookies--good or bad--click the Website Storage Settings tab at the far left of the Flash settings interface, and click the Delete all sites button at the tab's base. To de­­lete them individually, highlight an entry and click Delete website.

Altering these settings once will cover any browser on that PC, according to Adobe. Longer term, the company is looking into allowing Flash cookie controls from the browser menu itself.

Subscribe to the Security Watch Newsletter

Comments