Friday, 9 October 2009

Um, Flash Has Tracking Cookies . . . And Sites Use Them Without Telling Us?!?

On one of the e-mail lists that I follow that focuses on security, one of the threads caught my eye as I was working my way through the volumes of e-mail.

Apparently, Adobe Flash Player has a cookie tracking mechanism built into it.

“Oh really?” you might say. What does this mean for me?

Well, think about the last In-Private browsing session that was used while working on a client machine with IE8 installed. We use In-Private to browse our own business specific sites if there is a spontaneous need while at a client site and working on their system.

Apparently, the IE8 In-Private feature, or any other browser’s similar feature, does not coordinate with Flash Player!

This was brought to my attention by fellow MVP Derek Knight:

There are a number of ways to deal with this situation.

One is to manage the cookies on Adobe’s Web site:

image

There is something that is just not comfortable about the above procedure.

From there, we can manage them locally:

  • C:\Users\UserName\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DataFolder

All of the cookies will be contained in some randomly named DataFolder under #SharedObjects.

Or, Derek mentions a tool on his blog post that will take them out in one fell swoop:

The nice thing about Steelworxs Steelworx Flush Flash is that it is both Windows and Mac (Leopard and up) friendly.

This little blindside was definitely a wakeup call to make sure to discover all of the tracking mechanisms that can be used on our systems.

The original study on the subject:

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*Our original iMac was stolen (previous blog post). We now have a new MacBook Pro courtesy of Vlad Mazek, owner of OWN.

Windows Live Writer

1 comment:

Chris Knight said...

Yet another reason for using something like Portable Firefox with the NoScript plugin.
Or if you must use IE, then use IE7Pro to help block unwanted web content.