Friday 9 October 2009

Um, Flash Has Tracking Cookies . . . And Sites Use Them Without Telling Us?!?

On one of the e-mail lists that I follow that focuses on security, one of the threads caught my eye as I was working my way through the volumes of e-mail.

Apparently, Adobe Flash Player has a cookie tracking mechanism built into it.

“Oh really?” you might say. What does this mean for me?

Well, think about the last In-Private browsing session that was used while working on a client machine with IE8 installed. We use In-Private to browse our own business specific sites if there is a spontaneous need while at a client site and working on their system.

Apparently, the IE8 In-Private feature, or any other browser’s similar feature, does not coordinate with Flash Player!

This was brought to my attention by fellow MVP Derek Knight:

There are a number of ways to deal with this situation.

One is to manage the cookies on Adobe’s Web site:

image

There is something that is just not comfortable about the above procedure.

From there, we can manage them locally:

  • C:\Users\UserName\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\DataFolder

All of the cookies will be contained in some randomly named DataFolder under #SharedObjects.

Or, Derek mentions a tool on his blog post that will take them out in one fell swoop:

The nice thing about Steelworxs Steelworx Flush Flash is that it is both Windows and Mac (Leopard and up) friendly.

This little blindside was definitely a wakeup call to make sure to discover all of the tracking mechanisms that can be used on our systems.

The original study on the subject:

Philip Elder
MPECS Inc.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book

*Our original iMac was stolen (previous blog post). We now have a new MacBook Pro courtesy of Vlad Mazek, owner of OWN.

Windows Live Writer

1 comment:

stryqx said...

Yet another reason for using something like Portable Firefox with the NoScript plugin.
Or if you must use IE, then use IE7Pro to help block unwanted web content.