Naked Science Forum
General Discussion & Feedback => Just Chat! => Topic started by: RD on 02/08/2010 18:50:38
-
They are not ostentatious biscuits. They are records of the sites you have visited that use the Adobe Flash player which are stored on your computer. They are not like regular cookies which your browser can delete when it closes: these are super-cookies (http://www.fightidentitytheft.com/blog/new-breed-super-cookie-defies-removal-almost).
If you click on the macromedia link below you should see the flash cookies stored on your computer, (scroll down the list !).
http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html
-
That's funny coz all I get is this Blue monster eating the letter C.
-
That's funny coz all I get is this Blue monster eating the letter C.
[:D] [:D] [:D] [:D] [:D] [:D] [:D] [:D] [:D] [:D] [:D] [:D] [:D] [:D] [:D]
-
There's something else that begins with C that I like to eat !
Cheese ! [;)] [ Invalid Attachment ]
-
Nast cookies these, I generally delete them regularly, especially those set by sites I have no wish to have remember my browsing habits, so as to provide "better" targeted advertising.
Of course there is also the good old Hosts file, which has a lot of sites in that are permanently blacklisted, like most spam sites and link farms.
-
That's funny coz all I get is this Blue monster eating the letter C.
[:D] [:D] [:D] [:D] [:D] [:D] [:D] [:D] [:D] [:D] [:D] [:D] [:D] [:D] [:D]
That is not the one I get. I'd not seen that one. On mine cookie monster eats the letter C.
-
Nast cookies these, I generally delete them regularly
I thought CCleaner (http://en.wikipedia.org/wiki/CCleaner), (which I run several times a week), was removing Flash cookies …
[ Invalid Attachment ]
But when I checked (http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html) I found scores of Flash cookies stored, some many months old.
-
If you clean your cookies they just go soggy and the chips melt.
Seriously, I'll ask my son Murray for his advice on this as he is a bit of a whizz.
-
Other sites can only read their own flash cookies - they cannot read the cookies of other sites, so a site can't tell which sites you have been to - they can only read data that they have stored.
These cookies are almost always harmless - all they do is store your preferences for the site. If you delete them, you will find you need to re-specify yor preferences next time you visit one of these sites that uses flash to store them.
If you do want to delete them, however, the first page you linked to looks like it will be able to do it. Just click "Delete all sites". I haven't tested this, however.
(From Murray)
EDIT: If you do want to stop them permanently, use the first site you linked to (the Adobe one), and select the second tab along. Drag the slider to "none", and you're done.
-
There's something else that begins with C that I like to eat !
[:o] [:o] [:o]
-
If you do want to delete them, however, the first page you linked to looks like it will be able to do it. Just click "Delete all sites". I haven't tested this, however.
Yes I’ve done that now (and prevented future Flash cookies from being saved), but I, (like many people), wasn’t aware of that macromedia page, and I thought CCleaner was deleting the Flash (super) cookies. I think I’ve figured out what’s gone wrong: CCleaner was deleting the flash cookies accumulated when using one browser but not those accumulated by another browser.
… a site can't tell which sites you have been to - they can only read data that they have stored.
A tracking cookie can be used to record sites you have visited ….
For example: Suppose a user visits www.domain1.com and an advertiser sets a cookie in the user's browser, and then the user later visits www.domain2.com. If the same company advertises on both sites, the advertiser knows that this particular user who is now viewing www.domain2.com also viewed www.domain1.com in the past
http://en.wikipedia.org/wiki/HTTP_cookie#Third-party_cookies
-
Just found another source of old browsing history … Java, (+100 entries), again I thought CCleaner had this covered.
[ Invalid Attachment ]
I visited that Kapersky site over a year ago, there is no record of it in my browser as I didn't bookmark it, but it has been recorded in Java.
-
Yes I have heard of it, infact I am using it in clearing web history
-
99% of all scripts are from adverts, best is to bite the bullet, use Firefox and the 2 most recommended addons, Noscript and Adblock Plus.
Amazing how clean pages are then, plus you lose most of the annoying in your face flash adverts, plus you get a lot of scripting error protection for free. Helps to as an addon to antivirus, as it generally stops most of the malware drive by downloads from happening.
-
use Firefox and the 2 most recommended addons, Noscript and Adblock Plus.
You're preaching to the converted ...
[ Invalid Attachment ]
There is an add-on for FireFox called "Better Privacy (https://addons.mozilla.org/en-US/firefox/addon/6623/)" which supposedly gets rid of super-cookies, (I've yet to try it).
-
As far as I understand you can't delete flash cookies 'globally'. I wrote to them and asked what the ph* they were doing when I first found that the settings I made in their *stupid* net-based manager only blocked the sites I had been at that moment. Those cookies can be up to 100 Kb and so contain codes on over one million letters. As for what you can do in Flash I'm not sure, but I know that most people involved with net based security are quite wary about Flash, some refusing to install it.
I don't like it either, it's not like Java that are enclosed in a so called 'sand box' restricting it from 'watching'. It's a ugly solution, used on people unwary, generating a lot of income for MacroMedia as a lot of companies use it to check on what you do, and go. One million letters will allow to write some pretty complicated code, I'm not sure of what the limitations of it may be security-wise though? You need to be programming Flash for that one and as I said. I just don't plain like it :)
There are several add-ons for browsers now though that will keep an eye on those new super-cookies, like 'BetterPrivacy' for Firefox. In that you can set those cookies to be deleted on start or finish of your browsing and also make it warn you when new cookies are set if you like.
I like that.
==Quotes==
"Most Web-browser users do not realize that Web pages do not have to offer any visible signs that a Flash application is running and accessing personal information stored in SOL files. Even Web developers know that it would be difficult to detect if a Flash application were utilizing SOL files.
To this day, there is little public awareness of Adobe/Macromedia’s hidden, proprietary-cookie LSOs, and no widespread, well-known utility-suite, anti-spyware, or anti-adware programs that address them. Users who delete traditional cookies with such programs may find those cookies resurrected because of Adobe/Macromedia’s LSOs: “Tool Can Resurrect Deleted Cookies” (Out-Law.com). Since LSOs, unlike traditional cookies, have no expiration dates, the information resurrected in those cookies may persist indefinitely.
Specially crafted files have been shown to cause Flash applications to malfunction, by allowing the execution of malevolent code. The Flash Player has a long history of security flaws that expose computers to remote attacks. In addition to entries in the Open Source Vulnerability Database, security advisories published in August 2002, December 2002, and November 2005 highlight just three examples of reports about various Flash Player versions that allowed the takeover of a victim’s PC, whether the viewed Flash SWF file had been embedded in a Web page, sent in an e-mail, or downloaded by the user."
And about BetterPrivacy specifically
"In a nutshell,
* Most LSOs (also known as Locally Stored Objects, or Flash cookies) are used for tracking purposes.
* Banking sites use LSOs legitimately as part of the authentication process. If your bank does this, you should select the respective LSO and click the Prevent automatic LSO deletion button.
* Sign-in seals are another example of a legitimate use. Some sites (e.g. Yahoo!) offer this feature as an attempt to thwart fraud attempts (also known as phishing).
* Some sites will also store Flash components to speed up loading times the next time you visit. If you have a reasonably fast Internet connection, the benefit is almost non-existent.
As for the settings,
* You should select the options that best suit your needs. Personally, I prefer "Delete Flash cookies on exit" without asking.
* I also have "Also delete Flashplayer default cookie". While this deletes any preferences set in the settings manager, it's the only way to get rid of the Flash history of all sites visited, so I find it's a small sacrifice.
* DOM Storage. Firefox prompts you if a site attempts to use this feature, so it doesn't really matter what you select here.
* Disable Ping Tracking. This is checked by default. Leave it that way."
-
JimBob was quite good at flashing his cookies, but he kept getting arrested.