[plug] Flash 'cookies'
Steve Boak
sboak at westnet.com.au
Thu Feb 4 11:33:22 WST 2010
Hi All
Just read this disturbing article about LSOs or "Local Shared Objects" placed
in the .macromedia folder by some Flash programs.
http://www.wired.com/epicenter/2009/08/you-deleted-your-cookies-think-again/
They apparently work like cookies, but are never deleted, and can be used by
some Flash programs to 'backup' standard cookes and replace them if the cookie
is deleted. It seems several advertising companies are already using them to
track preferences and ad placements.
I found 67 folders containing over 100 of the little beasties under
~/.macromedia/Flash_Player/#SharedObjects/RZXX9SFB/ on my system (the
'RZXX9SFB' seems to be a randomly generated folder name).
The filenames are all *.sol, most seemed to be innocuous settings for volume
controls etc. Contents can be viewed with hexdump. There appears to be an
identifying string of 'TCSO' in bytes 6-9 then a series of ascii key and
binary(?) value pairs.
The flash cookies are not encrypted, and Flash is not required to create,
read, or write these files, so any private information stored within them is
open to any application with access to your home directory.
There is a Firefox addon to control them and more information at
https://addons.mozilla.org/en-US/firefox/addon/6623
Adobe provides more information at
http://kb2.adobe.com/cps/526/52697ee8.html
and a rather cumbersome control panel to control or even delete these LSOs at
http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html
I used this to clean up the files on my system, and it did delete them all.
Steve
More information about the plug
mailing list