[plug] Flash 'cookies'

Steve Boak sboak at westnet.com.au
Thu Feb 4 11:33:22 WST 2010

Hi All

Just read this disturbing article about LSOs or "Local Shared Objects" placed 
in the .macromedia folder by some Flash programs.


They apparently work like cookies, but are never deleted, and can be used by 
some Flash programs to 'backup' standard cookes and replace them if the cookie 
is deleted. It seems several advertising companies are already using them to 
track preferences and ad placements.

I found 67 folders containing over 100 of the little beasties under 
~/.macromedia/Flash_Player/#SharedObjects/RZXX9SFB/ on my system (the 
'RZXX9SFB' seems to be a randomly generated folder name).

The filenames are all *.sol, most seemed to be innocuous settings for volume 
controls etc. Contents can be viewed with hexdump. There appears to be an 
identifying string of 'TCSO' in bytes 6-9 then a series of ascii key and 
binary(?) value pairs.

The flash cookies are not encrypted, and Flash is not required to create, 
read, or write these files, so any private information stored within them is 
open to any application with access to your home directory.

There is a Firefox addon to control them and more information at 

Adobe provides more information at
and a rather cumbersome control panel to control or even delete these LSOs at 

I used this to clean up the files on my system, and it did delete them all.


More information about the plug mailing list