Flash and web privacy FAQ: What are "Flash cookies", or "Flash super cookies"?
A few weeks ago I wrote an article on Web browser privacy, security, and Flash cookies, and as I was just correcting a few mistakes in it, I noticed this line:
When I first installed Better Privacy, I found a whopping 226 Flash cookies (LSO files) on my filesystem.
I was too busy to think about it then, but as I look back at that now, wow. 226 Flash "super cookies" installed on my computer? And I'm supposed to have a little idea of what I'm doing. What about non-technical browser users?
Flash super cookies (LSO cookies)
If you don't know what Flash cookies are, or you think they're harmless, here are some notes about Flash cookies from the Better Privacy plugin page:
Some Flash LSO cookie properties in short...
- they never expire - staying on your computer for an unlimited time.
- by default they offer a storage of 100 KB (compare: Usual cookies 4 KB).
- browsers are not aware of those cookies, LSO's usually cannot be removed by browsers.
- via Flash they can access and store highly specific personal and technical information (system, user name, files,...).
- ability to send the stored information to the appropriate server, without user's permission.
- Flash applications do not need to be visible
- there is no easy way to tell which flash-cookie sites are tracking you.
- shared folders allow cross-browser tracking, LSO's work in every flash-enabled application
- the company doesn't provide a user-friendly way to manage LSO's, in fact it's incredible cumbersome.
- many domains and tracking companies make extensive use of flash-cookies.
These cookies are not harmless.
As I've learned, if you use the Flash Block plugin, and see a little "nugget" in the upper-left corner of your browser when you visit a particular website, the odds are excellent that the website you're looking at is using a Flash cookie to track you. As the notes above say, "Flash applications do not need to be visible", and when you use Flash Block, it makes these hidden Flash applications visible during the Flash blocking process.
Removing Flash super cookies
You can use a browser plugin like Flash Block to block Flash super cookies from being installed on your computer, but what do you do to delete the Flash cookies that are already installed on your system?
Fortunately the Google Chrome browser gave me this answer. They offer a Flash cookie remover option, and all it does is take you to this Adobe URL, where you can remove the cookies:
That URL will display a Flash widget, with the tab set to "Website Storage Settings Panel". The list you see at the bottom of that panel shows all the Flash super cookies that are installed on your system. Just click the poorly-named "Delete all sites" button to delete all the cookies.
More web browser privacy and security information
I could write much more on the web browser privacy and security topic, but hopefully I've covered a lot of ground already in the following articles, so I'll stop here today:
- Better web browser privacy with the Better Privacy plugin
- Flash cookies (LSO cookies) and web browser privacy and security
- iPhone browser privacy and security
Good luck in controlling your own web browser privacy and security!