Chrome, IE To Allow Users To Delete Flash Cookies 110
Trailrunner7 writes "The upcoming release of Adobe Flash Player 10.3 will give users of most of the major browsers the ability to delete Flash cookies in much the same way that they're able to erase normal Web cookies, thanks to a better integration with privacy settings in Internet Explorer and Google Chrome. The addition of the ability for users to delete the cookies set by plug-ins and browser add-ons gives them better control of the security and privacy of the content on their machines and is designed to address a serious issue that's been plaguing Flash for some time. Security and privacy experts have warned about the implications of so-called Flash cookies, which are set by Flash and difficult for users to find and delete."
And what about evercookie? (Score:4, Interesting)
http://en.wikipedia.org/wiki/Evercookie [wikipedia.org]
http://samy.pl/evercookie/ [samy.pl]
Evercookie is unstoppable, irrevocable, undeleteable, and it represents a new trend. When is Google and Microsoft going to do something about this? Or do they and others conspire to use this evil mega cookie to track us?
Re:And what about evercookie? (Score:5, Insightful)
Re: (Score:2, Interesting)
In my tests incognito mode was enough to delete the evercookie. I simply quit the browser and restarted.. it didn't know who I was. Try it here http://samy.pl/evercookie/
Re: (Score:2)
Pretty sure that's not the case anymore about Flash LSO's and Incognito mode. (Could just be the custom version of Chromium called SRWare Iron I'm using, though.)
Re: (Score:2)
Seems like it is deletable, hard to find maybe but you can always delete your whole browser profile.
Re:And what about evercookie? (Score:5, Insightful)
Or run the browser and all of its minions (including flash) in a sandbox, which allows you to snap shot it at some point in time, and flush that sandbox after each browsing session and restore from the snapshot at the start of each new session.
As long as every program has access to the Windows Registry, you will have to sandbox that as well, allowing access to a shadow copy.
But the real problem here is that Joe Sixpack is not in a position to be knowledgeable about all of this. Criminal sanctions against users of Evercookie might keep corporate marketing droids from going down that path, but they won't stop the off-shore porn sites or gambling sites from embedding this type of technology.
Re: (Score:3)
Windows Registry? I can't find one of those on any of my machines. Install browser in chroot, copy to another location. Then copy before version over after version.
Joe Sixpack is not in a position to be knowledgeable about anything, no need to worry about it.
Re: (Score:3)
Joe Sixpack is not in a position to be knowledgeable about anything, no need to worry about it.
How very magnanimous of you.
So in your little provincial world, the only people deserving of protection from cookie mining evil corporations and government spies are long practicing linux users? The rest are just cannon fodder?
I suppose this means the only people deserving of medical privacy are the doctors themselves? The only ones deserving of police protection are the cops themselves?
Re: (Score:3)
Talk about putting words in my mouth.
Users are not even interested in this, they don't care about their privacy. For a good example of just that go take a look at facebook. No need for anyone to worry about protecting those who do not care to be protected.
Police protection is a joke. They investigate after, not protect you. The police are 30 minutes away, my own protection is much closer.
Re: (Score:2)
Talk about putting words in my mouth.
Users are not even interested in this, they don't care about their privacy. For a good example of just that go take a look at facebook. No need for anyone to worry about protecting those who do not care to be protected.
Most users (and I'd include myself in this list) are very interested in some aspects of privacy. I care quite a bit if someone access my bank account and takes my money. I don't care at all if someone wants to send me an email, or get in touch with me because of a common interest. Privacy does not have to equate to invisibility.
Re: (Score:2)
How very magnanimous of you.
So in your little provincial world, the only people deserving of protection from cookie mining evil corporations and government spies are long practicing linux users?
No. Those running Windows on a virtual machine are OK too. As long as they blow away the Windows VM after use.
Re: (Score:3)
Assuming he's literate, he's in a position that is as good as yours or mine.
It's merely a question of willingness. I agree there's only so much you can possibly do for someone who won't lift a finger to help himself. That's a character weakness and I wouldn't be doing anyone any favors if I validated it. For that I make no apology.
It reminds me of that joke: "a 'computer expert' is someone who can read the manu
Re: (Score:2)
It's merely a question of willingness. I agree there's only so much you can possibly do for someone who won't lift a finger to help himself.
That is the position I was talking about. Joe Sixpack does not care, and will not care. The position of Joe Sixpack is that anything that requires reading or 5 minutes of his time is to hard for him.
As I have now two responses that seem to assume I think Joe Sixpack is some sort of invalid I will admit I should have been clearer.
Re: (Score:2)
It's merely a question of willingness. I agree there's only so much you can possibly do for someone who won't lift a finger to help himself.
That is the position I was talking about. Joe Sixpack does not care, and will not care. The position of Joe Sixpack is that anything that requires reading or 5 minutes of his time is to hard for him.
As I have now two responses that seem to assume I think Joe Sixpack is some sort of invalid I will admit I should have been clearer.
There seems to be this unstated consensus that unless you excuse, legitimize, and enable any and all forms of intellectual laziness and willful helplessness, then you must be some kind of cold-hearted bastard who wants the poor to starve, old ladies to eat dog food, and baby seals to get clubbed to death.
There's also this widespread and completely false notion that you're doing anyone any favor by teaching them to be at the mercy of others for basic things they are actually capable of doing themselves. Lik
Re: (Score:2)
This is easily one of the best posts I've read in years, and there are many who would treat you with scorn simply for uttering such notions.
Re: (Score:2)
I always feel humbled whenever I receive a high compliment like that. Thank you. I will add that I don't think I was being particularly insightful, clever, or articulate. I think I was just being honest. If you do it that way, you don't really need elaborate technique or silver-tongued eloquence to discuss the nature of things.
Of all things this reminds me of the notion of a "Constitutional scholar". The Constitution is easy to understand. It does
Re: (Score:2)
Joe Sixpack is not in a position to be knowledgeable about anything
Wrong! Joe sixpack knows plenty about beer...
...and quite likely about football and women.
Re:And what about evercookie? (Score:5, Funny)
Considering the most sold beers in the USA include bud lite and miller lite, I can safely say he knows nothing about beer. He is a connoisseur of beer flavored waters though.
Evercookie, say hello to volatile storage. (Score:2, Informative)
Evercookie is unstoppable, irrevocable, undeleteable, and it represents a new trend.
A RAMDisk is an emulated disk that uses system memory and is erased completely during shutdown.
Symbolic links and hard links are pointers that let you direct files and directories to other locations, such as RAMdisks.
Reboot. What evercookie?
Takes about 10 mins to set up properly. Using Windows? CCleaner can help you with any missed temp files. Schedule it to run at startup.
Re:Evercookie, say hello to volatile storage. (Score:4, Informative)
Hard links do not work across paritions/drives symlinks are what you want.
Re: (Score:2)
Hard links do not work across paritions/drives symlinks are what you want.
I think you may be misunderstanding what he's saying. Let's say you want to have a hard link to R:
The easiest approach doesnt even require a redirect. Simply point everything hard linked to the RAMdisk (R:). A simple batch file on startup is all it takes to set back up the ramdisk during boot so it's functional as if it was always there and always a part of the system. That also makes it easy to have the "safe copy" nicely tucked away for repeat reloading whenever one wants - or on each reboot when the ra
Re: (Score:2)
Windows RAM drive [ltr-data.se]. Works great with browser temporary data. You can use junctions to map adobe temporary folders to your RAM drive.
They don't NEED to conspire... (Score:3)
It's not unstoppable. I'd mod you up for informative, but you mention that it is so good that it is unstoppable. It is not unstoppable or undelete-able on all browsers. In fact, it can be removed from Chrome [threatpost.com]. It is therefore, not a limitation of the browser. They don't NEED conspire. Regular cookies rarely get deleted by most users.
If you are wiping out your cookies and using ad blocking and script blocking software, they already know you are the least likely user to click an ad if you saw one. The on
Re:They don't NEED to conspire... (Score:4, Interesting)
Really?
Because you hear of deliberate violations of do-not-call lists, and everybody likes to make it hard to get off their spamvertising lists.
It seems like common sense to you and me, but I'm not sure that the unethical marketing people (not all, but the unethical ones) have got there yet. They seem to think it's extra important to annoy the hell out of people who've already decided they don't want to be annoyed.
Re: (Score:2, Insightful)
You want their content, they set the rules. You dont like it, dont view their content.
This isnt rocket science, people.
Re: (Score:2)
Repeat after me: an HTTP connection is not a contract.
Site owners are free to offer suggestions as to how to show the content they're freely offering who connects to their public server. I am similarly free to ignore those suggestions, and accept or render only the parts I want.
After all, if they don't want me seeing the content, all they have to do is stop giving it away.
Re: (Score:2)
Sure, youre free to block their cookies, so long as they choose to allow you to do so. They could quite easily refuse to let you access any content if you refuse to set cookies.
Youre right its not a contract, but its THEIR content.
Re: (Score:2)
Cool, put counter-adblocking in place, refuse to serve content to people that block your ads.
That way people can decide whether to enable the ads to see the content and neither party gets ripped off. It makes the relationship explicit.
I fully support that.
Google and Microsoft were the examples (Score:2)
He said "Google and Microsoft". Google and MS are not violationg do-not-call nor can-spam. And by extension, Google websites (search, gmail, etc), properties (Doubleclick), and Microsoft Bing and their web properties. That accounts for an extremely large portion of web advertising, not just on their sites, but on third party sites, phones, and apps.
Re: (Score:2)
Firstly, the OP said google and microsoft in reference to their role as browser manufacturers, then referred to them and others potentially being involved in evercookies.
Secondly, The post I replied to didn't reference either company.
Thirdly, I didn't say they were violating laws (though there certainly are people that violate DNC), I said that marketers and advertisers, particularly the unscrupulous ones, go out of their way to target people who don't want to be advertised to. The point being that it's cou
If you use Linux (Score:1)
this is easy to escape.
Nothing escapes the event horizon that is /dev/null
To have Flash functionality without cookies being set and/or saved to disk, just symlink a couple of files to /dev/null and forget about it.
CD $HOME
rm -rf .adobe .macromedia
ln -s /dev/null .adobe
ln -s /dev/null .macromedia
Something else people forget about is CSS. Websites can use CSS to track you across sites as well. There are a couple of ways to defeat this. The easiest is to set remembering URLS to zero (0). The second is to surf
Re: (Score:2)
Its an arms race. You can try to keep ahead, but the advertisers are willing to spend a lot of money to be able to track individuals.
Re: (Score:2)
You're taking this wildly off topic. Evercookie depends on a large group of features and this is a mitigation for one of those features.
Re: (Score:2)
Re:Define "Difficult" (Score:4)
Yeh you're right, because the average joe blogs on the street wants to understand where Flash puts it's cookies rather than simply selecting the "delete cookies" menu option.
Oh wait no, that's bollocks ;).
Re: (Score:1)
The average joe is not going to even use the menu option. This is slashdot, stop worrying about the average idiot.
Re: (Score:2)
stop worrying about the average idiot.
Worrying about those less able to take care of themselves is what civilisation is all about.
Re: (Score:2)
You could pull up the Chrome wrench --> Under the hood --> Clear browser data and click the "Adobe flash player storage settings" link.
Lets you manage flash cookies to your heart's content. Boy, that was difficult.
Re: (Score:2)
Yeh, because the average joe isn't going to be scared of clicking an "under the hood" button.
Oh wait, that's bollocks too ;)
Re: (Score:2)
Where would you propose they put such an option?
Firefox (Score:5, Informative)
And for Firefox users there is Better Privacy [mozilla.org].
From the Better Privacy site:
Better Privacy serves to protect against not deletable longterm cookies, a new generation of 'Super-Cookie', which silently conquered the internet. This new cookie generation offers unlimited user tracking to industry and market research. Concerning privacy Flash- and DOM Storage objects are most critical.
This addon was made to make users aware of those hidden, never expiring objects and to offer an easy way to get rid of them - since browsers are unable to do that for you.
emphasis mine
Re:Firefox (Score:5, Informative)
Actually, Firefox 4 supports this as well, out of the box.
Re:Firefox (Score:4, Interesting)
And for Firefox users there is Better Privacy [mozilla.org].
Actually, Firefox 4 supports this as well, out of the box.
FWIW - and it's worth it to me - Better Privacy provides better control in that I can set duration for the cookie. Mine are deleted after 5 minutes of last access. That works for sites like youtube that store the volume setting in the flash cookie, but still gives pretty good protection against flash cookies that might be misused due to lasting until I exit firefox (something I only do once or twice a month).
Re: (Score:3)
Sure. Better Privacy is nice if you want its features. But it's not strictly necessary to just delete Flash cookies, which is what the article is about.
Re: (Score:1)
And even if it _didn't_, what the fuck is wrong with rm? Or deleting them with a file explorer?
Have we been SO dumbed down as a society that we are no longer even capable of basic filesystem operations such as removing files?
I swear that watching the last 30 years has seemed like a continual process of seeing people get stupider and stupider until even the most basic thing are now considered "too hard". I await the time that turning the computer on is considered "too hard" for the average person to be exp
Re: (Score:2)
Actually, Firefox 4 supports this as well, out of the box.
Yes, it does, and I don't know why TFA doesn't mention it. This, from the Adobe Flash Player 10.3 beta release notes [adobe.com]:
Integration with browser privacy controls for managing local storage – Users will have a simpler way to clear local storage from the browser settings interface – similar to how users clear their browser cookies today. Flash Player 10.3 integrates control of local storage with the browser’s privacy settings in Mozilla Firefox 4, Microsoft Internet Explorer 8 and higher, and future releases of Apple Safari and Google Chrome. See this related post we published in January.
Re: (Score:2, Informative)
Yep. Has existed for several years now, including for older versions of Firefox like FF3.5
(and maybe 3?)
The only thing is it had to do it on disc due to lack of an Adobe API.
However, Better Privacy works even with older versions of Flash, like 10.2 - unlike this new method which requires Adobe's cooperation.
Better Privacy logo? (Score:2)
Can somebody explain what the meaning of the 'no moldy whipped cream on pumpkin pie' icon is? I mean, I agree, but fail to see the connection.
Not in the FAQ, I looked.
Re: (Score:2)
It's nice to have this in the latest versions of all the popular browsers (Firefox, IE, and Chrome) and it took cooperation from Adobe to make that happen. Good on them too.
Re: (Score:1)
Ghostery also does this, nixing flash cookies. BTW, it has recently being bought by a marketing firm, although per the documentation they claim not to track users. FYI.
That is good (Score:2, Funny)
Maybe it can stop all the horrible flash ads too..
Although, sometimes they aren't so undesirable, such as when they're like this [upup-downdown.com] (warning: although there's no nudity you wouldn't want your boss seeing you look at that).
Re: (Score:2)
Flashblock. Why it is not the default I will never understand.
Re: (Score:2)
NoScript is better. Once I will detect a website tries to evercook me, it goes to permanent ban on my user-defined NoScript list.
Re: (Score:2)
>>>http://upup-downdown.com/comics/2011/05/04/invisible-boobies/
So what did you want me to see? Only thing that I noticed was the "Creative writing: scifi, mystery, horror degree" ad for full sail university. I don't know... that webpage kinda sucked.
Works in Firefox 4 as well (Score:5, Informative)
This also works in Firefox 4 last I checked; I'm not sure why the article just talks about Chrome and IE.
Re:Works in Firefox 4 as well (Score:5, Informative)
Boris is 100% correct. Mozilla shipped this feature in Firefox 4 and if you have the newest Flash version, it "just works."
This story's headline is misleading. It should be "IE, Firefox, and Chrome..." because IE shipped it first, Firefox shipped it second, and Chrome just now got around to shipping it.
Re: (Score:2)
Yeah, the headline writing is just broken.
Opera Turbo (Score:1)
Opera is great for dialup or cellphone users, allowing image blocking. The built-in turbo feature also disables flash by default, in order to speed-up the webpage download (unless you click on the little "movie" icon to load the video/ad/whatever). Not sure how you would delete the Flash cookies though.
Only one way to be sure... (Score:5, Funny)
In linux just link ~/.macromedia to /dev/null
It turns out /dev/null is something of a cookie monster.
Flash cookie scourge (Score:3)
because its bad to have all those yourporn and redtube flash cookies on your work computer.
Why not Safari as well as Chrome? (Score:2)
It's the same base engine, isn't it? What about the non-google Chromium? Will it work with Adobe to erase cookies?
Re: (Score:2)
It's the same base engine, isn't it? What about the non-google Chromium? Will it work with Adobe to erase cookies?
This isn't a "base engine" issue -- it's a browser UI issue. Each browser needs to offer an API hook to plugins that allow them to say, "hey, call this function when the user has requested their browsing history be deleted!" So, the way you phrased your last question is backwards -- Adobe must work with browser capabilities, not the other way around.
In the case of IE8 and later, this is a one-function COM interface [microsoft.com] that gets passed a single flags parameter indicating what types of objects should be delete
Re: (Score:2)
I haven't been able to find an equivalent in Firefox 4's NPAPI documentation, but it may exist. If it doesn't now, it will soon -- it's a really obvious feature to have.
https://wiki.mozilla.org/NPAPI:ClearSiteData [mozilla.org]
https://bugzilla.mozilla.org/show_bug.cgi?id=508167 [mozilla.org]
Looks like it was added in February.
https://bugzilla.mozilla.org/show_bug.cgi?id=625496 [mozilla.org]
And "Clear recent history" will remove the cookies once flash 10.3 is released.
Firefox already allows you to delete Flash cookies (Score:2)
Re: (Score:2)
Right click any Flash object and click "Global Settings". On the following webpage click on the link to the Global Settings Panel.
Yep, this page was there for some time, but only with Flash 10.1 did they add a entry to the pop-up menu that links to it.
Flash 10.3 beta helps too (Score:4, Informative)
Cheers,
Ian
Re: (Score:1)
Paranoia and privacy concern are two different things.
Paranoia is when you think there's alien implants in your body and whatnot.
Privacy is more like a basic human right to have freedom-of-choice, without
thinking about what other knows about you.
(FlashCookies are a small part of this, but they can be combined with browser-
fingerprinting to allow near-complete tracking. Such tracking can be grown
and later combined with offline activities, and before we know it, 1984)
By that time we *wish* we could trade that
ability to delete Flash cookies (Score:4, Informative)
Under Linux delete the ~/.macromedia directory ...
Re: (Score:2)
Exactly ... I keep this directory "list only" at all times. Sometimes sites don't work without being able to write there ... most of the time I don't care enough about the video to change rights, but I will if I'm watching The Daily Show or something.
When I'm done, I clear the directory and re-lock it. I did the same for the ".adobe" directory, not sure if it's necessary
Re: (Score:2)
The point is, all these methods work, but they're all a royal pain in the ass. I don't want to go drop to a Linux command shell to get rid of cookies; that's why every browser has UI to do that for me. If a browser manufacturer knows there is crap cached on my machine related to my Internet browsing history, then when I ask it to delete all the Internet browsing history, it should delete it. Note that Windows doesn't have a "format my hard drive, but leave the porn alone" button (although this might be usef
Re:ability to delete Flash cookies (Score:5, Informative)
Re: (Score:2)
More conveniently, delete %APPDATA%\macromedia\. It's a bit longer than ~, but %APPDATA% or %USERPROFILE% are handy variables to know about. You can enter them into Explorer just file, also.
Cheating at Flash games (Score:2)
So much for One Chance [arstechnica.com].
Damn (Score:3)
Widespread use of this will make marketers focus on new tracking techniques. As it is they rely on cookies that are easily eradicated with simple tools, but are usually left alone by users. They don't have to remain that easy to thwart. They won't if all their analysis goes to hell 24h after 10.3 is released and auto-installed everywhere.
How to delete Flash Cookies (Score:3)
Firefox (Score:1)
One of the reasons I have stuck with firefox is the better privacy extension that deletes all the flash cookies every time I close the browser. It does not hurt that Chrome sucks at playing games like Runescape, trying to force text to the address/search bar instead of the in game type.
To zap my history on a Mac I use Automator... (Score:3)
... to the thrash.
Did I miss anything?
Resolve the problem at the source (Score:3)
what bugs me about flash cookies (Score:1)
is that you have to go to an Adobe URL to delete them. So, Adobe knows about all the pron flash cookies, etc, you're deleting from your computer. Why do they need to know this?