Next Flash Version Will Support Private Browsing

An anonymous reader writes "The world rolled its eyes when the problem of Flash cookies came to light several months ago. Even if you're careful about cookies or even if you use your browser's private surfing feature, sites can still track you through cookies stored by Flash. However, soon enough the next version of Flash, 10.1, will support private browsing and will integrate with browsers to turn it on when the browser itself is in private browsing mode. Browsers still store data during a private browser session, but they will delete it all at the end of the session. The same will be true of Flash private browsing."

Remind me why

[Anonymous Coward]

Remind me why Flash needs to be stateful, again?

Re:Remind me why

[fuzzyfuzzyfungus]

Because Advertisers are the customers that matter, and they love having something that survives a naive "clear cookies" attempt by the pitiful consumer?

Re:

[davester666]

> Because Advertisers are the customers, and they....

Fixed that for you. People with the flash player aren't customers of Adobe's, because they aren't paying Adobe anything.

Just like, up until very recently, cell phones were designed for the needs of the manufacturers customers, namely wireless carriers, and as such, were designed [and/or redesigned] to meet the desires of the wireless carriers. If actual end-users liked the design and/or specific features, those features had to be removed :-)

Re:

[digitalunity]

Your example of cell phones is apt in this case. Innovation in the cell phone industry has been limited to what carriers will allow. I hope Google starts a trend to buck the subsidized phone business.

Cell phones have been capable of so much more for a long time, but in this case the true customers are the carriers - not the end users.

Flash is in an almost identical situation. Allowing even savvy end users to manage their privacy would hamper advertisers efforts to track us. Flash is a dominant force because

Re:Remind me why

[broken_chaos]

Online games are a major user (as opposed to abuser) of storing data with Flash. There are some that actually are complex and long enough (and fun, too!) to warrant a save function. It can also be mildly-to-moderately helpful for some other Flash 'applications', like a video/audio player storing settings like volume levels.

Re:

[Wingman 5]

I can give one good legitimate example, flash games. It allows you to save your game and allow a more complex game that that could need more than one sitting to beat.

Re:

[Anonymous Coward]

Sorry for comment hijacking.

Adobe provides Flash Settings Manager [macromedia.com] to allay your privacy concerns. Of course, it is not very user-friendly for average Joe but average Joe probably can't be bothered about privacy anyway. And there is "Delete All" button as well, for paranoids.

Re:

[NicknamesAreStupid]

Maintaining state has been the holy grail and tar baby of AI and advertising. You can't think about much without it, and you can't respond well with much of it. Advertisers need just enough of 'state' to justify their existence, e.g., "Our reader, John, saw our ad and bought your product!" But if they get too much, they can find their revenue source compromised, e.g., "80 million other viewers did not."

Re:

[chromas]

Using a browser cookie, generate the page calling the Flash applet and pass an identifier as a parameter.

Re:

[sopssa]

That really adds unnecessary complexity. There are tons of those flash games sites and they would all need to generate same kind of database scheme or make a standard on how you pass the data between the site and flash applet.

Instead more controls about it is the way to go. Personally I would also like an option to globally disallow all cookies, but let it ask me if I want to save data.

I noticed earlier today that theres beta of 10.1 out [adobe.com] and interestingly it also supports hardware accelerated video with NVi

Re:

[chromas]

Actually, that was just a hack I thought up that doesn't require change on the part of Adobe. As others have pointed out, Flash should behave differently when working as a plug-in. Perhaps the Persistant Objects could just be an abstraction for browser cookies or at least use the cache directory while being plugged.

Re:

[DragonWriter]

You talk like if it's the game developer fault that browsers treat Flash cookies differently.

Who chose to use Flash, again?

Re:

[DragonWriter]

There are a number of flash based games which use the flash cookies to save info you might want around so you don't have to start from scratch each time.

If its a flash-based game on an account-based site, you could just save the state to a resource on the server linked to the user account and restore it from that the next time the user opened the game.

This also doesn't rely on the user using the same browser to continue the game.

Re:

[Rejemy]

Flash cookies are shared by all browsers.

Re:

[DragonWriter]

Flash cookies are shared by all browsers.

On the same computer, sure; I was somewhat imprecise in my language. When I referred to a different browser, I really meant a browser on a different computer. Transparency to the use of which is, I would think, one of the main reasons to want to use an internet-based application (game or otherwise) rather than something locally-installed.

Re:Remind me why

[Cryacin]

When spoken in the context of Flash, then yes, it makes perfect sense to not have those pesky 'shared objects' aka cookies on your machine.

However, with the advent of Flex (now Flashbuilder to confuse and confound more), there are many applications out there that legitimately store information on the client.
There has been a large mention of games already, but to that mix, I would add business software. There are many RIA's out there that manage data and distribution using Flex, and hence, pull a large amount of information from servers. Yes, sure, you could reload the data every time that you navigate away from a particular flash harness page, or you could store data within the shared object and not need to spend the vendor's bandwidth, nor stuff the client's pipe with information that was just sent a few minutes ago.

With the introduction of P2P channels in Flex 4, this opens up a whole range of possibilities to send data to a cluster of peers on a destination network, rather than clogging up outgoing pipes with information. There are a range of business cases for this technology.

That said, however, there is a need to curb the wild west attitude to data storage. There should be an option to default allow/deny/question whether Shared Objects should be allowed. Currently it is auto accept up to 100kb which falls outside of many legitimate applications anyway. Most importantly, there should be an option to always allow shared objects from a particular website.

We can't let the abuse of a technology proclude us from legitimate use when there are perfectly valid and reasonable strategies to manage and distinguish between positive and negative use cases.

Re:

[DragonWriter]

However, with the advent of Flex (now Flashbuilder to confuse and confound more), there are many applications out there that legitimately store information on the client.
There has been a large mention of games already, but to that mix, I would add business software. There are many RIA's out there that manage data and distribution using Flex, and hence, pull a large amount of information from servers. Yes, sure, you could reload the data every time that you navigate away from a particular flash harness page,

Re:

[abulafia]

Doesn't HTTP define a whole slew of metadata headers and specified caching behavior to specifically address this kind of thing? Why build "rich" web apps that don't leverage HTTP features that specifically address the need you are dealing with?

HTTP page caching doesn't have semantics for things not of 'document' granularity. Think database records. People want to use these things as front ends to corporate directories and whatnot, be able to futz around with them on a plane, and have them sync when they're back in touch with the mothership. HTTP doesn't try to provide anything at all close to record level caching.

Re:

[rsborg]

HTML5 has client-side storage [webreference.com]. Yet another reason why Adobe wants HTML5 to be delayed or blocked altogether [appleinsider.com].

Re:

[DragonWriter]

HTTP page caching doesn't have semantics for things not of 'document' granularity.

First off, that's not true: HTTP/1.1 supports both partial GET requests (using the Range header) and caching partial GET requests, so it does have semantics for things not of "document" granularity, including caching them.

Second off, even if it was true, its not meaningful, since HTTP doesn't restrict what can be a "document" (or, in HTTP terms, a resource.) So even if it did only support caching "full" rather than partial GE

Re:

[abulafia]

First off, that's not true: HTTP/1.1 supports both partial GET requests (using the Range header) and caching partial GET requests, so it does have semantics for things not of "document" granularity, including caching them.

Well, yes, and if you want to do byte-range seeking over structured data in Javascript, be my guest. Some of us use DBMSes for a reason.

HTTP provides exactly record level caching, if your record is accessible by a GET request to a specific URL, or as a specified byte range of a specific URL.

Sigh. Let me know when you have that on/offline groupware system built on top of your browser cache done, 'kay?. In the mean time, I think most sane folks are looking forward to using client side storage.

The point being, of course, that yes, you could do that, much like you could also cook your dinner on a car engine. That doesn't mean that your car has "stove semantics".

Re:

[DragonWriter]

Well, yes, and if you want to do byte-range seeking over structured data in Javascript, be my guest. Some of us use DBMSes for a reason.

But, since (as I stated in the next paragraph), HTTP doesn't impose any limit on what a resource is, there is no reason a single database record can't be a full resource so that you would never need to use or cache range queries to do record-level cacheing.

In fact, quite a lot of web applications use a model where a collection located at http://www.example.com/foos [example.com] has indi

Re:

[abulafia]

But, since (as I stated in the next paragraph), HTTP doesn't impose any limit on what a resource is

You're still abusing a page cache as a record cache. I'm quite aware of the advantages (and disadvantages) of RESTful models. There are reasons why DBMSes do things they way they do, and browser caches do the things that they do, and why wire protocols for web browsing and databses interactions are different. As I said, I don't care how you wish to use or misuse the facilities; have fun!

I never claimed that was doable.

Oh, but it is! Just use your lovely record cache, and store your offline changes in cookies. Then when the client goes bac

Re:

[DragonWriter]

You're still abusing a page cache as a record cache.

Its not a "page cache". Its a resource cache. There is nothing in the definition or semantics of HTTP that demands, or even favors, a particular kind of resource.

I never claimed that was doable.

Oh, but it is!

Um, First you attacked a strawman position that I never made, and now you are defending the same strawman. At this point, I think you are now truly arguing with yourself.

Re:

[abulafia]

Look up the word "sarcasm" - it might come in handy some day. You can find it in the dictionary, between "muppet" and "twit".

Re:

[Rossman]

"There should be an option to default allow/deny/question whether Shared Objects should be allowed."

There is: http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager03.html [macromedia.com]

You can also whitelist and blacklist sites in that same Flash Global Settings Manager :)

Re:

[gmack]

Funny.. I just went through there and I don't see any whitelist or blacklist entries. I do see one for trusting files at certain locations but that has nothing to do with what sites can store info on the computer.

In addition, disabling "allow third party sites to access information on your computer" Does not actually prevent flash for creating files on my drive for each flash site I visit. It only prevents the few useful sites where I had saved settings from doing so.

Re:

[gmack]

On here that only seems to change the camera and microphone settings. No reference at all to file storage.

Anyhow that page has always been on "always ask" and I still get cookies.

Horay!

[Wingman 5]

Now I can plan that birthday party without anyone knowing.

Crontab to Delete Flash Cookies

[baez]

So I've been using this line in my crontab for a long time now without any problems (well no more problems than I usually experience with Flash under Linux):

* * * * * rm -fr /home/me/.macromedia

I think this solves the problem, but maybe I'm mistaken...?

Re:

[Anonymous Coward]

sudo chown 0:0 .macromedia
sudo chmod 0000 .macromedia

use 'shred' not 'rm'. or encrypt your hard drive.

[ericbg05]

So I've been using this line in my crontab for a long time now without any problems (well no more problems than I usually experience with Flash under Linux):

* * * * * rm -fr /home/me/.macromedia

I think this solves the problem, but maybe I'm mistaken...?

That depends on your threat model. Your cron job might keep your kid brother from discovering your cookies. If you *really* don't want people to know what flash is caching, I'd s/rm -rf/shred -uf/ there for starters. Then I'd think about putting my whole OS on an encrypted partition (trivial these days with Fedora, not sure about other distribs).

Of course, you still have problem with sniffing and all manner of malware, all of which could defeat your goal of preventing people from knowing what kind of f

Re:

[solevita]

I hung out with Bruce Schneier for a 1-hour talk once. If you want to scale up your paranoia further, you can do what he does: never let your computer touch a network or another person's hands. He has no wireless card, never plugs an ethernet cord into the slot, and never gives his compy to anyone else. Very difficult to sniff traffic that doesn't exist (but not [zdnet.com] impossible).

That must make keeping his blog updated tricky though...

Re:

[caluml]

He has no wireless card, never plugs an ethernet cord into the slot, and never gives his compy to anyone else.

Meh. I hacked his computer twice. Once over Bluetooth, and then again over Infrared. All I found were secret plans of his to dominate the world - nothing unusual.

Re:

[caluml]

never let your computer touch a network or another person's hands. He has no wireless card, never plugs an ethernet cord into the slot, and never gives his compy to anyone else.

I wonder what it must be like to be as paranoid as him?
And seriously - at what point does a computer lose its usefulness - for me, it's pretty much when it has no network connectivity. I'm at a loss when I'm on a machine with no connectivity. It's like it isn't much use for anything.

Re:

[mister_playboy]

You are correct... I didn't know about that directory. Thanks.

That's simply not an adequate response

[Anonymous Coward]

Sorry Adobe, but it's time for HTML5.

Re:That's simply not an adequate response

[Rejemy]

By which you mean "it's time for HTML5 in 3 years when IE9 penetration is high enough, assuming IE9 supports HTML5 when and if it comes out".

Re:

[Hurricane78]

Depends. Will there still be people who don’t have the balls to stand up to their customers and say: Get a real browser, or fuck off!

Interestingly you can exactly see how this would work, if those people had balls, by looking at flash support on websites: If you surf with an old Flash plugin, you will often simply get a “please update your Flash plugin“. Even on the biggest sites?

And? Does it drive away anyone? No. Not significantly. Everybody just updates Flash and is done with it.

The sam

Re:

[kiddygrinder]

it may be faster but the last time i used it oprah web browser gave me cancer. ymmv.

HTML5 is not an adequate response

[Dr.Syshalt]

Does HTML5 provides for the same level of rich client platform development as Flash/Flex? With numerous widgets just like in Motif/MFC, just easier to use? (MXML just shines in GUI development, far beyond of what Motif/MFC/AWT/Swing offer).

Does HTML5 allows you to play video with some advertisement in a running text over it?

Does HTML5 protects your video site from hotlinking? I.E. can you make sure that nobody can embed your videos into their pages and make sales while you pay for the bandwidth?

Sorry, HTML5 'video', 'audio' tags and other dings and wistles... you have your place (probably on YouTube), but you ain't gonna replace Flash anytime soon. Especially not on commercial sites (like pr0n tubes), not for RCP development either. World needs a full-blown rich client platform for the browsers and so far Adobe has been the only one who were able to provide a cross-platform, browser-independent solution. And they did it quite well, despite of some quirks. Sun with JavaFX has failed... would you like MS to take over with their Windows-only Silverlight technology?

Re:HTML5 is not an adequate response

[Anonymous Coward]

Does HTML5 provides for the same level of rich client platform development as Flash/Flex? With numerous widgets just like in Motif/MFC, just easier to use? (MXML just shines in GUI development, far beyond of what Motif/MFC/AWT/Swing offer).

Sure. HTML combined with CSS and Javascript / AJAX will do 80-90% of what Flash is used for.

Does HTML5 allows you to play video with some advertisement in a running text over it?

Sure. Just use a CSS layer.

Does HTML5 protects your video site from hotlinking? I.E. can you make sure that nobody can embed your videos into their pages and make sales while you pay for the bandwidth?

This is a HTTP issue and server side security issue. It is trivial to grep a Flash file for the raw SWF download location most times.

Sorry, HTML5 'video', 'audio' tags and other dings and wistles... you have your place (probably on YouTube), but you ain't gonna replace Flash anytime soon. Especially not on commercial sites (like pr0n tubes), not for RCP development either. World needs a full-blown rich client platform for the browsers and so far Adobe has been the only one who were able to provide a cross-platform, browser-independent solution. And they did it quite well, despite of some quirks. Sun with JavaFX has failed... would you like MS to take over with their Windows-only Silverlight technology?

Hardcore Flash games I can see and some super heavy duty flash "applications", but so often this can be done in HTML with CSS / AJAX. The designers are normally just clueless and have no wish to learn code or how stuff works after taking their 1-week Adobe course and getting accreditation as a "web developer".

Re:HTML5 is not an adequate response

[naz404]

Does HTML5 allows you to play video with some advertisement in a running text over it?
Sure. Just use a CSS layer.

Not if you're embedding 3rd-party videos on stuff like blogs, forums, etc the way people embed Youtube et al right now. Flash is great because it gives you a little widget that shows you a whole lot of options like contextual links, etc when embedded in 3rd party websites, giving the viewer the ability to check out related videos,etc.

Hardcore Flash games I can see and some super heavy duty flash "applications", but so often this can be done in HTML with CSS/AJAX.

You obviously are not a game developer and are talking out of your ass. "Easy to port HARCORE Flash Games often to CSS" my ass. CSS/AJAX has no equivalent for the timeline-based animation which makes putting animated stuff in Flash games so easy. Also, Flash has an excellent multi-channel sound API, something which is very rudimentary on HTML/Javascript. Sound is an important part of many games these days for the user experience, and Flash gives developers and the user good access to this.

Also, doing stuff in Javascript/CSS bloats the hell out of downloads since the interpreted Javascript code is in plaintext, unlike Flash which compresses it down to bytecode. Moreover, games built on the Flash platform can be made in a single SWF package which you can redistribute and embed to a whole bunch of different sites, unlike a DHTML-based game. Sure, you can build arcade games with Javascript/CSS, but they will not match the richness and features of Flash games.

Other stuff HTML5 doesn't have: support for microphone, webcam, multi-touch, accurate percentage loaded (down to single bytes) of assets (for preloaders which are important to the user so they can see accurate download progress and see when they can start using the apps), or client peer-to-peer support. Flash does. Let's see you try running relatively complex animated true-3D polygon models with texture mapping *at decent framerates* in DHTML too.

Yeah? That's what I thought. Flash is NOT YET dead.

Re:

[shmlco]

"...will not match the richness and features of Flash games."

All of which assumes that we want them in the first place.

Re:

[dreamchaser]

"All of which assumes that we want them in the first place."

Apparently a lot of people do, given the growing popularity of fairly advanced flash based games.

Re:

[JasterBobaMereel]

Flash will soon be dead for video (good)

Flash will then be used only for annoying adverts, annoying websites who can't code and games .... ...there are better games platforms ....

Re:

[ianezz]

Also, doing stuff in Javascript/CSS bloats the hell out of downloads since the interpreted Javascript code is in plaintext, unlike Flash which compresses it down to bytecode.

For this specific point, I believe you can simply gzip your javascript/CSS: web browsers have been supporting HTTP's content-transfer-encoding: gzip for ages. This, of course, doesn't imply that, given a task to perform, an implementation using JavaScript+CSS would be smaller than an implementation using Actionscript (and Flash files co

Video "stealing": watch your tcp/http flows

[jonaskoelker]

Does HTML5 protects your video site from hotlinking? I.E. can you make sure that nobody can embed your videos into their pages and make sales while you pay for the bandwidth?

This is a HTTP issue and server side security issue. It is trivial to grep a Flash file for the raw SWF download location most times.

Or you can monitor the HTTP traffic you send to see which URL you're requesting. Or run the Flash in a rigged virtual machine which captures this information.

Whatever server-side test is done to see whether a request comes from someone visiting the server itself or a third party can be fooled; the third party just sends the data that'll make the server say "You're visiting me".

It's an unsolvable problem; any solution is at odds with how the internet works.

Re:

[ytpete]

I'm sorry, but whenever I read comments like this I have to ask – how much AJAX web development have you really done? It's easy to build a couple pop-up menus and accordion controls and then decide that DHTML + CSS is all-powerful. But, frankly, it's not even close yet.

I spent years doing bleeding-edge AJAX development, and DHTML is by far the shabbiest development "platform" I have ever used. Frameworks like Dojo help, some. HTML5 will help, some. But it's all wallpaper overtop one core flaw: HT

Re:

[mini me]

Its programming language is embarrassing.

Objective-J [cappuccino.org] is actually quite nice to work with. Which brings me to my next point which is that frameworks like Cappuccino completely abstract the underlying HTML. At that point your code can just as easily run on top of a generic container that is tuned specifically for applications.

I feel we are on the cusp of actually seeing the write once, run anywhere dream of Java come to fruition. Going back to Cappuccino for a minute: With a little planning, one codebase can

Re:

[Hurricane78]

Sure. HTML combined with CSS and Javascript / AJAX will do 80-90% of what Flash is used for.

No. XHTML5+CSS3+JS2+AJAX+DOM3+SVG+Video/Audio will not only do 100% of what Flash does. It will do more. Like being able to seamlessly embed everything that Flash does with the rest of the page.
And there is no reason why JavaScript can’t be as fast or faster than ActionScript. After all it’s pretty much the same language.

Here are some examples: http://people.mozilla.com/~prouget/demos/ [mozilla.com] (Try the movement tracker.)

Re:

[h4rr4r]

Not everything should be done in the webbrowser.

Get off my lawn!

Re:

[jo42]

Do not want - have no need - for any of that crap. Want Flash to dry up and blow away like old dog shit.

Cross Platform ?!?

[DrYak]

World needs a full-blown rich client platform for the browsers and so far Adobe has been the only one who were able to provide a cross-platform, browser-independent solution.

Sorry what do you mean by "Cross-Platform and Browser-Independent" solution ?
The damn thing only runs mostly correctly on Windows and Mac OS X, and is half broken on Linux. And that's only 32bits support - the 64bits support is currently catastrophic.
In the 90s, when Windows and Mac OS were the only platforms, your sentence would have had made sense.
In 2010, where smartphones are pervasive, when every single gadget seems to be internet-enabled, Flash is a big problem because it only runs on a fraction of what a modern user may find.
The iPhone has no official Adobe Flash support, for exemple.

Either Flash should die and get replaced by modern standards such as HTML5/CSS/Javascript/etc. (that's my preferred solution)
Or, Adobe should open their Flash and release some freely accessible specifications (and grant free use for any submarine patents) so people like the Gnash dev team could provide 100% compatible support for any platform under the sun.

But the current situation is far from the cross-platform heaven we need.

Re:

[westlake]

Sorry Adobe, but it's time for HTML5.

Whn will there be a final HTML 5 standard to support?

Re: HTML5 ready

[naz404]

When will there be a final HTML 5 standard to support?

Seriously? In 2022. Read it and weep. http://www.webmonkey.com/blog/HTML_5_Won_t_Be_Ready_Until_2022DOT_Yes__2022DOT [webmonkey.com]

Meanwhile, you should see wider adoption of it by 2012, which is when the world ends [wikipedia.org].

Cheers! :D

Re:

[fermion]

Hopefully competition will push Flash to become less user hostile. Control of flash cookies is a step forward, but not enough. First, browsing is almost impossible when flash cookies are set to "ask". I think they might be doing this on purpose.

What we make me want less opposed to flash is if the site included an option to not autoplay flash content. True, we can use flashblock, but if flash is truly a tool for the user, and not just a way to deliver advertising, this little tweak should not be such a h

Firefox extensions

[pydev]

Get FlashBlock [mozilla.org] or NoScript [mozilla.org] to turn off flash altogether.

Get BetterPrivacy [mozilla.org] to automatically delete Flash cookies on exit; it seems to work well.

On OS X...

[Anonymous Coward]

On OS X just delete all the downloaded content & local shared objects, then lock the folders:

~/Library/Caches/Adobe/Flash\ Player/AssetCache
~/Library/Preferences/Macromedia/Flash\ Player

Flash thinks it can save local shared objects, so things like Pandora work (if you're in to that -- I'm not), but nothing is actually saved.

Using the "locked" flag on the folders is better than using restrictive permissions since apps and installers often require you temporarily grant them admin privileges to reinstall

Re:

[mrmeval]

Is this like the immutable bit?

I'm to the point of spawning a bunch of ram drives when I start firefox which are destroyed when I close it.

Can also use this Flash program.

[antdude]

http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager06.html [macromedia.com] to control your Flash player settings.

Re:

[Hurricane78]

Even better: Get netcat [sourceforge.net] to turn off images, CSS, HTML, and graphical renderers entirely. ;)

Re:

[pydev]

Like porridge, privacy has to be just right: neither too much nor too little of it is good.

Better Privacy extension

[harmonise]

This feature is here now for Firefox users with the Better Privacy [mozilla.org] extension.

Burn All Flashes

[Renderer of Evil]

Remember this site? http://burnallgifs.org [burnallgifs.org]

We need a similar campaign for Adobe Flash. It's dinosaur technology built for the internet stone age. Time to get rid of it for good.

Re:

[BoppreH]

I'm not sure about you, but I prefer playing Flash games instead of downloading suspicious .exe files.

If you don't play Flash games, it's not a good reason to forbid everyone else to do so.

Re:

[larry bagina]

A buddy of mine got a virus from a single white female. He has all kinds of exploits, though ... drinking, fucking, disorderly conduct, etc.

Re:

[binarybum]

that's why Mac fans prefer fat chicks, yeah you pay more when you go out on dates and they're not as good in bed, but you don't have to worry about viruses.

Re:

[josath]

It's actually fixed now. And in those two years, there are no known exploits, so it's maybe not as a big of a deal as if it were an actual exploitable hole.

Re:

[Fex303]

Ah yes... because that campaign was completely successful.

I can barely remember the last time I came across a site that uses GIF images...

Re:

[blitzkrieg3]

burnallmpegs.org makes more sense, since it's technologies like h.264 that are preventing widespread use of the tag.

Re:

[Hurricane78]

Extremism — “The choice of the wise man.”(TM) ;)

Apostophe usage problem

[sych]

"The world rolled its eyes when the problem of Flash cookies came to light several months ago.[...]"

There, fixed that for you.

Re:

[noidentity]

I think the original was just missing quotes. I read it as

The world rolled, "It's eyes!" when the problem of Flash cookies came to light several months ago.

where they were using the 19th definition of rolled: 19. To make a sustained, trilling sound, as certain birds do. In other words, it was another way of saying they Tweeted it. Clearly they were referring to the fact that these cookies flashed a bright light, and were answering the question of the thing they affect. Their answer was "it is eyes!". Simpl

Surf with VM and revert to snapshot

[OnTheEdge]

Surf using a virtual machine and revert to a stored snapshot upon close. Problem solved.

Re:

[AusIV]

It seems a tad excessive to have all the overhead of an operating system for private browsing.

A technique I've used before was to use UnionFS with a ramdisk over my .mozilla folder. All changes during the session would be written to RAM, and once I no longer needed the session I'd destroy the RAM disk.

And after that..

[Peter Cooper]

After that feature, could they make Flash respect the "Block Pop Up Windows" features in Safari and Firefox? I expect NO popups when I have this set.. yet Flash seems to be able to open them still!

Overreacting?

[BoppreH]

The website knows that I'm the same person as before. So what?

Can someone explain me how can this be used against me if the cookies are stored in my personal computer?

Re:

[Anonymous Coward]

The reason is that third party ad sites use Flash ads.

You visit site A which is about midget pr0n, third party site drops a cookie there.
You reset your IP address.
You visit site B which is about beer bongs, same third party sees the cookie it dropped when you were at site A, stores that info combined with your IP in a database.
You visit site C which is about fart lighting, same third party fetches the LSO and knows that you have been to the above two sites even though you had "pr0n mode" active on your brow

Re:

[base3]

Yeah, but the advertising networks that advertise on the midget pr0n site, the beer bong site, the church site, etc. are all pushing Flash ads from the same domain and know what sites their ads were served from, so his hypothesis isn't all that flawed.

Re:

[ArsenneLupin]

The problem of tracking a user is when he/she enters personal info and it gets indexed. You don't do that with ads, do you?

No, but some forms might still use the GET method instead of POST. In that case, your form submission becomes part of the URL, and is visible to any ad included in the landing page via the Referer header.

Plus any other number of possible subtle leaks.

Yeah, nice design

[dangitman]

However, soon enough the next version of Flash, 10.1, will support private browsing and will integrate with browsers to turn it on when the browser itself is in private browsing mode.

That's such an elegant and simple design, that isn't problematic at all! I mean, who cares about essentially having a browser within your browser, as long as your browser can communicate stuff to the other browser, at the whim of each browser developer?

Re:

[ceoyoyo]

It's kind of like the idea of having an OS within the OS. Now the sub-OS gets to run a browser.

Re:

[dangitman]

It's kind of like the idea of having an OS within the OS. Now the sub-OS gets to run a browser.

That's so comforting.

Re:

[ceoyoyo]

There's always a silver lining. While the rest of the world is running Flash within their web apps within their browsers under their OSes, Intel and AMD will be making faster chips so those of us who prefer a few less layers can have cool toys.

It's all happening again!

[dangitman]

I wonder if there might be a slashdot thread for this slashdot thread?

Several months ago?

[NotBorg]

... when the problem of Flash cookies came to light several months ago.

several: of an indefinite number more than 2 or 3 but not many.

Most of us knew about this many months ago. If you only found out several months ago you are behind the curve.

It would be nice if Adobe was responding to an issue that was discovered several months ago but this has been around and known for quite some time. Make no mistake about it Adobe isn't being quick to respond to the issue.

Re:

[XorNand]

I personally implemented a Flash tracking cookie for an e-commerce site I developed back in 2002. The only thing it did was store a GUID. I was using it to track user metrics and remember shopping cart contents. I did it because back then cookie paranoia was much more widespread and people more routinely blocked them. These days, most web users don't seem to care. Perhaps because so many sites nowadays require cookies for basic functionality.

FlashBlock

[shovas]

Someone mentioned it in passing but I'll say it directly: FlackBlock [mozilla.org]

I'm not one to turn off the web with NoScript or not contribute to sites I'm visiting by using AdBlock. FlashBlock is a great compromise. Normal ads, no stupid flash instability. Click on the flash when actually want it to run for where it's actually needed. You'll be surprised how well it works.

Re:

[cerberusss]

FlashBlock is a great compromise. [...] You'll be surprised how well it works.

What I was surprised about, is after installation: the number of times that the little Flash icon appears. I was like "huh? This page didn't have Flash content before, right?". So I clicked the Flash icon to see what was actually happening and -- nothing happened. Apparently, a number of sites use Flash just as a very tiny, uneraseable way to track users. Regardless of Private Browsing. Mind you, it wasn't a porn site, just a huge eBay-like site in a particular North-West European country.

Sounds great

[Locke2005]

When will Flash 10.1 be available for my Android G1 phone? How 'bout my Wii? How 'bout any device that isn't X86 based? Yes, Adobe's reluctance to support any platform other than a PC is the main reason why I think Flash should die a horrible (but quick) death and everybody should switch to HTML5 instead. Heck, I think even Silverlight is better supported by mobile devices than the latest version of Flash.

Re:

[ducomputergeek]

I'm sorry, but I've always found the lack of flash support on my iPhone to be feature, not a bug....

Re:

[cbhacking]

Windows Mobile (mostly ARM) and Nokia N800/810/900 (ARM) devices have had Flash for a while. It's typically a version behind the desktop release, but it's the full player,a nd any applet that ran in that version of the player will run on the mobile device.

If it's important to you that your device can play Flash, you have three options: complain to Adobe directly, complain to the device/OS developer, or use a device/OS which already supports it (and has for years). It's obviously not a major technical proble

Re:

[naz404]

When will Flash 10.1 be available for my Android G1 phone?

AIR and Flash Player coming for Android and Mobile Devices [digitalbackcountry.com]. Adobe has been showing demo videos of Flash running on Android phones since last year. This week at the Mobile World Congress in Barcelona, they showed Flash 10.1 and AIR 2.0 running on a whole number of devices. It's running on the Motorola Droid [youtube.com], Google Nexus One [youtube.com] and other new Android phones like the HTC Desire & Legend [yahoo.com].

They've also got it running for Blackberry [webkitchen.be] and Palm Pre [adobe.com]. Symbian has been running Flash Lite for some time now, so you'

In Windows XP

[thethibs]

In the meantime, this will lose them

del /S /Q "C:\Documents and Settings\marc\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\*.*"
rd /S /Q "C:\Documents and Settings\marc\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\"

Re:

[selven]

On Linux, it seems like you need to remove from two places.

rm -r ~/.macromedia/Flash_Player/macromedia.com/support/flashplayer/sys/*
rm -r ~/.macromedia/Flash_Player/#SharedObjects/XDNY2S32/*

Although I might be wrong, anyone more knowledgeable want to confirm/deny/add?

Re:

[cbhacking]

Pretty sure you can shorten that path a lot using the APPDATA environment variable, as in
  "%APPDATA%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\*"
or something like that. At least use "%USERPROFILE%\Application Data\..."

This is the same Flash

[joeflies]

that everyone's up in a tizzy just because the iPad doesn't support it? Mention iPad, and someone will say "but it doesn't support flash", and for platforms that do support flash, people say they don't want to run it.

the next version of flash is html5

[binarybum]

the next version of flash will be obsolete, dead on arrival. it will be mourned by few.

Re:

[BoppreH]

It's a different issue, but localhost is considered a domain, thus making all local Flash files share cookies.