FTC Is In Talks With Adobe About the 'Flash Problem' 179
jamie links to news that the FTC is talking with Adobe about persistent Flash cookies. "Flash isn't actually necessary to watch YouTube videos, but the rest of this article is interesting."
What if the local storage is made zero? (Score:5, Interesting)
Re:What if the local storage is made zero? (Score:5, Interesting)
I have read that rm -rf ~/.adobe; mkdir ~/.adobe; chmod 000 ~/.adobe does the trick. Can anybody confirm?
Re:What if the local storage is made zero? (Score:5, Funny)
No. None of us really uses Linux. We just say that to look cool.
Re: (Score:2, Interesting)
I actually use Linux, what scares me is that the ONLY closed source piece of software on my computer is flash.
I think Adobe knows, or hopes, that they will one day be providing massive amounts of video content from actual television channels and Cable Company's and the only way to build some kind of content protection system, DRM, or paid service model would be to keep Flash closed.
Re: (Score:2)
http://www.youtube.com/watch?v=hkDD03yeLnU [youtube.com]
Re: (Score:2)
Re:What if the local storage is made zero? (Score:4, Funny)
Just this morning I was using chmad to change some files. Then I was like, "I need to kat these files to my pipe."
Dude, you can't just talk the talk, you gotta type the type.
Re: (Score:2)
I use linux all of the time and even when I'm not.
I see you got the new cranial implant with embedded Linux too, eh?
Re: (Score:3)
It's not just an operating system... it's a way of life.
Yeah but the oath of celibacy is a deal breaker for me...
Re: (Score:2)
Don't worry, watching hentai doesn't count.
Re:What if the local storage is made zero? (Score:5, Interesting)
Probably would work... Well, I'd simply do "rm ~/.adobe/*; chmod 500 ~/.adobe/*", which would be shorter and keep read/access rights to said directory.
That said, if Flash expects to be able to write to that directory, it might crash when it tries to utilize it. So it really isn't a foolproof method.
As per this moment, under .adobe in my home directory exists the following structure: "~/.adobe/Flash_Player/AssetCache/VSUUJTSX/". The directory is probably randomly generated just like profile directories in Mozilla (harder to predict in case of a flaw in the plugin/browser). In there are just files with the extensions .swz and .heu and one file called "cacheSize.txt". None of these files seems to be human readable (well, okay cacheSize.txt makes somehow sense). Oddly enough, the oldest file is from 25th September 2010. As I use my browser daily and don't mind youtube or the odd flash game, this is strange indeed. I would nearly say that they stopped using it.
Re: (Score:2)
it doesn't crash. i did this in my work PC and it works like a charm. no flash crap on my $HOME after i made .adobe read only and owned by a diferent user.
Re: (Score:2)
mount -t tmpfs tmpfs /home/${user}/.adobe
Re: (Score:2)
Simply put into your crontab "rm -Rf ~/.adobe/*" to be executed once per minute.
Re: (Score:2)
I just use BetterPrivacy. It clears your flash cookies whenever Firefox launches or closes, and causes no issues.
Re: (Score:2)
Flash player also creates a ~/.macromedia directory...
Re: (Score:2)
I have read that rm -rf ~/.adobe; mkdir ~/.adobe; chmod 000 ~/.adobe does the trick. Can anybody confirm?
Looks reasonable. I did
rm -rf ~/.adobe;touch ~/.adobe;rm -rf ~/.macromedia;touch ~/.macromedia;
Re: (Score:2)
Re: (Score:2)
Volume control problems. One of my extensions deletes LSOs so I'm good.
Re:What if the local storage is made zero? (Score:4, Informative)
I actually did this and it does not work. Many sites are broken (hypem.com to name one of them). An alternative that works fine for me, is rm -rf ~/.adobe ~/.macromedia ; ln -s /tmp ~/.adobe ; ln -s /tmp ~/.macromedia. Since /tmp is cleared at every reboot, I get "session" cookies but never persistent ones. Yay.
Re: (Score:2)
Re: (Score:2)
You mean, you actually reboot ?
I reboot my laptop once a day or more because suspend still drains the battery.
Re: (Score:2)
Have you considered finding a laptop manufactured after 1984? Mine runs for more than a week in suspend mode.
Re: (Score:2)
Have you considered finding a laptop manufactured after 1984?
Dell Mini 10, manufactured in 2010, won't hold a charge in suspend for more than a couple days.
Re:What if the local storage is made zero? (Score:4, Informative)
That's not enough on Ubuntu: copies of the same "cookies" are kept also in two other directories:
where xxxxxx is a hashed string.
Re: (Score:2)
I just have a .macromedia/ directory, not .macromedia.whatever
Re: (Score:2)
I took a similar tactic. I run Linux (Fedora 14) and simply created a Startup entry that deleted my local Adobe Flash storage whenever I login to GNOME. Since I logout at the end of the day, this effectively clears out my Flash cache. Flash can keep what data it likes, but it can only keep it for a day.
In GNOME, click System - Preferences - Startup Applications. Then click Add to add a new entry. For the command, I just typed rm -rf /home/jhall/.adobe
Re:What if the local storage is made zero? (Score:4, Insightful)
Re:What if the local storage is made zero? (Score:5, Insightful)
Re: (Score:2)
Monopoly or customer service (Score:2)
If the site requires the ability to store flash evercookies as a cost of viewing the site, I'm OK with not being able to see their content.
Unless it is the web site of one of your suppliers (which holds a near-monopoly in the industry) or one of your clients.
Re: (Score:2)
I've had good luck letting them read and write /dev/null.
Re: (Score:2)
pIt probably still stores locally a flag that says you don't want it to store any data locally. Nuking it from orbit is probably the only way to be sure (it doesn't store data locally).
Re: (Score:2)
It's annoying because either some sites won't work ("never ask me again") or it'll pop up 300 times asking for more storage.
However, if you use Firefox, you can download the "BetterPrivacy" addon and just wipe them every time you start (or close?) the browser. No more tracking. (Whitelist, etc available)
Re:What if the local storage is made zero? (Score:5, Insightful)
Flash's behavior when disable cookies is really terrible, mostly due to developers that don't care about such a situation. However, this is pretty much the same with any given HTML/javascript web app. From my perspective simply blaming Flash isn't constructive.
The real problem is having multiple locations to store local data and no single place to clear it. I'd say the browsers and W3C should be the solution to this. They should really put their collective foot down and set a standard by which plugins are allowed to store data and integrate with the browser. This would go a long way towards solving a lot of the privacy concerns of Flash and HTML5. There would still be some tricks to identify a user (font list, user agent string, plugin versions, etc) but again the solution is the same.
Re: (Score:3)
We're already part of the way there: HTML 5 includes its own local storage scheme. If this was around (and widely supported) when Flash was first being developed, I'm sure they wouldn't have bothered to concoct their own local storage, because there'd be no need.
All we need to do is encourage Adobe and other plugin developers to use the new standard instead of making up their own custom schemes. Which shouldn't be that hard, since in the long run it makes the developers' jobs easier.
Re: (Score:3)
The problem is that the browser vendors are in bed with the advertisers. Google is the advertisers, Firefox is funded by Google who is the advertisers, Opera is trying to do things that make Facebook seem private, Safari on anything but Mac sucks, and Microsoft hasn't released a browser that didn't suck in 10 years.
The unfortunate reality of a world in which all sorts of things are free is that the end user is no longer the customer and therefor no longer right. If we still paid for web browsers I suppose w
Re: (Score:2)
HTML5 storage is particularly nasty because the data isn't (necessarily) stored in separate files, they're stored in a database, so different browsers will store them in different ways. And HTML5 storage is already being exploited by marketing companies. There needs to be a BetterPrivacy-style plugin for HTML5 storage, but the only Firefox plugin I've seen so far that touches HTML5 storage at all is Nevercookie, and it only does that to kill Evercookies.
Re: (Score:2)
Re: (Score:3)
Google is actually deprecating Gears and replacing it with HTML5.
Re: (Score:2)
Re: (Score:2)
Yes it is.
That's what variables are for. There's a huge difference between storing something per-session and permanently.
Easily: you store whatever data you need to into
Re: (Score:2)
RTFA ?? (Score:1)
what do you think? That I have time to read that fine article? Are you crazy? I like reading slashdot because of all those short summaries. And now, you didn't bother to even write a summary. So why do you bother to submit it?
Because you are glad, that adobe needs to provide a way to remove their stupid cookies?
Re:RTFA ?? (Score:5, Insightful)
Simple: this is slashdot and we hate flash and want to eliminate it. Except on the iPhone. We don't use the iPhone and don't know anybody that does, but it needs to support flash for some reason.
Re: (Score:2)
We don't use the iPhone and don't know anybody that does, but it needs to support flash for some reason.
My wife has an iPhone (which we frequently compare with my G1). She watches a fair number of videos on it, including youtube, and she hasn't expressed any problems with this. She has noticed the lack of flash ads in a lot of sites' pages, but she doesn't consider that a problem, either.
If she's any example of the typical Apple fanperson, Apple just might do well to continue to block flash. Maybe they should make this an option for Macs, too.
Re: (Score:3)
You realize you can uninstall it, right? You dont need Steve Jobs to do that for you, although I think he wants to. :)
Re: (Score:2)
Re: (Score:2)
Many Slashdotters use an iPhone, myself included.
Re: (Score:2)
Or, you know there are at least 561269 on shashdot and some of them hae different opinions.
Re: (Score:3)
Simple: this is slashdot and we hate flash and want to eliminate it
No no no... we hate flash because it sucks. We want flash to die to a better technology or for Adobe to get off their asses and fix it.
If you'll excuse me, I'll be turning up the volume so I can hear the YouTube video over my computer's fans.
Re: (Score:2)
We want flash to die to a better technology or for Adobe to get off their asses and fix it.
Yeah, like HTML5, which supports TrueType font embedding, animated vector graphics, MP3 sound and MP4 video all right out-of-the-box. And has continued to do so for the past decade.
Oh, wait.
Re: (Score:2)
We don't want to install Flash on the iPhone, we want the possibility of doing so without Apple choosing it for us. Flash is just a notorious example of the iP* platform restrictions any geek/hacker should loath.
Re: (Score:2)
It's not so much about a burning desire to have Flash on an iPhone, but rather resentment that Apple tells us that we aren't allowed to have Flash on our iPhone. We want freedom more than flash content, which is why some of us have indeed skipped the iPhone entirely.
However, not knowing anyone that uses an iPhone? Really? The number of iPhone users I know is double the number of Blackberry or Android users combined.. It's hard to throw a stone without hitting an iPhone user.
Re: (Score:2)
I like reading slashdot because of all those short summaries. And now, you didn't bother to even write a summary.
It looks like someone got their twitter ~ /. accounts confused.
Steve may have been right (Score:4, Insightful)
Re:Steve may have been right (Score:5, Funny)
1. It's a really good idea. 2. It's well within our ability to do it. 3. There are a million excuses for why no one is seriously committed to making it happen.
I think you've come up with an excellent analogy.
Re: (Score:2)
Yeah 50 years from now a guy on a tech news/comedy show (which will ironically be one of the best tech news sources) will probably make a montage of people talking about ending the web's dependence on Flash over the last 50 years :-(
Re: (Score:3)
Re: (Score:2)
Re: (Score:2)
Weren't those exactly the reasons Jobs gave?
Re: (Score:2)
Not that it don't have it's own storage, though.
Re: (Score:2)
At least it is built into the browser.
Re: (Score:2)
Re: (Score:2)
Re: (Score:3)
Re: (Score:3)
But but but... Silverlight!!!
Flash runs on platforms where Silverlight doesn't. Moonlight, as I understand it, is only good for showing "This application requires a newer version of Silverlight" notices.
Re: (Score:2)
Re: (Score:2)
HTML is simply a document markup language. It hasn't been "stretched" in any way. What are all those extensions that distorted HTML?
And just because many people use Flash, doesn't mean it's better. It was for a long time, if the current share is a reflection of its current quality or just a reflection of its history, it's not clear.
And who exactly do you think should written the HTML specs? What's the problem with browser vendors writing it? This isn't like the Netscape/IE wars, where each vendor wrote thei
DHTML was the first stretch (Score:2)
HTML has been stretched way beyond its original intent - to deliver static, stateless text-based documents.
HTML is simply a document markup language. It hasn't been "stretched" in any way. What are all those extensions that distorted HTML?
As I understand AC's sentiment, the stretching began when web browsers provided a scripting language with a DOM to modify the displayed document.
Re: (Score:2)
Re: (Score:2)
HTML + JS runs in more OSes and browsers (iOS, for example, but many others). It also doesn't need to be compiled at all.
As for security, Flash has a terrible track record. Who cares if it's better that Java? We were talking about HTML, not Java. And since you need an HTML browser to access Flash websites, you're just adding more vulnerabilities by having it running.
Re: (Score:2)
Apart from iOS (which was a business decision by SJ, not a technical one), there are very few browsers that don't implement flash (users may choose not to, but that is a different matter).
If there is a security glitch in flash it is noticed and gets fixed. If there is a security glitch in JS, who knows which browsers will be fixed and when?
It is fairly obvious that you don't remember the bad old days of IE5.5 on Windows 98. There were really only 2 browsers wor
Re: (Score:2)
and ten years ago like 60% of the browser market used IE6, your point? things change, they only change if we recognize the flaws with the existing system.
Re: (Score:2)
He changed the universe by making an observation.
No, he drummed up popular support for a years-old idea by being Steve Jobs.
THIS is a summary? (Score:4, Insightful)
Seriously, WTF? How about a sentence telling us what the 'flash problem' is, and maybe a bit about WHY the article is interesting?
Re:THIS is a summary? (Score:4, Informative)
I believe the problem may have something to do with persistent cookies. I'm not sure why I have this impression ... it's just some idea that came to me out of nowhere ... oh, wait, I know where that idea came from! I read the first goddamn sentence of the summary.
Re: (Score:2)
It was meant to be a tweet.
x@x:~$ wc
FTC Is In Talks With Adobe About the 'Flash Problem'; "Flash isn't actually necessary to watch YouTube videos, but the rest of this article is interesting."
1 26 157
Re: (Score:3, Informative)
From TFA: "While a browser can remove “normal” HTTP cookies, the privacy controls in a web browser like Mozilla Firefox or Microsoft (NSDQ: MSFT) Internet Explorer can’t remove Flash cookies, which can only be removed by using two separate services available on Adobe’s web site."
Also: "At least one browser, Google Chrome, now allows users to control the Flash cookies from within their browser’s privacy controls."
I'm ignorant of other browsers' features, being relatively happy w
Re: (Score:2)
Re: (Score:3)
...being relatively happy with my Firefox/Adblock/Noscript bubble of sanity...
You might want to look at the BetterPrivacy Add-on as well as the above. It is a whitelist based manager of Flash cookies. Which are used by a surprising number of sites that don't use Flash in any obvious way, including Gmail.com (whose Flash cookie I allow).
BetterPrivacy [mozilla.org] for Firefox. The developer's site [netticat.ath.cx], with links to reviews of BetterPrivacy in half a dozen big name magazines.
Re: (Score:2)
But I forgot. SL was made by Microsoft and is therefore clearly and obviously evil.
There. Now it's fixed.
Microsoft has spent the last 30 years polishing its reputation as the world's greatest institution of evil genius. It has definitely earned that reputation, and fully deserves everything that goes along with it.
Don't try to take away from Microsoft what it has worked so damned hard to obtain.
Re: (Score:2)
But I forgot. SL is another Flash-like proprietary technology vying to make the web dependent on a single vendor and is therefore evil without even looking at its merits.
Sigh.
FTFY.
Re: (Score:2)
Good thing you pointed that out. The article is talking specifically about the privacy issues of Flash cookies.
The "Flash problem" as geeks know it is that a full browsing experience depends on a closed-source plugin (with a terrible security history), compatible only with select browsers and platforms (with vastly different release schedules for the plugin on different OSes), made by a single company for the display of in-page video and complex interactive content. When I saw the article title I thought th
Re: (Score:2)
Oh come on, it's interesting because the summary submitter says so. It's like reading a blog!
Or a tweet.
Re: (Score:2)
Flash (Score:4, Insightful)
Re: (Score:2)
Microsoft/IE doesn't have that kind of power over the web any more, for one thing, and next, consider that IE doesn't come with Flash right now, and it didn't seem to stop or even slightly slow down Flash adoption. If MS ignored HTML5 entirely, they'd just be creating a space for the Adobe of HTML5 plugins - in fact in that case it would be a smart move for Adobe to add HTML5 rendering into their Flash plugin for IE.
Someone has already brought this up, but (Score:2)
What the FTC or whatever needs to do is not to build some Do-Not-Call system for Internet tracking. It's pointless to fine them insignificantly, and they never delete the data. Besides, they share it everywhere, and it's gone and done in minutes. Scattered everywher.
No, the FTC or whatever should build a Do-Not-TRY system. Internet sites should be required to not even try to track us, and honor a 'Universal Do-Not-Try-To-Track' cookie. Essentially, getting caught leaving cookies otherwise should be evi
Re: (Score:2)
So you want to enter your username and password every time you reload a page, every time you post a comment &c.? Or you're cool with URLs which look like 'http://www.example.com/page?sessid=37a1-fb6c-9372-11de' instead or 'http://foo:bar@www.example.com/page' instead of 'http://www.example.com/page'?
Do you even know what cookies are, what they do or why they were added in the first place?
Re: (Score:2)
Yes, dear, I know what cookies are, and why they were conceived.
Since you're still in the box, I'll lift the lid for you.
Since we really can;t ban cookies, and since we can't even tell the difference between a 'tracking cookie' and any number of useful and innocuous cookies, we're stuck with figuring out that we are being tracked, usually by accident. In this environment, theh FTC has a Sisyphean task in trying to implement a 'do-not-track' option for Internet users. Let's leave the foreign sites, aggrega
Re: (Score:2)
Oh, and I'm cool with URLs that look like:
'https://www.example.com/page?sessid=37a1-fb6c-9372-11de'
Works for me.
Opted out of tracking? Register or log in. (Score:2)
Internet sites should be required to not even try to track us, and honor a 'Universal Do-Not-Try-To-Track' cookie.
Web sites that encounter people who have opted out of tracking cookies will likely require them to register and log in before reading an article beyond the first paragraph. If most of the major news sites do this, starting with Fox News (and other Murdoch properties) and spreading to competitors, watch people opt back in.
BetterPrivacy Plugin for Firefox will delete LSO (Score:4, Informative)
Firefox plugin BetterPrivacy - https://addons.mozilla.org/en-US/firefox/addon/6623/ [mozilla.org] - will delete LSOs
It can be set up to automatically delete LSO on browser exit; on a timer (every x minutes/hours/days) or manually
It allows you to set a whitelist (protection list).
It doesn't 'solve' the problem; but in the mean time it at least breaks part of the cycle.
Also: Ghostery - https://addons.mozilla.org/en-US/firefox/addon/9609/ [mozilla.org] - helps to stop the problem in the fire place.
Used with Ad Block Plus - https://addons.mozilla.org/en-US/firefox/addon/1865/ [mozilla.org] - it makes surfing the web much better.
The Wild West era ended when there was no one left to conflict with.. right?
Re: (Score:2)
On this topic, here's my full suite of Firefox security/privacy plugins to date, and I'm on the bleeding edge of this shit so I know what I'm talking about:
The Absolute Must List (that your browser is total swiss cheese without):
NoScript
FlashBlock
BetterPrivacy
Nevercookie (beta)
Other Plugins I Highly Recommend:
Perspectives
CertPatrol
HTTPS Everywhere
What's Needed Next:
A plugin to handle HTML5 local storage like BetterPrivacy does for Flash LSOs
A better version of User Agent Switcher that sets the user agent to
Re: (Score:2)
Javascript could never choose the cookies' location, there was never any JS API to do it.
Flash, on the other hand, it's a binary blob outside of the browser's control, unless it uses a sandbox like Chromium is doing [chromium.org].
Re: (Score:2)
I would imagine it tells flash it's storing the cookie where it wants to, but uses a pointer to the address of the firefox cookie folder; then tells flash it grabbed it from the location flash said it was stored?
In theory you could do that, using hooks on certain calls, but the Chromium doesn't; they just use Windows' permission system to disallow writing to any directory except authorized ones, so if the plugin tries to write anywhere else it'll get an authorization error, so many of the current plugins crash on Chromium with the sandbox enabled.
It seems they got Adobe to release a version of Flash that actually does the right thing, so Flash will probably be sandboxed soon enough, but other plugins might take a w
Re: (Score:3, Insightful)
ECMAScript is the scripting language standardized by Ecma International in the ECMA-262 specification and ISO/IEC 16262. The language is widely used for client-side scripting on the web, in the form of several well-known dialects such as JavaScript, JScript, and ActionScript. [wikipedia.org]
I've (unfortunately) written a lot of both and they are extremely similar to each other. Yes, there are a lot of features inside that bloated Flash runtime, but that doesn't mean ActionScript is not like JavaScript.
JS == AS1, but AS2 and AS3 != AS1 (Score:2)
ActionScript isn't like JavaScript? They are both based on ECMA Script, they are very similar as languages.
AS1 was Flash's direct counterpart to JavaScript. AS2 and AS3, on the other hand, added static typing and class-based as opposed to prototype-based inheritance. See AS timeline on Wikipedia [wikipedia.org].
Re: (Score:2)
Hey, I have to agree. I stopped using actionscript with version 2.0 (a version backwards-compatible with AS 1.0).
My major misgiving with flash is not the language it uses, but its insistence on putting proprietary brackets around functions that most any computer should be able to handle - or in other words, it's beyond its time. Shouldn't modern browsers be capable of natively handling image/video/graphic manipulation scripts? They are - but only through javascript. And yes, Javascript is a b*tch to program