Back to article
Getting Rid of Nasty Flash Cookies on Linux
Yep, Completely Innocent, and Maybe Even Beneficial! No, Really!
March 24, 2009
Flash cookies are the secret nasties of using the Flash player on any platform. These are somewhat like the ordinary HTTP cookies that Web sites infest on our systems. Some HTTP cookies have useful purposes, such as storing the contents of shopping carts and other session information that is actually helpful to us lowly users. But the majority of HTTP cookies are tracking cookies, following us on our travels around the Web, collecting and collating data without our consent and for purposes that do not benefit us. Marketers have no shame when it comes to newer and more inventive ways to spy and track on our movements, and putting together identifying data from diverse sites. Just think if all of that ingenuity were channeled into developing good products that people actually want, and marketing them in ways that were not obnoxious...oh I know, that's crazy talk, so let's move on.
The correct name for Flash cookies is Local Shared Objects, or LSOs, but we'll call them Flash cookies anyway. There are two ways to manage them-- the Adobe way, and the Linux way. Today we'll learn the Adobe way, and then on Friday we'll learn the excellent Linux way.
I think Flash cookies are one of the primary reasons for Adobe's reluctance to open-source the Flash player. I think it is time to give Gnash a serious try.
What Are Flash Cookies and Why Should I Care?Flash cookies are a wonderful free benefit of using Adobe's Flash player. (Don't make me use sarcasm tags.) They hold more information than HTTP cookies-- HTTP cookies are about four kilobits, while Flash cookies hold up to 100kb. You can find them on your Linux system stored in your ~/.macromedia/Flash_Player/ directory. There are two directories chock full o' cookies here, buried way down long filepaths, macromedia.com and #SharedObject. The cookies themselves have .sol extensions, and are yummy little binary files that we cannot read like plain-text HTTP cookies. (You can open binary files in any of the many good Linux hex editors, such as hexedit, just for fun. There should be some text mingled in with the hexedecimal stuff.)
According to Wikipedia, Flash cookies are readable only by their originating sites, and are not shared across domains. And yet they are called "Local shared objects." HTTP cookies are commonly abused by sharing across domains via third-party ad servers and in concert with Web bugs, and that is how they build detailed profiles of site visitors. If you enter personal data on one site, it is possible for that data to be shared with other sites, and then they know who you are. We're all familiar with the tired old "Oh we don't collect personal data on purpose, and even when it's accidental we don't look at it. It's all aggregated and anonymized! No, really!" bushwah. Uh huh. Open up your servers and let us see, because "trust but verify" is what wise people do.
There are many good FOSS cookie manager tools, and modern Web browsers include cookie managers, but as far as I know none of these are aware of Flash cookies. Adobe has a Flash cookie manager (Figure 1). That's right, it's on Adobe's Web site. That is the actual manager that reads the cookies on your computer. Adobe claims that "Adobe does not have access to the settings that you see in the Settings Manager or to personal information on your computer." Yeah whatever, I keep my skepticism set to "always on".
There are several tabs that reveal various interesting options, such as "Click always ask to require any Website to ask permission if it wants to access your camera and/or microphone." Isn't that special! I couldn't find out what the default setting is, though naturally I always suspect the worst.
Like any cookie manager it gives you a bit of fine-tuning so you can block or allow Flash cookies from various Websites.
Managing Flash Cookies the Linux WayI don't have much faith in promises from an industry that is based on a complete lack of respect for privacy and that treats customers as enemies, so come back this Friday to learn the cool Linux way of managing Flash cookies. It doesn't require accessing an external Website and you always have complete control.
Carla Schroder is the author of the Linux Cookbook and the Linux Networking Cookbook (O'Reilly Media), the upcoming "Building a Digital Sound Studio with Audacity" (NoStarch Press), a lifelong book lover, and the managing editor of LinuxPlanet and Linux Today.