LinuxPlanet - Print - Getting Rid of Nasty Adobe Flash Cookies the Cool Linux Way

Getting Rid of Nasty Adobe Flash Cookies the Cool Linux Way

By: Carla Schroder
Friday, March 27, 2009 02:46:02 PM EST
URL: http://www.linuxplanet.com/linuxplanet/tutorials/6709/1/

Using find to See What We're Up Against

In Part 1 we learned about the not very well-known Adobe Flash cookies, how to find them on your Linux system, and how to use Adobe's Web-based Flash cookie manager. Today we're going to learn how to deal with Flash cookies using ordinary Linux commands, which unlike the Adobe manager are nice and fast and don't require an Internet connection. Linux has the advantage for nuking Flash cookies and keeping them nuked. If you want to pick and choose which ones to allow and which ones to deny, the Adobe tool is probably the better option.

Using find to See What We're Up Against

The find command has a wealth of options for all occasions, and is a wonderful all-purpose power tool. First let's start at the top level of our home directory and find out if we have any Flash cookies:

Other Stories on LinuxPlanet

GUI Programming in Python For Beginners:
Create a Timer in 30 Minutes

OpenMoko Smart Phone: Open Linux,
Open Hardware, No Britney Spears

Tiny Core Linux -- A Minimal Distro
with Big Possibilities

Intro to Shell Programming:
Writing a Simple Web Gallery

$ cd $ find -iname '*.sol'

The first command makes sure we're back at the top level of our home directory, and then find will search starting from there and then dive into the sub-directories. -iname performs a case-insensitive filename search, and '*.sol' means "find all files with the .sol extension." If you have the Flash plugin installed you should see results like this:

/home/carla/.macromedia/Flash_Player/#SharedObjects/9WQLPZGG/d.scribd.com/ScribdViewer.swf/scribdSettings.sol /home/carla/.macromedia/Flash_Player/#SharedObjects/9WQLPZGG/i.dell.com/s_br.sol /home/carla/.macromedia/Flash_Player/#SharedObjects/9WQLPZGG/listen.grooveshark.com/main.swf/gslite.sol /home/carla/.macromedia/Flash_Player/macromedia.com/support/flashplayer/sys/#s.ytimg.com/settings.sol /home/carla/.macromedia/Flash_Player/macromedia.com/support/flashplayer/sys/#googleads.g.doubleclick.net/settings.sol /home/carla/.macromedia/Flash_Player/macromedia.com/support/flashplayer/sys/#www.soundclick.com/settings.sol

Even if you never view Flash videos, adservers use Flash. Want to know how many there are? Pipe the output of find to wc (word count):

$ find -iname '*.sol' | wc -l 95

The -l option counts linebreaks. 95 Flash cookies! Why so many? What do they do? You can't read them like ordinary HTTP cookies because they are binary instead of plain text. If you're curious you can fire up a hex editor and see inside, which probably won't tell you much:

$ hexedit .macromedia/Flash_Player/#SharedObjects/9WQLPZGG/i.dell.com/s_br.sol

Hit Ctrl+c to close hexedit.

You can extract any plain-text bits and skip all the hexedecimal stuff with the strings command:

$ strings .macromedia/Flash_Player/#SharedObjects/9WQLPZGG/listen.grooveshark.com/main.swf/gslite.sol TCSO gslite 1localQueueRepresentation autoplayID queueID cursorPosition CsuppressPendingUploadNotification

Which still doesn't tell us much, but it never hurts to look; curiosity is a splendid virtue.

Using find for Search and Destroy

Once you verify that you have a batch of Flash cookies, find will find and delete them all in one command by using the powerful -exec option, like this:

$ find -iname '*.sol' -exec rm "{}" \;

This means "find all files with the extension .sol and delete them." rm is remove, or delete. "{}" means "replace me with the name of the current file being processed", and the semi-colon means "stop, there are no more commands to execute." The semi-colon must be escaped with the backslash because it has a special meaning to the Bash shell, and we don't want Bash mucking with it.

find is very fast and this will nuke all Flash cookies in an eyeblink. If you're nervous, you can use -ok instead of -exec and you'll be asked to verify each deletion:

$ find -iname '*.sol' -ok rm "{}" \; $ < rm ... ./s_br.sol > ?

Type y for yes or n for no.

Related Stories on LinuxPlanet

Fun With find and xargs: Sort Flash Cookies By Date

Maybe you want to see your listing of Flash cookies sorted by date. Your first impulse might be to use -exec again, like this:

$ find -iname '*.sol' -exec ls -l "{}" \;

But this won't work, because the -exec option processes one file at a time, so one file at a time will be sent to ls. We want all of the output of find sent in one batch to ls, which is a job for pipes and the xargs command, like this:

$ find -iname '*.sol' | xargs ls -lt

xargs is another endlessly useful command that takes the output of another command and lets you run other commands on it. You can do more than simply view your Flash cookies in date order; see man xargs for inspiration.

Preventing Flash Cookies

Maybe you don't want the darned things on your system at all. As usual, Linux lets you control your own system and doesn't mind if you want to prevent Flash cookies from nesting on your system at all. There are a number of ways to do this. Flash cookies reside in two directories, ~/.macromedia/Flash_Player/#SharedObjects/ and ~/.macromedia/Flash_Player/macromedia.com/. If you want to see these in a graphical file manager, make sure you have "view hidden files" enabled. Delete all the files in these directories, then change the permissions to mode 0500, which is read-only and execute:

$ chmod -Rv 0500 .macromedia/Flash_Player/#SharedObjects/ .macromedia/Flash_Player/macromedia.com/support/flashplayer/sys/ mode of `.macromedia/Flash_Player/macromedia.com/support/flashplayer/sys/#blip.tv' changed to 0500 (r-x------) mode of `.macromedia/Flash_Player/macromedia.com/support/flashplayer/sys/#cm.cdn.fm' changed to 0500 (r-x------)

chmod means "change read-write-execute mode", -R mean recursive (do the subdirectories), and v is verbose so you can see what is happening. That changes the #SharedObjects/ and sys/ directories and their sub-directories to read- and execute-only. You need these set so you can enter the directories to make sure no new cookies have been written. (Yes, this is how Unix directories work, they need the execute bit set so you can enter them.) But the directories are not writable so no new cookies can be added.

All of the commands in this article have good detailed man pages, plus you can find all kinds of tips and tricks online.

What About Gnash?

Rob Savoye, who is the main developer of Gnash (the Free Software Flash player), kindly wrote to me and shared some helpful information:

"Gnash supports LSOs too, but unlike Adobe, we print messages in a debug log (if it's enabled) about what is being stored. But more importantly, we do have a utility program called "soldumper" that one can use to dump all the encoded data in a .sol file to the terminal. This way you can see exactly what is being stored about you.
I've examined hundreds of .sol files when I was adding LSO support to Gnash, at at least so far, never found anything privacy oriented. Course anything can be stored, so I'm still paranoid. They're commonly full of config values more than anything else.
" And yes, Gnash plays much more attention to the users privacy and security than Adobe does. I think this is one area where free software is better than it's proprietary counterparts."

"Trust but verify" is a sound principle. I'm going to install Gnash and give it some serious testing, and perhaps even write up my experiences if I learn anything useful.

Thank you to the fine readers of Linux Today and LinuxPlanet for providing tips and inspiration for this article!

Carla Schroder is the author of the Linux Cookbook and the Linux Networking Cookbook (O'Reilly Media), the upcoming "Building a Digital Sound Studio with Audacity" (NoStarch Press), a lifelong book lover, and the managing editor of LinuxPlanet and Linux Today.