SF Bay Area Indymedia indymedia
About Contact Subscribe Calendar Publish Print Donate

U.S. | Indymedia | Police State and Prisons

New cookie technologies: harder to see and remove, widely used to track you
by via the EFF
Tuesday Sep 15th, 2009 8:00 AM
Tuesday, September 15, 2009 : Cookies are still a privacy problem for web users, many years after privacy advocates first raised concerns about their use to track web browsing. Today, cookies are one of the main mechanisms that advertising companies like Google use to track and profile users across sites and over time -- often building up a single gigantic profile for years and years. Many EFF members respond to this threat by using their browsers' cookie management features to limit which cookies they'll accept or how long they'll be retained.
But it turns out that the cookie situation is quite a bit trickier today, and sites that want to track users have new technical options that are hard for users to respond to. The traditional "cookie" is an HTTP cookie, invented by Lou Montulli and John Giannandrea at Netscape in 1994. But today many browsers implement a range of things with the same kind of cookie-like tracking behavior -- mechanisms that are far less familiar, harder to notice, and often harder to control.

A great overview of the wide range of cookie technologies confronting us today is Cleaning Up After Cookies, an article published last year by Katherine McKinley at iSEC Partners. McKinley describes five cookie-like tracking methods that go beyond traditional HTTP cookies, and explains how browsers often fail to let users exercise meaningful control over these varieties of tracking.

The most prominent of these tracking methods is the so-called "Flash cookie", a kind of cookie maintained by the Adobe Flash plug-in on behalf of Flash applications embedded in web pages. These cookie files are stored outside of the browser's control. Web browsers do not directly allow users to view or delete the cookies stored by a Flash application, users are not notified when such cookies are set, and these cookies never expire. Flash cookies can track users in all the ways traditionally HTTP cookies do, and they can be stored or retrieved whenever a user accesses a page containing a Flash application. Some of the problems are highlighted by Rob Savoye, the developer of Gnash, an open source Flash implementation.

Read More

Comments  (Hide Comments)

by step by step
Monday Dec 28th, 2009 4:48 PM
found out the messed up way to control flash cookies because I
didn't even know they existed until this post said something...

A) If you right-click/ctrl-click on a flash file in your browser, you
can scroll down to "Settings" to control settings for individual flash
files. But that's kind of useless privacy-wise because people could
hide1-pixel flash files on pages you don't even know about.

B) If you right-click/ctrl-click on flash file, you can also scroll down
to "About Flash" which is not intuitive way to access
settings/preferences for an app:
1) you end up on adobe webpage and can select "Settings Manager"
under "Support" in right-hand nav
2) from there, you click on various left-hand nav items under
"Settings Manager" -- the "Global Privacy" ones. There are also tabs in
the flash settings manager that opens up after you select any of the
global privacy choices.
3) Clicking the folder-looking tab shows you all of the flash
cookies you had no idea were on your machine. Note that there is no
left-hand "global" link I can find to access this info.

Wow, that's really straight-forward and respectful of flash users rights
to internet privacy. Thanx Adobe.