Wednesday, September 2, 2009

Flash Cookies Are Tracking You

From PCMAG.com:

A paper by researchers at the University of California, Berkeley brings to light the problem of cookies in Adobe's Flash and their under-appreciated widespread use.

The problem begins with the fact that large numbers of users delete their browser HTTP cookies periodically, making it difficult for web sites, mainly commerce sites, to accurately track the number of unique visitors. Flash cookies have filled this data gap for many sites.

Flash cookies are similar to HTTP cookies in that they store data locally for a site for that user. This could be as simple as a unique ID to let the site track which user has connected. Flash cookies, also known as "local shared objects," have advantages over HTTP cookies: they can be much larger, they have no expiration date by default, and they are shared among different browsers in the system. Of course,

The concern, of course, is that Flash cookies can be used to track users in ways that aren't appreciated and that users won't know. In fact, some top 100 sites use the Flash cookies to repopulate HTTP cookies that the user deleted.

You can control cookies in Flash, both on a per-site basis and globally. For a site, right click on the flash object and select Settings and then the folder tab. Read the Flash Player help for more on this.

The Global Storage Settings panel can be accessed on its own help page. There you can tell Flash you don't want any sites to be able to store local content at all. You can also see which sites have cookies on you.

Full article here.

You may be surprised at how many sites use flash cookies for tracking you. You can manage them here.

No comments: