Tuesday, September 8, 2009

Flash Cookies - Yammy!

For some reason, everybody talks about flash cookies! But those are not much different to a traditional browser cookies we all know and love (to hate). The differences are that they are not controlled through a standard "privacy" setting of Internet browsers and they are less known (sadly, even to a Information Security specialists).
So where do you find those nasties and what to do about them?
To find these flash cookies all you have to do is to look for .sol extension in the following directories:
  • Windows: Within each user’s Application Data directory, under Macromedia\FlashPlayer\#SharedObjects.
  • Mac OS X: ~/Library/Preferences/Macromedia/FlashPlayer.
  • GNU-Linux: ~/.macromedia
There are number of alternatives to treat the problem:
  • Browser extensions (I know of Better Privacy extension for Firefox)
  • Schedule a task (using Task Scheduler for Windows or Cron job on Unix/Linux) to remove .sol files
  • Set access control permission on the relevant directory to be read only
And there is legal twist to this story as well. Apparently, usage of Flash cookies is illegal in UK according to Guidance on the Privacy and Electronic Communications (EC Directive) Regulations 2003.: "Cookies or similar devices must not be used unless the subscriber or user of the relevant terminal equipment:
* is provided with clear and comprehensive information about the purposes of the storage of, or access to, that information; and
* is given the opportunity to refuse the storage of, or access to, that information."

No comments:

Post a Comment