Flash cookies (LSOs) – Security risks and privacy issues

July 21, 2017 Eric Networking and Internet Problems, PC Problems and Solutions, Software Problems 0

The security and privacy issues posed by Flash cookies – LSOs

BetterPrivacy flash cookies management add-on tool for the Firefox web browser
BetterPrivacy flash cookies management add-on tool for the Firefox web browser. Click on the image to view its full size

Interesting facts about Flash cookies – LSOs

1. – Flash cookies – also known as Local Shared Objects (LSOs) – remain in computer’s system for an unlimited period.

2. – Flash cookies are placed in a computer’s system by a web browser’s Adobe Flash Player plugin that is used to view online videos, most commonly on YouTube and cam sites.

3. – They can track particular web users, access and store from their computers up to 100KB of data compared to the 4KB of a standard HTTP cookie. They can send the information they have collected away to the web server they came from or any other server without the user’s permission.

4. – All web browsers (Firefox, Chrome, Internet Explorer, Edge, Opera, etc), use the same folder within Windows to store LSOs, which allows the sites visited in any web browser to access them. That property alone makes them well worth deleting.

5. – Many websites and tracking companies that are mainly businesses that make their income from adverts use LSO cookies. Businesses such as Google and Facebook and the advertising companies that serve them. Google and Facebook live off the personal information they obtain from the users of their ‘free’ services.

6. – If LSOs as well as standard HTTP cookies are used by a particular online company, the LSOs are capable of recreating their HTTP cookies if they get deleted by the system’s cookie policies, which makes them as persistent as the Flash cookies themselves.

7. – Most web browsers are not capable of displaying or managing LSOs in the way in which they can display and set cookie policies for standard HTTP cookies, which makes getting rid of them more difficult. Fortunately, it is possible to delete them by using special LSO management tools.

The use of Flash cookies by the Adobe Flash Player and the Google Chrome web browser

The Adobe Flash Player’s local on-board settings can be accessed and set via the Local Settings Manager – under Flash Player in the Windows Control Panel. Note that the Global Settings Manager on Adobe’s website accesses the settings on the local computer and sets the settings that the user chooses.

Using the Flash Player’s Local Settings Manager –

Click on Storage, Camera and Mic, Playback and Advanced links for information on each of them.

http://help.adobe.com/en_US/FlashPlayer/LSM/…

You can only set Google’s Chrome browser via the online Global Settings Manager on Adobe’s website, not from Flash Player in the Control Panel

This is a very important point to remember because Google’s Chrome browser will use its default settings that allows it to use tracking Flash cookies, take up to 100KB of information, give itself permission to use the computer’s camera and mic and share the broadband connection (the peer-to-peer networking setting) – unless the user chooses to disable or block those default settings.

I disable or block everything in the Local Setting Manager, apart from the settings on the Advanced tab, which I leave alone, and I can still use YouTube and other websites that use the Flash Player. I do not use the Chrome browser, or anything else by Google, because it is all spyware. Google uses your private information to compile personal profiles that it uses to customise adverts that it places across your path on the websites that use its advertising system.

“If you are using Chrome or Chromium browser, to change the Flash Player settings, use the Flash Player Online Settings Manager.” The following page accesses your computer’s Flash Player settings online and allows the user to set them through it.

https://helpx.adobe.com/flash-player/kb/changing-flash-player-settings-chrome.html

Flash cookie management tools

There are browser-specific tools that are devoted to managing Flash cookies.You can find them by using a web-search query, such as: flash cookie cleaner.

BetterPrivacy downloads and installs only on the Firefox browser. After installation, look for it in the Tools menu. The default setting is to delete LSO cookies on exit from Firefox.

To install it in Firefox – it was still available in July 2017 – follow this click path in the browser – Tools => Add-ons => Extensions. Then use the Search box to look for BetterPrivacy. When it appears, install it. Click its More link to read an article on it.

Other Firefox add-ons – Cookies Exterminator and Self-Destructing Cookies -also say that they get rid of LSO cookies.

There may be other LSO cleaners that can you can add to other browsers, such as Chrome, Edge, Internet Explorer, etc.

Apparently, the free version of CCleaner – that runs in Windows – deletes flash cookies by default. Here is a link to the site of the developer of CCleaner on LSO cookies.

https://www.piriform.com/docs/ccleaner/ccleaner-settings/cleaning-flash-cookies

Local shared object [Flash cookies] – https://en.wikipedia.org/wiki/Local_shared_object

Standard HTTP cookie – https://en.wikipedia.org/wiki/HTTP_cookie

Warning about using the Firefox add-on “BetterPrivacy” to delete LSO flash cookies

Note well that you must not allow the Firefox web browser’s add-on, BetterPrivacy, to delete the LSO flash cookie that the Adobe Flash Player itself creates automatically, because it contains the settings that everyone should set to prevent the use by websites of the computer’s camera, microphone, store 100KB of data, use peer-assisted networking (share your connection), etc. If the Flash Player’s LSO cookie is deleted, the Flash Player sets itself to allow everything. You access the Flash Player’s control panel via the Windows Control Panel.

The default settings of BetterPrivacy are the best ones to use. The LSO cookie of the Adobe Flash player is not deleted by default. You have to enable its deletion manually under the tool’s Options and Help tab.

 

About Eric 275 Articles
I am an experienced PC technician who has been the owner and sole writer of the PC Buyer Beware! website since 2004. I am learning all the time in this very dynamic, ever-changing field.