'C' Is For Cookie, Not Confidentiality

Most people know about the cookies that internet browsers use to store information.  It's easy to configure browser settings to not allow cookies, only allow trusted cookies, and to delete cookies when exiting the browser.  What slips around the radar are Local Stored Objects (LSO), also known as super-cookies or Flash cookies.

LSO’s use Flash technology to store more information than regular cookies.  In addition, LSO’s can be used to recreate, or respawn, deleted cookies.  More than half of the internet’s top websites use a little known capability of Adobe’s Flash plug-in to track users and store information about them, but only four of them mention the so-called Flash Cookies in their privacy policies according to UC Berkeley researchers.

To control these Flash cookies, you have to use the controls on Adobe’s site.  According to Wikipedia,  “Users can only opt-out of Local Shared Objects globally by using the Global Storage Settings panel of the online Settings Manager at Adobe's website. Users can also opt-out of them on a per-site basis by right-clicking the Flash player and selecting 'Settings'.  Adobe's online-only Website Storage Settings panel was created to let users view and delete LSOs on a per-domain basis. It is also possible to completely disallow LSOs from a specific domain by setting the storage space to "0 KB", however, although no data is stored, empty directories with the name of the domain are nonetheless created. Add-onextensions that allow the user to view and delete LSOs have also been created for the Firefox Web browser, e.g. BetterPrivacy.”

Security and Compliance Adobe Flash Adobe IE