

You Deleted Your Cookies? Think Again - edw519
http://www.wired.com/epicenter/2009/08/you-deleted-your-cookies-think-again/

======
blasdel
Unmentioned in the fluff article: Since flash cookies are set in a user-global
location, they are the same live across all browsers. As an added bonus, they
completely defeat "private browsing" everywhere I've tried it.

~~~
Devilboy
Including the Chrome 'Incognito' mode?

~~~
andreyf
Not an expert, but I'd imagine so. Unless they do some wicked hackery, Chrome
can't restrict what a Flash plugin executable does with an SWF file.

~~~
Devilboy
Is there an easy way to test this?

~~~
sage_joch
Play this (addicting) game in Firefox -
<http://www.ferryhalim.com/orisinal/g3/bells.htm>. It will record your high
score. Open Chrome in incognito mode, die quickly, and see that it has kept
your high score from Firefox.

~~~
DTrejo
CCleaner works well at deleting all those cookies that sneak by private
browsing.

~~~
nopassrecover
Not flash visited sites. It may have deleted Flash cookies but the flash check
cookies link listed here still shows sites after a CCleaner run.

See <http://forum.piriform.com/index.php?showtopic=22980>.

------
paraschopra
To see your Flash Cookies, go to
[http://www.macromedia.com/support/documentation/en/flashplay...](http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html)

~~~
solutionyogi
Wow, horrible application. First, Chrome gave me warning that ActionScript is
too slow. And when you click on 'tabs', a new page is loaded even though it's
a flash application! And why do they need a separate page for this? Why is it
not accessible when I right click a Flash movie?

~~~
jdowdell
<em>"Why is it not accessible when I right-click a Flash movie?"</em>

It is... the context menu always holds at minimum a "Settings" link.

For "Why is it on a webpage instead of in the SWF?", it's because Flash is
part of a webpage, and is often not sized large enough to display a dialog.
Unlike a browser, Flash has no chrome of its own -- it's a component.

For "Why isn't this integrated with the new browser privacy controls?", this
is a work item now that browsers offer privacy controls... a Mozilla example:
<https://bugzilla.mozilla.org/show_bug.cgi?id=508167>
<https://bugzilla.mozilla.org/show_bug.cgi?id=290456>

~~~
solutionyogi
jd, you do not get these privacy settings control when you select 'Settings'
by right clicking on Flash. Those 'Settings' let you control microphone/web
cam usage. You have to again click on 'Advanced' link on one of the tab, which
will lead you to this page. My question is, why do I have to go to a
Macromedia hosted page to change privacy settings of Flash player installed on
my computer?

------
barrkel
I guess this is still irrelevant if you use FlashBlock. I know I've seen many
sites that don't obviously use Flash, except for the existence of a flashblock
item in the top-left corner - my guess at the time was that it was tracking.

~~~
bretthoerner
Not _totally_ irrelevant, I assume you sometimes enable a flash embed or two.
Just because it plays a movie (or whatever) doesn't mean it isn't tracking
you, too.

------
keyist
Unix's everything is a file versus Adobe:

    
    
      ln -s /dev/null ~/.macromedia
      ln -s /dev/null ~/.adobe
    

Winner: Unix

------
jimmybot
If you want, you can delete your flash cookies using the BetterPrivacy Firefox
Add-On: <https://addons.mozilla.org/en-US/firefox/addon/6623>

Should delete globally so you can use it even if you don't use Firefox.

------
gradschool
One comment suggests running the browser in a virtual machine and restoring
from a snapshot at the beginning of each session, which is also what I do and
has worked out well. Using Virtualbox, the bookmarks file can be separately
mounted on a so-called writethrough image to allow persistent updates. There
are some difficulties with the shared clipboard but ssh between the host and
vm is a workaround.

------
aw3c2
yet another reason not to install Flash.

------
gojomo
I'm wondering if there's some similar permanent iPhone ID available to apps.

I did a 'full wipe' on my iPhone3g and gave it to my sister -- but then when
she installed Pandora, it started pre-logged-in to my account. The only
mechanisms I can imagine for that are (1) (less likely) an app-addressable
storage area, like cookies, that's spared the 'full wipe'; (2) a permanent
device ID that apps can use as if it were an unerasable, global cookie.

~~~
naz
[[UIDevice currentDevice] uniqueIdentifier]

~~~
gojomo
Thanks. I accept that installed apps have privileged access to such per-device
IDs, and can see why Pandora finds it useful... but it seems there should be
some guidance against such use, or a mechanism for breaking such associations
after a 'full wipe'. (Perhaps, the last part of the ID is an counter that
increments each wipe.)

My sister seeing my Pandora stations is no big deal but if it had instead been
a stranger I'd sold the unit to, that'd be more of a concern... and if other
apps do the same thing, more important personal information could be at risk.

------
codedivine
Wonder what happens if you use Flashblock?

------
4chan4ever
Finally... this has been blogged about for at least a year.

[http://www.codingthewheel.com/archives/online-gambling-
priva...](http://www.codingthewheel.com/archives/online-gambling-privacy-
iesnare)

