I actually use an add-on called "BetterPrivacy" in Firefox to wipe any of these I might have picked up when allowing a flash object to run in NoScript.
Normal cookies I manage with CookieSafe.

Firefox users can use the "Better Privacy" plug-in to control and delete these things.

Jim

Guys like you and me can do this... what about all the dweebs that don't have a clue? Who is protecting them?

I find it interesting that flash cookies are so resilient. Just getting started looking into this as I have not used Flash, and tend to avoid sites that use Flash... but have located a few media sites that use flash which are of interest to me. Thanks for the heads up on "Better Privacy", I'll take a look.

Killing all unwanted cookies is like cleaning the windshield on your car ..if you dont know how to use the wipers ..you shouldnt be on the road / net

<it's like the "twits" ( how I manage not to change the vowel to express better what I really think of the drivel and spam posted there amazes even me ) ..must be basic politesse ..and not mocking the afflicted ..>

If you need someone to come along and clean your windshield ( cos you dont know how to work the wipers ..or cant be bothered to read the manual ) for you ..you visit a garage or a truck stop ..and they sell you something or charge your for something or put ads in your face ..

Flash cookies are only a problem for those who dont know how to write them or how to wipe them ..

And/or who cant be bothered to learn ..or learn how to block or delete them

And the how to and the wherewithalls are free ..or can be learned ..

Its like "stick shift" and "auto" if you can only drive "auto" ..you shouldnt be on the road ..and any mechanic has right to charge you the difference between their knowledge and your ignorance if what you are driving needs fixing or cleaning ..

Pulling everything down to the level of the dumbest / laziest ( in order to "protect them" ) is not good for survival of the species ..any species ..us included ..

BTW Tangor ..the "rant" isnt directed at you ..:))

But I'll worry about looking out for the "dweebs" ..when they learn to stop turning their machines into zombies because they want free pron ( please download our "codec" ) ..stop running peer to peer to get free movies from "Manu in Brazil" ..and using hacked AV's from their sisters boyfriends neighbours kids cousin to protect them from keyloggers ..or in fact when they stop even using MS anything to access the net unless they know how to secure it ..it's not like linux aint free and easy ..( and yes it takes flash cookies ..but it doesnt take keyloggers ) ..and even easier to keep clean ..

<rant off>

[quote]BTW Tangor ..the "rant" isnt directed at you ..:))[/quotep]

Thank goodness... I am prone to unload. :)

Seriously, Legsghost and all the others, I was a bit blindsided on this one... and I suspect many others as well. The query is whether websites are using the "everlast" tracking via Flash cookies or not.

I'm with tangor in not being aware of this issue before reading about it this week. I now wipe Flash cookies every day with a scheduled .bat script. Got 10 fresh cookies since the last wipe, which was 22 hours ago. None of them are called "weAreTrackingYou.sol", but then you never know...

I do think this is poor on Adobe's side; there is no practical reason why they could not have integrated with the browser's existing cookie system and written to or read from those.

Any Flash user (including IE users) can prevent Flash from storing anything (including cookies) by using the Flash Settings Manager, which can be invoked, for example, by visiting:

[macromedia.com...]

Likewise, to delete existing Flash cookies, visit e.g.:

[macromedia.com...]

The "screenshots" that you will see on those pages are actually not images. They are the actual Flash Settings Manager pages.

true_INFP... there is a question as to why management of Flash cookies must be done via a web interface. Counter intuitive to ordinary "cookie settings" found in IE, FF or other browsers. I'm not donning the tinfoil hat, just really curious as to why this arrangement was set up in the first place. Meanwhile, I have (always) killed every Adobe update/call home installed by default in their products. Now I will be doing the same with their cookies, too.

true_INFP... there is a question as to why management of Flash cookies must be done via a web interface.

I don't know, as I don't work for Adobe. But I guess it's because it is cross-platform and cross-browser (so they don't need to develop and maintain separate plugin interfaces for IE, Firefox, Opera, for Windows, OS X, Linux, etc.)

Also, I think the Flash Settings Manager should be possible to invoke from within a local page (not just from within a remote page, on a server).

It was this statement in the article that grabbed my attention:

A significant percentage of websites including federal government sites use this Flash-based technology to track users, the researchers discovered. The technology is sometimes used as a means to "undelete" the information in browser-based cookies that a user might have thought they had cleared from their system when they deleted their browsing history, the academics explain.

We find that more than 50 per cent of the sites in our sample are using flash cookies to store information about the user. Some are using it to 'respawn' or re-instantiate HTTP cookies deleted by the user. Flash cookies often share the same values as HTTP cookies, and are even used on government websites to assign unique values to users. Privacy policies rarely disclose the presence of Flash cookies, and user controls for effectuating privacy preferences are lacking.

The researchers conclude that Flash cookies are more effective at tracking users' visits around websites than traditional HTTP cookies because they operate in the shadows and are infrequently removed. By default Flash cookies have no built-in expiration date. Browser-based actions such as deleting browser histories or switching to private mode does not affect the operation of Flash cookies.

Since Flash cookies are not easily managed in browsers, this seems to bypass user privacy preferences.

vincevincevince,

Flash cookies can be quite huge compared to Netscape-style browser cookies. Some sites use them for that reason, while others use them precisely because they are obscure and most users don't even know they might want to delete them to avoid being tracked and profiled.

---

tangor,

Yes, there are a lot of Web sites using these 'everlasting' Flash cookies. In fact, it's the usual list of advertising providers and analytics companies, plus some others.

Using Flash cookies does not just "seem to bypass user privacy preferences," if the Flash cookies are used to reinstate previously-deleted regular browser cookies, then it does in fact bypass them. This because of the way that the Flash preferences are effectively 'hidden' unless you actually go digging for them: A default install of the Flash plug-in by an ordinary non-techie user offers no clues that there even *are* any settings that that user might want to go configure.

Jim

@jdMorgan: Exactly why I OP'd the article in the first place. I don't use Flash on any of my sites, thus am clueless in that regard. I tend (as a user) to NoScript Flash in general... but where I do allow Flash I, a bit better than non-techies, was equally clueless as regards Adobe's management of "cookies" via web interface.

What I would like to know, from the webmasters here who do use Flash, are you tracking folks with the Flash cookie?

Our flash work which uses cookie-type functionality (login etc.) invokes javascript functions to read and write standard browser cookies. Always seemed sensible as they can then be used seamlessly by javascript and server-side scripts.

HTML 5 will likely remove the need for Flash in the future for most people (except perhaps web gamers). Personally, I don't know/visit any site that requires me to install Flash or leave -- except YouTube, which is going to use the HTML 5 video tag instead of Flash.

Thanks for the tip Swa66.

Now with BetterPrivacy, AdblockPlus, and NoScript -- my web browser is safer, faster, and less intrusive.