How you are secretly tracked with Flash cookies
You are probably aware that advertising agencies and others like Google use what are called tracking cookies to create a record of what sites you visit. I have posted a number of times on the subject (search “cookies” to see more). Blocking tracking cookies is quite easy and most anti-spyware programs sniff them out and remove them. However, there is another type of tracking method that is far less familiar and is beginning to be used more. This method uses the ubiquitous Adobe/Macromedia Flash presentations to bypass the usual cookie blocking methods. I wrote an article about this method some time ago but the subject remains little noticed and I am revisiting it. I previously wrote (slightly updated):
To evade standard methods of cookie control, a method called persistent identification element (PIE) is being tried. The current version uses a feature of the Adobe/Macromedia Flash application called local Shared Objects. Use of Flash movies on Web pages is widespread and a very large majority of Web viewers have Flash players on their systems. Internet Explorer comes with a Flash ActiveX component and plug-ins are easily available for the other major browsers.Thus most Web viewers can be reached by this new method.
Skipping the technical details, here is a brief idea of how the method works. When a Web page contains an ad in Flash format that is appropriately coded, a file can be placed on the viewer’s computer that functions much like a cookie. However, none of the present standard methods of cookie control will detect the file. This type of file has the extension SOL and can be located in a variety of places. In Windows XP they are usually in a sub-directory of
C:\Documents and Settings\{User name}\Application Data\Macromedia\Flash Player
You can find the tracking elements that are on your computer by searching *.SOL and you can then delete the files or you can use the command line to remove them. This will not prevent the planting of tracking elements on your computer in the future, however. Both the deletion of existing tracking elements and the prevention of any more can be accomplished at some little-known Adobe Web pages. Something called the Global Storage Settings Panel can be used to prevent future tracking. On that page you will find a settings manager that will change settings directly to the Flash player on your computer. It is shown in the figure below:
To prevent tracking elements from being placed on your computer by sites yet unvisited, you slide the bar all the way left and remove the check by “Allow third party Flash content…”
You can also remove existing tracking files and manage which sites are allowed. Across the top of the panel shown in the figure above is a row of icons. Clicking the one on far right opens the next figure shown below. The clicked icon is marked with red. This panel shows the stored tracking files that are already on your computer and gives you options for deleting them or configuring any sites that you wish to allow.
It’s possible that a bank or other institution may be using the Flash file as part of its security procedure. In that case, deleting the file will mean having to re-enter some information, which is similar to what happens when you delete a password cookie. The Adobe site gives you the option to allow specific sites while blocking others.
Did you enjoy this post? Why not leave a comment below and continue the conversation, or subscribe to my feed and get articles like this delivered automatically to your feed reader.
Comments
Looking at my previous post, I have a suggestion – the center justification definitely makes some messages look wonky. Any way to turn it off?
Regards,
Dean
Dean, first let me thank you for the comment and the batch file. I have found that there are other subfolders where the tracking files are kept so the code you give may not catch everything.If you want to do a mass deletion, how about something along the lines of:
del /s /q /f *.sol
This doesn’t do an existence check and needs some elaboration. Of course, any general deletion may remove a useful file such as the one from BankAmerica that you mention.
Next, let me address the point that you raise about how the default format of justified text makes for funny-looking posts some times. I have struggled with this myself when posting and sometimes I fix it with some ad hoc HTML style. Of course, the general styles are controlled in CSS sheets. I could possibly spend time tinkering with the CSS but there are only so many hours in the day, So I just go along with the default WordPress style sheets for the most part. But you are absolutely correct; the justified style can look strange. Here’s my try at your script with text justified left.
%SystemDrive%
cd \
if exist “%APPDATA%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys†(
cd “%APPDATA%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sysâ€
) else (
goto DONE)
for /F “usebackq tokens=*†%%d IN (`dir /A:D /B`) DO @rd “%%d†/S /Q
ONE
exit
Hi Vic,
>> If you want to do a mass deletion, how about something along the lines of:
>> del /s /q /f *.sol
That would be elegantly simple, except that there is one settings.sol file I don’t want to delete, located here:
%APPDATA%\Macromedia\…\support\flashplayer\sys
In other words, the settings.sol file that is not in a sub-directory of “sys”. If I am understanding this stuff correctly, the user-defined settings are stored in this particular *.sol file (Allow third party Flash content, etc.). The *.sol files located in the subdirectories of “sys” are the flash cookies. Don’t take this as gospel though.
>> I have found that there are other subfolders where the tracking files are kept so the code you give may not catch everything.
Interesting… I haven’t come across that before. Would this be some sub-folder of %APPDATA%\Macromedia\…\support\flashplayer\sys, or somewhere else?
Dean, you raise a very good point about some SOL files containing configuration settings. The other subfolder I have found is ….\flashplayer\#shared objects\. There are more subfolders nested in it with files that may very well contain some settings. They seem to be encoded so I can’t be sure what they contain. My script suggestion concentrated on blasting away every SOL file but a more selective approach is probably better. Just as some cookies are useful and should be kept, some of these SOL files serve a useful purpose. If you do online banking, they are being used by some banks to tag your computer so that when you try to log on to your checking account, your particular PC is recognized. I think that for selective control of these flash elements the Adobe control panel site may be easier than scripting for most average PC users.
Sorry, the comment form is closed at this time.
Your article is a must-read for typical users. As I’m sure you would agree, most of them are unlikely to be aware that Flash may be used by web sites in this manner.
I also wrote a simple bat file (see below) that addresses this issue, which runs at startup. I keep it in %WINDIR% (typically, C:\Windows) and created a shortcut in “%ALLUSERSPROFILE%\Start Menu\Programs\Startup” (typically, C:\Documents and Settings\All Users\Start Menu\Programs\Startup). This will always run at startup and may also be run at any time by selecting it from the Start Menu.
You also said “It’s possible that a bank or other institution may be using the Flash file as part of its security procedure.” Steve Gibson mentioned in one of his Security Now podcasts (with Leo Laporte) that Bank of America is indeed doing this.
Here is the bat file (hoping the lines do not wrap)
@echo OFF
%SystemDrive%
cd \
if exist “%APPDATA%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys” (
cd “%APPDATA%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys”
) else (
goto DONE
)
for /F “usebackq tokens=*” %%d IN (`dir /A:D /B`) DO @rd “%%d” /S /Q
exit