Adobe Flash Player: a greater risk to privacy and safety than you may realize
Do you know that if you have Adobe’s Flash Players plugin installed on your web browser that your internet activity and history is potentially being tracked and used without your knowledge or permission? Just managing your web browser’s tracking cookie through your web browser doesn’t forestall your internet browsing activity, and its history, from being tracked. Additionally, just holding your computer current and fully patched with all of Microsoft’s necessary updates keeps your computer safe from hackers, think again. Even using an antivirus program, with the most current virus definitions current doesn’t all the time forestall your computer and privacy from being at risk.
Adobe Flash Player: A Risk To Privacy and safety
Recently I came across a news article that caught my eye. It was a New York Times technology piece with the title “Code that tracks users’ browsing prompts lawsuits” (Vega, 2010). This article reports about the increasing number of consumers taking legal activity against associates that track their web activity without the consumer’s knowledge or permission. Adobe’s Flash Player is the main conduit for capturing this tracking data. This isn’t the first time that Adobe’s Flash player has created legal privacy issues. In 2008, Windows Secrets Newsletter published an article on Adobe’s Flash cookie privacy issues. Recently they published an additional one article called “Eliminate Flash-spawned “zombie” cookies” following up on the same issue (Leonhard, 2010). Adobe has done dinky to rule this issue. These law suits are directed at Adobe and other associates that gain and sell facts about your web browsing activity without your knowledge or permission. an additional one ominous contention is that some associates are surreptitiously using Flash cookies to glean facts from your browser, even though you have your web browser set to reject tracking cookies.
How does this happen
Adobe’s Flash Player browser plugin uses and market Flash cookies on your computer, detach from your best known browser Html cookies. Both types of cookies are used to store browsing and site preferences, along with your browsing history and tracking information. Flash cookies, like your web browser cookies, are small bits of data saved by the websites you visit. These websites use these cookies to store website settings and info (like your name, preferences, Flash game scores, etc.), to track website behavior, and to target you for exact advertisements. They can also originate what is known as persistent identification element to uniquely identify you and track what websites you have visited.
Flash cookies are not managed through your web browser’s cookie settings. This same Flash cookies warehouse area can also be used to store a copy of your browser’s cookies, allowing Adobe’s Flash to recreate cookies that have been previously deleted from your browser, i.e. Spawned ‘zombie’ cookies.
What to do to safe yourself
Adobe doesn’t make it easy for users to carry on Flash cookies. By default, when Flash Player is installed, it automatically allows third parties to store and way your computer. To convert these settings you need to way Flash’s Global Setting Manager. The easiest, most right forward way to get started is to open your web browser and copy the Adobe Url listed in my references (Ezinearticles does not allow me to place the link here). Or do a Google quest on: “adobe flash player setting manager.” The macromedia.com link should be the first and second items found.
This will take you to the Global Setting panel for Adobe’s Flash Player (see Adobe Flash Player Global Setting employer below). The image embedded on the web page is the actual management console, not a picture. The current version of this panel has eight panels or tabs. Each tab covers a distinct aspect of privacy and security. You may want to add this to your browser’s Favorites for future reference.
Adobe Flash Player Global Setting employer Global Privacy Settings
The first tab on the Global Setting employer is for your computer’s camera and microphone settings. You have the option of setting this as “Always deny…” or “Always ask…” The “Always ask…” option troops the Flash Player to ask for your permission before allowing a third-party to way your computer’s camera and microphone. “Always deny…” does just that, it all the time denies permission to way your camera and microphone. You will not receive any proclamation that a third-party tried to way whether your camera of microphone with this option.
Your current settings are not displayed. Clicking on “Always deny…” or “Always ask…” overrides any former global setting made for this. This setting is for sites you have not already visited. I suggest that you adopt the “Always ask” option. This will allow you the option of using an interactive flash site, requiring the use of your camera and microphone. You will be prompted to confirm your selection.
You will all the time be prompted for your permission at any website requesting way to your camera and microphone.
Global Flash Cookie warehouse Settings
The second tab of the Global Setting employer controls how much disk space you will allow for new web sites (third-parties) to store information, Flash cookies, on your computer. By denying all, you may forestall some websites from functioning correctly.
This panel determines the number of disk space you will automatically allow third-parties to use for websites you have not already visited. Some websites may not function correctly if you do not allow some disk space storage. This is the total number for each website. If a website needs or wants more you will receive a prompt to allow or disallow this added space (see below). Your installed Flash Player must be version 8, or newer, to have the option of allowing or disallowing third-party flash content. If your Flash version is older than version 9, you will not have the option to allow/disallow warehouse and sharing of common Flash components.
The suggested settings that work for me are shown above. The Allow third-party Flash, and Store common Flash, are needed by a lot of sites to allow them to function correctly.
Global safety Settings
The third tab is the Global safety Settings panel. This panel controls how Shockwave Flash (Swf) and Flash Video (Flv) are handled. The problem with these types of files is that they can contain applets or computer scripts that can be used to gain and share facts about you without your knowledge or permission. Both Swf and Flv files can be embedded on web pages. These files can and do replacement audio, video, and data using Macromedia’s Real Time Messaging Protocol. It is potential for Swf or Flv content stored locally on your computer to spin with the Internet without your knowledge of permission.
I suggest setting this to “Always ask.” If a website needs to store Flash cookies on your computer, you will be prompted for permission. By being prompted, you will be aware of the website’s tracking activity.
Global Flash modernize proclamation Setting
The fourth tab is the Global proclamation Settings panel. This is where you set how often Flash checks for updates. I suggest enabling this feature and having Flash check for updates at least every seven days. I strongly recommended that Flash updates be installed as soon as potential for safety reasons. By holding your Flash Player updated, you make the malicious code writers’ job just a dinky harder. The safety vulnerabilities for Flash Player plugins are very well-known.
After installing any Flash updates you should validate that your privacy and safety settings have not changed. With former Flash updates, the settings within the Flash employer have reverted back to default, i.e. Wide-open, settings.
Protected Content/License Settings
The fifth tab is the Protected content Playback Settings panel. When you buy or rent Flash “protected” content, license files are downloaded to your computer. Sometimes these files come to be corrupted. By resetting these files, new licenses can be downloaded. This option should only be used when protected Flash content is not playing correctly, and a technician has advised you to reset the licenses files. This will reset All license files stored on your computer; you are not able to adopt individual files.
If you click on the “Reset License Files” button you will be prompted to confirm or cancel your selection.
Website Privacy Settings
The sixth tab is the Website Privacy Settings panel. This is the list of websites you have granted permission to store data on your computer. This panel is where you can “Always ask,” “Always allow,” or “Always deny” way you your computer’s camera and microphone.
The recommended setting is “Always ask” or “Always deny.” You can edit these by highlighting the website and convert the permission or delete the website. You can also remove all the websites from this list by choosing “Delete all sites.” The settings on this panel override the default setting from the Global Privacy Settings panel for these single websites.
If you choose to delete a website from this list you are prompted for confirmation.
Note: The list of websites displayed in this and the following panels are stored on your computer and displayed to allow you to view and convert your local settings. Adobe claims that it has no way to this list, or to any of the facts that the websites may have stored on your computer.
Website warehouse Settings
The seventh tab is the Website warehouse Settings panel. This lists all the websites that you have visited that use Flash content, and how much warehouse they are using on your computer. You can convert the number of warehouse you allow, delete individual websites, or all the websites. This panel overrides the Global warehouse panel settings.
On a Windows 7 computer, the warehouse location for these files is: C:Usersuser_nameApplication DataMacromediaFlash Player in a folder called #SharedObjects or a subfolder of: macromedia.comsupportflashplayersys.
Note: Deleting the website using the Flash Global Settings employer only removes the website’s warehouse content; it does not remove the folder created for the website. An empty folder will remain on your computer.
By choosing a website and using the “Delete website” button, you can delete that website from the list of visited websites. This also removes all data that the website has stored from this warehouse area.
Peer-Assisted Networking Settings
The last tab is the Peer-Assisted Networking Settings panel. This is where you allow or disallow users who are playing the same content to share your bandwidth. If you are not on a broadband internet connection, you never want to use this option. When in use, this option increases network traffic on your internet relationship and to your computer.
It is recommended that you disable this option. This will not forestall Flash from working.
Other Notes and Considerations
The current versions of Internet Explorer 8 and Firefox version 3.6 share the same Flash settings. Changing or updating Flash through this console makes the changes for both. To verify this, validate the Flash management console from within each web browser you use.
After installing any Flash updates you should validate that your privacy and safety settings have not changed. With former Flash updates, the settings within the Flash employer have reverted back to default, i.e. Wide-open, settings.
On a Windows 7 computer, you can manually carry on Flash cookies by navigating to: C:\Usersuser_nameApplication DataMacromediaFlash Player in a subfolder settled at #SharedObjectsnonsensical-filename and macromedia.comsupportflashplayersys. Deleting the website using the Flash Global Settings employer only removes the website’s warehouse content; it does not remove the folder created for the website. An empty folder will remain on your computer in the C:\Usersuser_nameApplication DataMacromediaFlash Playermacromedia.comsupportflashplayersys folder. The Application Data folder is a hidden systems folder. You will have to have hidden directories graphic using the “Show hidden files, folders, and drives” option under the Fold folder View option. You may also need systems permission to precisely view and navigate these directories on a Windows 7 computer.
Instead of doing this manually, you can also use a free utility like Flash Cookie Cleaner 1.0, produced by ConsumerSoft (www. ConsumerSoft.com). This product will clean up and eliminate unwanted and unneeded Flash cookies in both the #SharedObjects and macromedia.com subfolders. This is a much simpler and more efficient way to clean up Flash cookies. You can download this free schedule from: http://www.flashcookiecleaner.com/ . This utility is free of spyware, adware, viruses, and other malicious programs. Download and save this file to your desktop and run it from there. This is a stand-along schedule that does not setup itself on your computer.
References
Adobe – Flash Player: Help. (n.d.). Adobe. Http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager02.html
ConsumerSoft – Freeware Products. (n.d.). ConsumerSoft.
Leonhard, W. (2010, August 5.). Eliminate Flash-spawned “zombie” cookies. Windows Secrets.
Vega, T. (2010, September 20.) Code that tracks users’ browsing prompts lawsuits. The New York Times.
To ask a pdf of the article with screen shot please visit the Friend Consulting web site and send an email from there with the Title: Adobe Insecurity.
Adobe Flash Player: A Risk To Privacy and safety
