Reply to comment

Preventing/blocking tracking through Flash cookies

Submitted by paul on Wed, 07/28/2010 - 10:58

As a follow on from my previous post about the prevention of tracking scripts and web bugs, I thought I'd do a quick how-to for blocking "Flash cookies".

Flash cookies can store up to 100k of data on your machine, which is around 25 times the size of a standard browser cookie. They are a serious threat to privacy because as well as being able to hold large amounts of data, they exist outside of the browser's normal content management system making it very difficult to easily manage which sites can set data and what is contained in each cookie. Often sites will use Flash cookies to regenerate normal browser cookies across sessions.

Blocking Flash cookies with Flash's own settings often doesn't work. Supposedly it is possible to visit this page on Adobe's website which enables you to adjust the settings of your Flash plugin including how much space on your hard drive you allow sites to use to store data: (http://www.macromedia.com/support/documentation/en/flashplayer/help/sett...). I have found that even with this setting at zero, Flash cookies are still set as normal. My method totally prevents any Flash content from being stored. Basically, we are going to remove permissions from the directory used to store the cookies thereby preventing them from being stored and read.

Linux
On Linux, the flash player stores cookies at ~/.macromedia/Flash_Player/#SharedObjects so issuing the following command will prevent Flash from reading or storing anything in that directory (NB, as each user has their own .macromedia folder you'll need to execute this command on every user account you want to protect).

chmod 444 ~/.macromedia/Flash_Player/#SharedObjects

Mac OSX
Again, each user has their own Flash settings, so you'll need to execute this command on each user account. Again we'll lock the directory to prevent Flash from setting/reading any data:

chmod 444 ~/Library/Preferences/Macromedia/Flash\ Player/#SharedObjects

Windows
I don't actually own a Windows machine so I can't vouch for this working. Feel free to correct me/let me know if this does work.

Firstly right-click on the following directory depending on your Windows version and select "Properties" from the menu:
Windows Vista/7:

C:\Users\userName\AppData\Roaming\Macromedia\Flash Player\#SharedObjects

Windows XP:

C:\Documents and Settings\userName\Application data\Macromedia\Flash Player\#SharedObjects

Click the "Security" tab, followed by your username and tick the "Deny" box for the "Read" and "Write" entries. You may need to also do this for the "Administrators" user group as Windows users often run as administrators especially on XP/Vista.

Finally, click "OK" to save the settings.

Conclusion
It's now impossible for Flash to store or retrieve any cookie data in the StoredObjects directory. It's possible this may cause issues on certain sites (settings for flash apps not saving between sessions etc), but I haven't ever encountered any adverse effects from this method. If you do suffer any adverse effects you can always chmod the appropriate directory back to 755 (or untick the "deny" boxes on Windows).

Reply

The content of this field is kept private and will not be shown publicly.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Image CAPTCHA
Enter the characters shown in the image.

About me

Hi, I'm Paul. I like to build websites and web applications that actually do stuff. I'm based in Kent and I occasionally blog about things that interest me.

If you would like to contact me about building a web presence, head over to the contact page to get in touch. I don't have accounts on Facebook, Twitter, Google etc so you can't contact me in any of those places.