/ Technology

Are you worried about Flash cookies tracking you?

Flash cookies

You might think deleting your browser’s cookies would stop sites tracking your online habits, but Which? Computing has found that you could still be tracked by the much harder to remove Flash cookies.

You’ve kept up to date with the latest threats to your online privacy and security. You’re aware of the tracking capabilities of standard cookies, and as an online savvy individual you’ve downloaded software to manage and delete those stored in your browser.

But if you think you’re safe from having your internet habits tracked and your data collected for targeted advertising, think again.

An investigation by Which? Computing magazine found that as long as Flash cookies exist, you may be wasting your time managing and deleting your web browser’s cookies.

Beware Flash cookies online

Flash cookies are one type of Local Shared Objects that run inside Adobe Flash Player. Originally designed to store and retrieve user preferences for a better browsing experience, Flash cookies may also be used to invisibly track your online habits. And because they run via Flash player, clearing standard cookies from your browser doesn’t touch them.

Flash cookies collect the same information as standard cookies. However, as they can be as big as 100 kilobytes (KB) compared to a standard cookie’s 4KB, they can store the equivalent of eight A4 pages about us.

This data can be used by websites or third parties to create a detailed profile of a user’s browsing habits for online behavioural advertising, all without their consent.

Worryingly, Flash cookies can then be used to ‘re-spawn’ or reinstate the cookies you had previously deleted, something Adobe has publicly condemned. The Internet Advertising Bureau also thinks this is illegal, as it circumvents the user’s expressed choice not to have these cookies present on their machine.

Tools to remove Flash cookies

Flash cookies can be removed from your computer, but we found it’s not as easy as it should be. Adobe’s own tool, for example, is consumer unfriendly and time-consuming – though Adobe has told us that it’s working to improve consumer’s privacy options.

The Mozilla Firefox add-on BetterPrivacy came out on top, since it can automatically delete Flash cookies once you quit your browser.

We think the privacy implications around Flash cookies and other tracking technologies are so serious that we’re urging the European Commission to ‘future proof’ any incoming legislation to ensure that web users are protected from the nefarious uses of such technology.

Georgina Nelson, our in-house lawyer, had this to say about online tracking tools:

‘We believe that as the online behavioural advertising industry innovates to collect ever more data, the Information Commissioner’s Office and the European Union need to wake up and make provision for the other tracking technologies which are being utilised to avoid detection or removal.’

Do you think it’s right that websites can use Flash cookies to build up an online profile based on your browsing habits? What should be done to stop this invasion of your privacy?

Brian Kidd says:
8 March 2011

I understand that by May of this year our spineless government will have to comply with new EU regulations that will require”opt in” to tracking cookies.
What reason could there be for this do you think?

Gerry says:
21 November 2014

I like the part our spineless government as you call it/them Brian AND I agree with you B U T I have been trying for years and years and years to get the gullible public AND remember it’s the public who put these dingbats into power, BUT I have been trying to get them to use their powers to bring in new legislation to stop the spineless government doing what their doing.
Now I am not that well up on the computing game, I have asked another cowardly company the huffers as I call them HOW to go about printing stories inline to be able to have my say in what the government AND the multinational companies do BUT the huffers blocked me because I criticised them for stories they wrote.
So I’d love to know how I can get my point across to the gullible people about the authorities the banks AND the multi-rich.

There are many ways of tracking your online activity.

Any mobile can be tracked to within 200m, I have had access to the software to do this.
All price comparison sites scrape your data and store it whether you have submitted the details or not (my friend worked for one of them)
Android phones are notoriously easy to track (wonder why?)
Not to mention facebook / linkedin data.

Basically if you own technology that is attached in any way to a network of any sort, you are tracked.

For me its just a way to police the unpoliceable (is that a word?)

Steve Kelly says:
10 March 2011

If you use Safari web browser then I recommend ‘ClicktoFlash’ http://clicktoflash.com/
It lets you decide which bits of Flash are active.
Very useful for blocking adverts too!

Another vote for ClicktoFlash.
Also Mac users can remove flash cookies manually by deleting the contents of the following folders :
~user/Library/Preferences/Macromedia/Flash Player/#SharedObjects
~user/Library/Preferences/Macromedia/Flash Player/macromedia.com/support/flashplayer/sys

I am a user of the Better Privacy addon and it works well. You can configure it to remove all LSO automatically when you shut down Firefox.
I would prefer this to be an inbuilt function of Firefox with the option to accept a particular LSO, the deafult being erasure.

I have only just added “Better Privacy” to my Firefox as a result of the above so I have yet to see how well it works but recently I have had ads appear on my screen unsolicited but clearly provoked by the subject of what it was I was seeking to purchase. I took my machine to an “Expert” who claims to have cleaned it out of any nasties but still the odd one appears. Also, when I log on to the net (mostly via Firefox) I see that some sites (including Firefox) seem to know more or less where my machine is located. It seems to me that it is not in the interests of the browsers to stop this as they can harvest your (and all the other) activity which they can then sell !! With so much net fraud going on these days, is there no way to stop this?

Well there goes another supposed bastion protecting consumers – selling details for profit.

“The Web of Trust add-on has been downloaded more than 140 million times and rates websites on how safe they are to visit using information provided by users.

The investigation by NDR found that WoT gathers large amounts of data on people’s browsing habits including terms they search for, sites they visit, documents they share as well as information about the devices they use and where they live.

The data is shared with marketing firms and online agencies who use it to target advertising.

NDR got hold of some information that WoT had sold to one firm and found that it included personal data, including email addresses and phone numbers, that were not obfuscated. This, it said, made it straightforward to identify individuals and tie them to browsing histories and other personal details.

WoT’s poor anonymisation practices left users “naked on the net”, said the broadcaster.”