GranthamTech

Flash Cookies? Don’t Mess About September 30, 2010

Cookie control has long been a subject of great interest to those of us who value privacy on the internet and/or derive a little playful satisfaction by thwarting the efforts of marketers who wish to track us.

To manage standard browser cookies I use a whitelist of allowed sites that are permitted to set them and, in any case, always set a Firefox option that clears them out on exit. All other sites are automatically denied by default. This seems to work well even though sometimes, for new sites I want to use, it can be a little inconvenient having to update the whitelist.

Having listened to a discussion of Flash Cookies on the Security Now podcast recently it seems that there is another set of privacy threatening cookies that need to be dealt with. (There is a good discussion of the subject with lots of specific detail here).

Flash cookies are identifiable by having a .sol extension and I was surprised to find no fewer than 97 of them in the .macromedia directory structure in my home folder on my Linux computer. Each Flash based content provider creates it’s own .sol file or files within it’s own set of directories under the .macromedia hierarchy.

In addition to being used for tracking purposes these flash cookies are also used to hold user settings. For example caption and sound volume adjustments may be recorded within them and, presumably, can be used to restore settings on subsequent visits. Whether you regard this as essentially useful or not is a matter for you to decide of course. For myself it is not useful, at least not useful enough to offset the concerns I have for the tracking that may come along with it.

So how to deal with them? After trying out several options on my Linux system including the Better Privacy Firefox add-on, some Python code that uses PyINotify to detect and delete them I finally decided on the minimalist nuclear option. I simply delete all of them, on a regular timed basis, using the Linux find command with the -delete option and automating it’s execution with cron.

find /home/user/.macromedia -name *.sol -delete

which will find all occurrences of .sol files within all sub-directories under the path shown and remove them.

*/2 * * * * find /home/stephen/.macromedia -name *.sol -delete

which will run the command every 2 minutes.

Windows users can do the same thing using a scheduled 2 line batch file coded as follows:

dir %APPDATA%\*.sol /s/b > %TEMP%\solfiles
for /f "tokens=*" %%i in (%TEMP%\solfiles) do del "%%i"

Are there any negative aspects to using this admittedly brutal but effective and economical approach? Not many. Any overhead to running this command every 2 minutes is scarcely detectable and all my Flash content appears to run largely without being affected. I have noticed that the BBC IPlayer loses its ability to resume from an interrupted point and various other sites lose remembered caption and audio settings but, for me at least, this is an acceptable price to pay for the privacy advantages gained. This is especially true if most clips you watch are of longer duration. If, on the other hand, your viewing preferences are for 2 to 3 minute clips and you are having to constantly adjust audio settings then perhaps this method is not for you.