Posted tagged ‘flash’

“Flash cookies” are the new privacy offenders

September 8, 2009

Ever heard of an LSO?  A Local Shared Object is similar in many ways to a typical HTTP cookie, but it’s used with Flash instead of HTTP.

In case you’re not up on the subject, a cookie is a 4KB text file that is stored on your computer.  When used by ethical developers, it’s a fairly innocuous way to make your browsing experience more convenient.  They’re responsible for remembering your Gmail password, your address that auto-fills on the electric company’s website, etc.  They’re a useful way to keep information around in a relatively secure manner.

There are some significant privacy concerns with cookies, though, as marketers quickly found a way to abuse them.  Enter third-party cookies.  But even with those concerns, you can set your browser to reject third-party cookies.  Or all cookies, for that matter.

However, with LSOs, many users don’t even know they exist.  And unlike your vanilla 4KB cookie, LSO’s can store 100K of information.  Doesn’t sound much, but in plain text, that’s a whole lot of information about your browsing habits.  Like HTTP cookies, LSOs are domain-specific (that is, an LSO can only be read by machines on the domain that created the LSO).

So the big concern with LSOs is this: many users think their privacy is secure when they turn off cookies.  It’s not, because LSOs are cookies but are not controlled by your browser – they’re controlled by Adobe software.

LSOs are turned on by default.  You can find information on managing (read: turning off) LSOs on Adobe’s website here.

Are LSOs a concern to you?  Why or why not?

Advertisements