Flash Cookies: How to get rid of them and keep them away

Posted by Greg Laden on August 15, 2009
(21)
More »

You know about cookies … the little bits of data that your operating system, your browser, and the Military Industrial Complex conspire to leave on your hard drive for purposes of marketing and mass social control and stuff.

Cookies are actually quite wonderful because they allow your interactions with the web to be smarter. But nefarious forces have, of course, ruined it for everyone by exploiting this link between you and the web in various ways.

You can set your browser to not accept cookies and then you have no problems, and everything will be fine. Right?

Well, no actually. In fact, we have to talk. Below the fold, please.

I know that I said yesterday that I was done for a while with the Linux Command line stuff, but I’m not. I’m going to tell you about/remind you of a little problem known as Flash Cookies.

Flash cookies are related to Flash … the annoying yet wonderful software thingie that animates so many of our web pages, shows videos, etc. Flash has its own cookie system, and it is potentially nefarious in two ways. One: It is not turned off when you turn off cookies in your browser options. Two: It can be used to re-animate, bring back to life, or to use the technical term “re-spawn” regular cookies that you have diligently removed manually or with anti-cookie software.

Yes, dear readers, it is true. Flash cookies are like horcruxes for regular cookies.

Most people use Windows and are thus screwed because there is no easy way to even find these cookies in Windows. But Linux is fundamentally different because of the way ythe system itself works. You can find them, you can examine them, you can destroy them, and you can prevent their creation to begin with. If Dumbledore used Linux, he’d not be nearly as dead as he is today.

The way you find them is simple. You make sure you are at the top directory (home) and issue this command:

find -iname ‘*.sol’

This will locate all of the files. If you want to know how many they are, pipe the output to wc with the -l option to count lines:

find -iname ‘*.sol’ | wc -l

I had 110 of these when I looked.

How do you kill them? Well, get that list form find of the file names, and send it to a command to kill the files. Look at this:

find -iname ‘*.sol’ -ok rm “{}” \;

This sends the output of find to the Mystery Brackets which follow the rm command. This command substitution magic will send each file to utter oblivion (no trash can) because “rm” means “re-totally-move this file, man!”

The -ok option causes this line to ask you permission, Windows like, before deleting each file. You should really remove the -ok option and just blotto the suckers.

How do you keep these commands from coming back? Well, they are stored in a limited number of directories on your computer. All you need to do is to change the permissions on those directories so that flash can’t put stuff there.

Carla Schroder tells us how:

Maybe you don’t want the darned things on your system at all. As usual, Linux lets you control your own system and doesn’t mind if you want to prevent Flash cookies from nesting on your system at all. There are a number of ways to do this. Flash cookies reside in two directories, ~/.macromedia/Flash_Player/#SharedObjects/ and ~/.macromedia/Flash_Player/macromedia.com/. If you want to see these in a graphical file manager, make sure you have “view hidden files” enabled. Delete all the files in these directories, then change the permissions to mode 0500, which is read-only and execute:

$ chmod -Rv 0500 .macromedia/Flash_Player/#SharedObjects/ .macromedia/Flash_Player/macromedia.com/support/flashplayer/sys/
mode of `.macromedia/Flash_Player/macromedia.com/support/flashplayer/sys/#blip.tv' changed to 0500 (r-x------)
mode of `.macromedia/Flash_Player/macromedia.com/support/flashplayer/sys/#cm.cdn.fm' changed to 0500 (r-x------)

Check out Carla’s three part post on these flash cookies for much, much more information, including a way to find out (sort of) what company or agency is putting these things on your hard drive. Carla’s stuff is here.

This whole thing comes up, by the way, because I received a taunting email from my brother in which he pointed out this news item about the flash cookies and the Federal Government Web Sites.
 The email was taunting because it said “Even Linux!”

But no, not really, Joe!

(21)
More »

Comments

  1. #1 Stephanie Z
    August 15, 2009

    OMFSM! Cookies killed Dumbledore?!? Total spoiler!

  2. #2 Brad
    August 15, 2009

    As a reluctant pc user running XP and browsing with Firefox 3.5, thought I’d throw this out, I use a small program called IEPrivacyKeeper, with it one can view and destroy (selectively, if desired) flash cookies.
    http://www.unhsolutions.net/IE-Privacy-Keeper/index.html

    BTW, my next OS will likely be Ubuntu.

  3. #3 SimonG
    August 15, 2009

    Very timely! I was experimenting with a new (to me) backup tool last night and noticed them for the first time: bloody hundreds of the buggers!

    Any reason you didn’t just use the “-delete” option with find?

  4. #4 6EQUJ5
    August 15, 2009

    Since cookies belong in the cookies directory, I think of these outlaws as ‘sneakies’.

    The ‘.sol’ refers to ‘local shared object’, by the way.

    I discovered this stuff yesterday in Wired.com and wrote scripts to reveal them and remove them.

    It didn’t occur to me to ‘spike their guns’ by changing permissions on the directories Flash Player uses, so thanks for that.

  5. #5 Joshua Zelinsky
    August 15, 2009

    So Harry Potter is a flash cookie for Voldemort?

  6. #6 Deen
    August 15, 2009

    Any reason you didn’t just use the “-delete” option with find?

    Or ‘xargs’? Like so:

    find -iname ‘*.sol’ | xargs rm

    I’ve found xargs to be one of the most useful commandline programs: it allows you to use the output of one program (in this case ‘find’) as the arguments to another (in this case ‘rm’).

  7. #7 SimonG
    August 15, 2009

    xargs is very useful, but I don’t see an advantage in this case. The reason I mentioned -delete is that it removes the need to call another command, so it ought to be more efficient.

  8. #8 Alcari
    August 15, 2009

    “Most people use Windows and are thus screwed because there is no easy way to even find these cookies in Windows.”

    Ah, once more, (my) google beats your commandline :p

    Simply go to the link in my name, (the one below), to the right most tab called “website storage settings”, hit the “delete all sites” button, and you’re done. No commandline required.

    Note that you can also change how and if you want to allow flashcookies, how big they can be and create white- and blacklists.

    Not to be smug, but all this took about 15 seconds on google and the adobe site linked, how long for you commandline solution?

    http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html

  9. #9 Tony P
    August 15, 2009

    Best add on for Firefox – FlashBlock. Shuts it down completely unless you actively tell it to load.

  10. #10 Pookie
    August 15, 2009

    Not sure if it counts as an “easy” way, but on Windows XP, I can find those cookies using this command from the prompt: 

    for /f "usebackq delims=*" %f in (`dir /s /a /b *.sol`) do echo "%f"

    Replacing “echo” with “del” will get rid of them.

  11. #11 Greg Laden
    August 15, 2009

    Alcari, excuse me, but you are sending us to an adobe site that is supposed to fix the Horcrux Cookie problem that Adobe created. Who do you work for, man?

  12. #12 Alcari
    August 16, 2009

    Why, the evil corporate overl… I mean… uhh…

    In all seriousness though, it’s the easiest way to acces the flash settings panel, from where it’s actually possible to all the changing and deleting you need to.

    Adobe really isn’t all that evil, at least they fix their issues most of the time. Now, if only they would make their CS series work under linux, I’d be really happy.

  13. #13 Charles
    August 16, 2009

    Now Firefox is crashing (closing) whenever I go to a site with flash. How do I undo this command: $ chmod -Rv 0500

    Or how do I set the permissions back to what they were before I entered that command?

    Please help. I’m kind of new to this.

  14. #14 SimonG
    August 16, 2009

    Charles: I’d try “chmod -R 0700″.

  15. #15 David Canzi
    August 16, 2009

    Now Firefox is crashing (closing) whenever I go to a site with flash. How do I undo this command: $ chmod -Rv 0500

    chmod -R 0700 .macromedia.macromedia/Flash_Player/#SharedObjects/ .macromedia/Flash_Player/macromedia.com/support/flashplayer/sys/

    (I’ve verified from the preview that firefox cuts and pastes that command as a single line.)

    This should change permissions back, not necessarily to what they were, but to something useable.

  16. #16 Charles
    August 16, 2009

    It says no file found, but I think that’s because you have the word .micromedia twice in a row.

    I adjusted for that, but I don’t get the “mode of” response showing that changes have been made. I just get the blinking cursor prompt with the dollar sign.

    I tried the command “chmod -Rv 0500″ again and it does give a “mode of” response. I guess I want to try to allow flashplayers to put these ‘cookies’ on my machine, for now at least, until I understand what’s going on.

    Arrrgggg!

  17. #17 Charles
    August 16, 2009

    This command seems to prevent crashing:

    $ chmod -Rv 0700

    Please let me know if this is very dangerous.

    Sorry for tying up your comments, Greg, but I couldn’t even read PZ’s blog without firefox crashing, and that was just too much to handle on a lazy Sunday.

  18. #18 David Canzi
    August 16, 2009

    This command seems to prevent crashing:

    $ chmod -Rv 0700

    Please let me know if this is very dangerous.

    The original “chmod -Rv 0500″ is a little risky. The “chmod -Rv 0700″ has the same risk, so you’re not making anything any worse by using it.

    What’s the risk? If there are any files left under those directories, both chmod commands make them executable. Accidentally executing a file that was never meant to be executed can be… interesting. The system will try to run each line of a text file as a command. Amid what might be hundreds of lines of error messages you can’t tell whether one of those lines did something harmful. I have lived mostly in command line mode for over 20 years, and this has happened to me only 2 or 3 times. It’s not a big risk.

    In the command line I gave you, I changed the “-Rv” to “-R”, to prevent what I thought were uninformative messages simply telling you that the command is working. You would only see output if something went wrong. And something did go wrong, because I accidentally included that redundant occurrence of “.macromedia” when I was editing my message.

    After I posted my previous message, I did an experiment: I exited from the browser, removed the .macromedia directory completely, restarted the browser, and viewed a video. Everything worked. If the contents of your .macromedia directory are so damaged that your browser is crashing, this could be useful knowledge.

  19. #19 Ray Ingles
    August 17, 2009

    Actually, you don’t need a “.macromedia” directory at all. I deleted the directory, and symlinked it to “/dev/null”. Flash still plays…

  20. #20 qbsmd
    August 17, 2009

    I’ve been using flashblock, but I just found this:
    https://addons.mozilla.org/en-US/firefox/addon/6623
    Called BetterPrivacy, it’s designed to delete and prevent flash cookies.

  21. #21 Spiv
    August 17, 2009

    I simply went to the directories where they are stored, right clicked and changed the security settings to deny write access. Again, same thing and I didn’t have to bother with the command line.

    You can easily find these directories by searching for “*.sol”.

    Delicious ironings.