[Atl42] Flash cookies

Facundo Andrés Bianco facundo en quilmeslug.org
Mar Jul 27 22:15:48 CEST 2010


En el grupo alt.security de usenet alguien preguntó como borrar las
cookies de flash y le respondieron:


>> http://archives.seul.org/or/talk/Jul-2010/msg00032.html
>>
>> Re: Torbutton Documentation - Adversary Capabilities.
>>
>>
>> Kyle Williams schrieb:
>> Beware of the Flash and other third-party plugins to your browser.
>> Flash can also store "flash cookies" on your system as well.
>> I would look at "about:plugins" and see what Firefox has loaded.
>> Torbutton does a good job at stopping third party plugins, but if you
>> specifically allow Flash and do not clear the cookie from Flash, you
>> may have a problem.
>>
>> Other than that, you have the right idea.
>
> I don't know exactly where it is on their site, but the Flash
> website describes how to delete them.  As was suggested in another
> answer, using Firefox with the addon 'BetterPrivacy' is the best
> way to go.
>

Sadly, there is no software currently available anywhere that
will remove Flash Cookies. All any of these programs do at best
is temporarily remove some of them. The developers of these
flash cookies are very aware of all these deletion attempts, so
they add a variety of codes that prevent any deletions. The
programs move the cookies to several different files in the
system which allows them to continuously repopulate immediately
after they are removed from any of the locations. No developer
of any of these deletion programs has come up with a way to find
and delete these flash cookies all at the same time, and prevent
them from being added again. One of the biggest culprits is
Adobe with their Flash Player, along with other programs, which
has always been a security risk and still is. Adobe is in
cooperation with the advertising community and develops their
products in cooperation with them, with features that allow
advertisers to use the Adobe Flash Player to infiltrate any
computer using the Flash Player and place flash cookies on any
user’s system. The Adobe Flash Player therefore as a result is
very vulnerable to hackers, etc. If advertisers can use it to
place Flash Cookies on a user’s system, a hacker can easily
place a Trojan program or any other type program on anyone’s
system. The Adobe Flash Player is especially vulnerable when a
user allows the Flash Player to take control of their webcam and
microphone hardware. The Adobe Flash Player is FREE to the user.
Adobe does not charge the user for the Flash Player; they get
paid by the advertisers. That’s how Adobe makes their money for
Flash Player. Even more insidious is they way Adobe provides the
settings feature for Flash Player; it’s controlled by them on
their site, and apparently the advertisers as well. Users who
attempt to change the settings only think they are being
changed. This is another way in which Adobe and the advertisers
trick users. The settings will return to the original state the
advertisers have programmed them for to ensure that they can
continue to place Flash Cookies on a user’s system. A user can
verify this by selecting the settings option, which accesses the
Adobe site, then change the settings to their preferences, and
then close the program. Then restart the program and access the
settings again. The user will discover that the settings have
been changed back to the way Adobe and the advertisers set them.
There are numerous reliable sources that support these facts.
Anyone who disputes them is likely a plant or part of the Adobe
and advertiser ilk.

Here are a couple of sites where you can verify these facts
(there are many more, just do your research):

http://www.wired.com/epicenter/2009/08/you-deleted-your-cookies-think-again/

http://lifehacker.com/5334984/web-sites-using-flash-instead-of-browser-cookies-to-track-your-activity

It's sad that this is how unscrupulous these businesses are, but
that's what greedy companies do everywhere. Ethics are not a
part of any business like these.

-- 
Facundo Andrés Bianco (Vando.)
GNUPG ID: 0x89C1B42F
omb: identi.ca/vando



Más información sobre la lista de distribución Atl42-public