Managing Adobe Flash supercookies and the PIE problem

Popular sites such as MSN, Hulu and Flixster have been using supercookies (aka “Flash cookies”) for some time in an attempt to find a way around users deleting normal cookies (which can be up to 4K in size). The regeneration (re-spawning also known as “Zombie cookies”) of regular cookies to prevent deletion is one such irritation.

Supercookies can track a user’s activity across multiple websites; never expire; use up to 100K of data and send data about you without your permission. Privacy control anyone? In the past week, Microsoft (MSN) has stopped tracking users with supercookies, but others haven’t. Expect others to follow the Microsoft lead very soon. So, what about the Adobe Flash supercookie issue?

Adobe Flash supercookies seems to have created some interesting discussions on forums, so it’s worth discussing in more detail. Adobe Flash is using supercookies by placing what they call “Locally Shared Objects” or LSOs on your system. This means developers don’t have to use a scripting language, so LSOs have speeded up how quickly they process and hide supercookies on your system.

Privacy: There is no laws in the EU or US governing the use of supercookies. Shame. 🙁

Adobe didn’t create LSOs to snoop on you – surprised? That accolade falls on an advertising company which created a tracking system called “Persistent Identification Element” or PIE, which restores the deleted web cookie. The fact more and more users are clearing their normal cookies led to LSO’s and the arrival of PIE. Naturally, if you are in advertising and a privacy advocate and or a user who deletes your cookies you’ll be looking at this from very different perspectives.

So how do you remove these little nasties?

Read Julian’s blog post about the evercookie (another name for “supercookies”) threat and how you can remove these nasty cookies.

Worth pointing out – private browsing will not stop LSO’s from being placed on your system, unless that is you intend on using a sandbox – which would be an easier option. A sandbox isn’t for novices though. I’m hoping to see for example “supercookie control prompts” which advise the user that a supercookie will be stored and/or removed when the browser session or TAB is closed.

Safe surfing folks!

This entry was posted in browser and tagged , , , . Bookmark the permalink.

One Response to Managing Adobe Flash supercookies and the PIE problem

  1. Pingback: Managing Adobe Flash supercookies and the PIE problem | News | IT Security Magazine - Hakin9

Leave a Reply

Your email address will not be published. Required fields are marked *