Content deleted Content added
No edit summary Tags: Mobile edit Mobile web edit |
m →Viewers and editors: HTTP to HTTPS for SourceForge |
||
| (46 intermediate revisions by 32 users not shown) | |||
Line 1:
{{Short description|Adobe Flash data stored on a user's computer}}
{{Redirect2|Sol file|.sol file|mathematical data format|Sol (format)}}
{{Other uses|.sol (disambiguation){{!}}.sol}}
A '''local shared object''' ('''LSO'''), commonly called a '''Flash cookie''' (due to its similarity with an [[HTTP cookie]]), is a piece of data that websites
|url = https://www.adobe.com/products/flashplayer/articles/lso/
|title = What are local shared objects?
|work = Security and privacy
|publisher = [[Adobe Systems]]
|
|url-status = dead
|
|
}}</ref>
Flash cookies, which can be stored or retrieved whenever a user accesses a page containing a Flash application, are a form of local storage. Similar to
== Storage ==
Local shared objects contain data stored by individual websites. Data is stored in the [[Action Message Format]]. With the default settings, the Flash Player does not seek the user's permission to store local shared objects on the hard disk. By default,
|url = http://help.adobe.com/en_US/FlashPlatform/beta/reference/actionscript/3/flash/net/SharedObject.html
|title = ActionScript Documentation Reference for Adobe Flash Platform
|publisher=[[Adobe Systems]]
|date=2011-08-22
|
}}</ref>
Adobe Flash Player does not allow third-party local shared objects to be shared across [[___domain name|domains]]. For example, a local shared object from "www.example.com" cannot be read by the ___domain "www.example.net".<ref name="adobe-lso" /> However, the first
|url= https://www.adobe.com/products/flashplayer/articles/thirdpartylso/
|
|
|title = What Are Third-Party Local Shared Objects?
|work = Security and privacy
|publisher = Adobe Systems
|
}}</ref><ref>{{cite web
|url= http://kb2.adobe.com/cps/546/4c68e546.html
Line 36 ⟶ 38:
|work = Support
|publisher = Adobe Systems
|
}}</ref> By default, LSO data is shared across browsers on the same machine. As an example:
* A visitor accesses a site using their Firefox browser, then views a page displaying a specific product, then closes the Firefox browser, the information about that product can be stored in the LSO.
Line 50 ⟶ 52:
== Privacy concerns ==
As with HTTP cookies, local shared objects can be used by
|url=http://www.networkworld.com/news/2009/081109-study-adobe-flash-cookies-pose.html
|
|
|title=Study: Adobe Flash cookies pose vexing privacy questions
|work=[[Network World]]
Line 61 ⟶ 63:
|last = Kirk
|date = 2009-08-11
|
}}</ref> Online banks, merchants, or advertisers may use local shared objects for tracking purposes.<ref>{{cite news
|url=http://www.informationweek.com/news/showArticle.jhtml?articleID=160901743
Line 70 ⟶ 72:
|last = Cohn
|date = 2005-03-15
|
}}</ref>
On 10 August 2009, [[Wired (magazine)|''Wired'' magazine]] reported that more than half of the top websites used local shared objects to track users and store information about them, but only four of them mentioned it in their privacy policy. "Flash cookies are relatively unknown to web users,"
|url=https://www.wired.com/epicenter/2009/08/you-deleted-your-cookies-think-again/
|title=You Deleted Your Cookies? Think Again
|
|publisher=Condé Nast Digital
|first = Ryan
|last = Singel
|
|date=2009-08-10
}}</ref>
Line 86 ⟶ 88:
According to the ''[[New York Times]]'', by July 2010 there had been at least five class-action lawsuits in the United States against media companies for using local shared objects.<ref>{{Cite news
|url = https://www.nytimes.com/2010/09/21/technology/21cookie.html
|title = Code That Tracks
|work = [[New York Times]]
|first = Tanzina
|last = Vega
|author-link = Tanzina Vega
|date = 2010-09-21
|
}}</ref>
In certain countries, it is illegal to track users without their knowledge and consent. For example, in the United Kingdom, customers must consent to the use of cookies/local shared objects:<ref>{{Cite book
|chapter-url = http://www.ico.gov.uk/upload/documents/library/privacy_and_electronic/detailed_specialist_guides/pecr_guidance_part2_1206.pdf
|title = Guidance on the Privacy and Electronic Communications (EC Directive) Regulations 2003
|chapter = Part 2: Security, confidentiality, traffic and ___location data, itemised billing, CLI and directories
|edition = 3.4
|publisher = Information Commissioner’s Office
|___location = United Kingdom
|date = 2006-11-30
|
}}</ref><ref>{{Cite web
|url = http://www.ico.gov.uk/for_organisations/privacy_and_electronic_communications/the_guide/cookies.aspx
Line 111 ⟶ 112:
|publisher = Information Commissioner’s Office
|___location = United Kingdom
|
|url-status = dead
|
|
}}</ref>
{{cquote|Cookies or similar devices must not be used unless the subscriber or user of the relevant terminal equipment:
Line 121 ⟶ 122:
|author=Information Commissioner's Office}}
Local shared objects were the first subject to be discussed in the [[Federal Trade Commission]] (FTC) roundtable in January 2010.<ref>{{cite web |url=http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2010/01/29/BUMN1BP4MN.DTL |title=All eyes on online privacy |author=James Temple |date=2010-01-29 |publisher=San Francisco
<ref>{{cite web |url=https://www.engadget.com/2010/12/04/ftc-says-its-talking-to-adobe-about-the-problem-with-flash-cook/ |title=FTC says it's talking to Adobe about the problem with 'Flash cookies' |author=Donald Melanson |date=2010-12-04 |publisher=Engadget |
=== User control ===
Line 131 ⟶ 132:
|publisher = Adobe Systems
|date = 2009-07-14
|
}}</ref> However, this places a permanent flash cookie on the computer, informing all other websites that the user does not want flash cookies stored on their computer. Users can opt out of LSOs from specified sites from Flash Player's "Settings", accessed by right-clicking the Player, or using the ''Website Storage Settings'' panel; the latter also allows users to delete local shared objects.<ref>{{cite web
|url = http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html
Line 138 ⟶ 139:
|publisher = Adobe Systems
|date = 2009-07-14
|
}}</ref>
Users may also delete local shared objects either manually or using third-party software. For instance, [[CCleaner]], a standalone computer program for Microsoft Windows and Mac OS X, allows users to delete local shared objects on demand. There is also a [[Add-on (Mozilla)|Firefox add-on]], Clear Flash Cookies, which will automatically clear out all LSOs each time the browser is restarted.<ref name="ClearFlashAddon">{{cite web|url=https://addons.mozilla.org/en-US/firefox/addon/clear-flash-cookies/|title=Clear Flash Cookies – Add-ons for Firefox|work=Firefox Add-ons|publisher=[[Mozilla]]|date=November 20, 2017|
Since version 10.3 of Flash, the Online Settings Manager (letting users configure privacy and security permissions via Adobe's website) is superseded by the Local Settings Manager on Windows, Mac, and Linux platforms. It can be accessed via the [[Control Panel (Windows)|Windows Control Panel]] or [[System Preferences|Mac OS System Preferences]].<ref>{{cite web
Line 149 ⟶ 150:
|publisher = Adobe Systems
|date = 2012-04-14
|
}}</ref> Users of other operating systems still use the Adobe Online Settings Manager. Since at least April 2012 (v 11.2.202.233), updating by downloading a new Flash version resets the security and privacy settings to the defaults of allowing [[Web storage#Local and session storage|local storage]] and asking for media access again, which may be against users' wishes.
Line 161 ⟶ 162:
|___location=[[Redmond, Washington]]
|date=2009-03-19
|
|url-status=dead
|
|
}}</ref> implements an [[API]] that allows [[browser extension]]s to co-operate with the browser and delete their persistent data stored when user issues a ''Delete Browsing History'' command.<ref>{{cite news
|title=Deleting "Flash Cookies" Made Easier
Line 171 ⟶ 172:
|agency=[[Microsoft TechNet#Blogs|TechNet Blogs]]
|publisher=Microsoft Corporation
|
|date=2011-05-03
}}</ref> However, two years passed since its introduction until Adobe, on March 7, 2011, announced that Flash Player v10.3, which was still in development at the time, supports co-operating with Internet Explorer 8 or later to delete local shared objects.<ref name="flash player 10.3 beta">{{cite news
Line 178 ⟶ 179:
|title=Introduced Flash Player 10.3 beta!
|url=http://blogs.adobe.com/flashplayer/2011/03/introducing-flash-player-10-3-beta.html
|
|newspaper=Adobe AIR and Adobe Flash Player Team Blog
|date=2011-03-07
Line 194 ⟶ 195:
|first=Emmy
|last = Huang
|
|date = 2011-01-12
|quote = Representatives from several key companies, including Adobe, Mozilla and Google have been working together to define a new browser API (NPAPI ClearSiteData) for clearing local data, which was approved for implementation on January 5th, 2011. Any browser that implements the API will be able to clear local storage for any plugin that also implements the API.
Line 201 ⟶ 202:
|title = Bugzilla entry 625495 - Clear Adobe Flash Cookies (LSOs) when Clear Cookies is selected in the Privacy > Custom > Clear History
|author = Mike Beltzner
|
|date = 2011-01-13
|quote = Change to the "on close" firefox behavior to use the new NPAPI ClearSiteData API.
Line 208 ⟶ 209:
|title = Bugzilla entry 625496 - Clear Adobe Flash Cookies (LSOs) when Cookies is selected in Clear Recent History
|author = Mike Beltzner
|
|date = 2011-01-13
|quote = Change to the "clear recent history" firefox behavior to use the new NPAPI ClearSiteData API.
Line 215 ⟶ 216:
|title = Bugzilla entry 672107 - Add configuration option to treat web cookies and flash shared local objects (LSOs) differently; destructive upgrade from older Firefox versions
|author = Claudio Fontana
|
|date = 2011-07-17
|quote = Loss of data on upgrade bug report, feature request for treating [[HTTP Cookie]]s and Flash Local Shared Objects differently.
Line 221 ⟶ 222:
|url = http://www.kongregate.com/forums/7-technical-support/topics/181599-all-my-saved-games-are-gone?page=1
|title = All my saved games are gone
|
|date = 2011-06-30
|quote = [[Kongregate]] discussion about users losing data as a result of the new browser behavior.
Line 227 ⟶ 228:
|url = https://support.mozilla.com/en-US/questions/823400
|title = Mozilla support question: How do I stop "delete cookies" from deleting saved games of a flash based game?
|
|date = June 2011
|quote = Mozilla support question and follow-ups: How do I stop "delete cookies" from deleting saved games of a flash based game?
}}</ref> The resulting support requests cannot be solved favorably for [[Mozilla Firefox]] users without changes to the browser, because of the introduced equivalence between HTTP and flash cookies.<ref name="firefox flash LSO semantic change implementation1" /><ref name="firefox flash LSO semantic change implementation2" /> Currently, the workaround in use is to either configure the browser to never clear history data and cookies
|url = http://www.niceties.it/flash_LSO/flash_LSO.html
|title = firefox flash LSO revert patch
|author = Claudio Fontana
|
|date = 2011-07-11
|quote = Third party patch to revert the firefox cookie semantic change
}}</ref>
As for the behavior in browser's privacy mode, Adobe Flash Player 10.1, released on June 10, 2010, supports the privacy modes of [[Internet Explorer]], [[Firefox|Mozilla Firefox]], [[Google Chrome]], and [[Safari (web browser)|Safari]]. Local shared objects created in privacy are discarded at the end of the session. Those created in a regular session are also not accessible in privacy mode.<ref name="adobe late response2">{{cite news
|url=http://blogs.adobe.com/flashplatform/2011/01/on-improving-privacy-managing-local-storage-in-flash-player.html
|title = On Improving Privacy: Managing Local Storage in Flash Player
Line 247 ⟶ 248:
|first=Emmy
|last = Huang
|
|date = 2011-01-12
|quote = The ability to clear local storage from the browser extends the work we did in Flash Player 10.1, which launched with a new private browsing feature integrated with the private browsing mode in major browsers, including Google Chrome, Mozilla's Firefox, Microsoft's Internet Explorer, and Apple's Safari.
Line 258 ⟶ 259:
|agency=Adobe Blogs
|publisher=Adobe Systems
|
|date
|archive-url=https://web.archive.org/web/20110511095927/http://blogs.adobe.com/flashplayer/2010/06/flash_player_101_now_available.html
}}</ref>▼
|archive-date=2011-05-11
|url-status=dead
▲ }}</ref>
== Third-party software ==
Line 319 ⟶ 291:
| {{Free|[[BSD License|BSD]]}}
|-
|[
| Alexis Isaac
|[[Windows]]
Line 335 ⟶ 307:
| {{dunno}}
|-
|
| Mika Palmu, Philippe Elsass
|[[Windows]]
Line 377 ⟶ 349:
| {{Yes}} || {{Yes}} || AMF0/AMF3
| 2007-10-07
| 0.
| {{Free|[[MIT License|MIT]]}}
|-
Line 433 ⟶ 405:
| {{Nonfree|[[Shareware]]}}
|-
|[https://web.archive.org/web/20140904041030/https://addons.mozilla.org/en-US/firefox/addon/clickclean/ Click&Clean]
|[http://www.mixesoft.com Vlad & Serge Strukoff]
|[[Windows]], [[macOS]], [[Linux]], [[BSD]], [[Firefox add-on]]
Line 439 ⟶ 411:
| 4.1 (2013-03-16)
| {{Free|[[MIT License|MIT]]}}
|-
|[[CCleaner]]
|[[Piriform (company)]]
|[[Windows]]
| {{dunno}}
| {{dunno}}
| {{Nonfree|[[Freemium]]}}
|}
==See also==
* [[Evercookie]]
* [[Web storage]]
▲* [[HTTP cookies]]
* [[Indexed Database API]]
* [[Web SQL Database]]
* [[Google Gears]]
* [[Device fingerprint]]
* [[Canvas fingerprinting]]
== References ==
Line 453 ⟶ 435:
== External links ==
* [http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager08.html Adobe's online tool] on its Web site to erase Flash cookies and manage Flash player settings
* [https://web.archive.org/web/20140504222526/http://www.adobe.com/security/flashplayer/articles/lso/ What are local shared objects?], Adobe Flash Player security and privacy help
* {{cite web | url = http://yro.slashdot.org/article.pl?sid=05/04/04/177238| publisher=[[Slashdot]] | title=New Technique for Tracking Web Site Visitors| date=2005-04-04|
* {{cite web
* [https://web.archive.org/web/20080704173515/http://tips.webdesign10.com/flash-cookies-privacy How to block Flash cookies]▼
▲* [http://tips.webdesign10.com/flash-cookies-privacy How to block Flash cookies]
* [http://epic.org/privacy/cookies/flash.html Electronic Privacy Information Center on "Local Shared Objects"]
* [https://www.bbc.co.uk/news/technology-10787882 Legal action on 'zombie cookies' filed in US court]
| |||