Local Shared Object (LSO), sometimes known as flash cookies, is a cookie-like data entity used by Adobe Flash Player. The player allows web content to read and write LSO data to the computer's local drive on a per-___domain basis[1]. The Local Shared Objects[2] are available in Flash Players starting from version 6. This technology permits web sites to preserve session state and record user data and behavior[3].
Storage policy
By default, any ___domain containing Flash applications, can store up to 100kb of data to user's hard drive (web browser cookies have a 4kb limit)[1]. The possible storage sizes are 0kb, 10kb, 100kb, 1Mb, 10Mb and Unlimited[4].
If the current limit is exceeded, the user is shown a dialog requesting storage space of the next size. The user can manually override the amount by clicking the Flash application with right mouse button and selecting Settings - however, this applies only to the ___domain of the Flash movie. If the selected setting is smaller than the current data size, the data is deleted.
The global LSO settings can be amended at Adobe's web site using a manager tool[4][5], itself using the Flash technology. Using the manager, the LSO's can be turned off completely.
Storage ___location
LSOs are stored in "SOL files" (typically, files with the extension "SOL"). String data, or data containing alphanumeric characters, are stored by default within SOL files as plain text, which means that the data can easily be read by any application with read access to the files.
The default storage ___location for LSOs is operating-system dependent.
Windows XP
[systemdrive]:\Documents and Settings\[username]\Application Data\Macromedia\Flash Player
Macintosh OSX
/Users/[username]/Library/Preferences/Macromedia/Flash Player
GNU-Linux
~/.macromedia
Additional information is available at the Electronic Privacy Information Center [3].
Viewing and editing LSOs
LSO editors and toolkits
| Software | Website | Developer | First public release | Latest stable version | Cost (USD) | Open source | License | Programming language |
|---|---|---|---|---|---|---|---|---|
| SolVE | SolVE | Darron Schall | 2004-09 | 0.2 (2004-10-15) | Free | Yes | CPL | Java |
| .sol Editor | .sol Editor | Alexis Isaac | 2005-02 | 1.1.0.1 (2005-02-21) | Free | Yes | MPL | ActionScript, Delphi/Kylix |
| Dojo Toolkit | Dojo Toolkit | Dojo Foundation | 2004 | 1.0.1 | Free | Yes | BSD, AFL | JavaScript |
| MAXA Cookie Manager | MAXA Cookie Manager | Maxa Research | ? | 2.x (2007-10-02) | Non-free 49 | No | proprietary | ? |
Operating system support
| Software | Windows | Mac OS X | Linux | BSD | Unix |
|---|---|---|---|---|---|
| SolVE | Yes | Yes | No | No | No |
| .sol Editor | Yes | No | Yes[6] | Yes[6] | Yes[6] |
| Dojo Toolkit | Yes | Yes | Yes | Yes | Yes |
| MAXA Cookie Manager | Yes | No | No | No | No |
Web browser tools
For users of the Firefox web browser, there is an extension called Objection [7][8] that allows LSOs to be viewed and deleted.
Criticisms
Flash Player uses a sandbox security model, but, contrary to some definitions, the application does not ask the user's permission to store data on his hard disk. This may constitute a collection of cookie-like data that may include not only user-tracking information but any personal data that the user has entered in any Flash-enabled application, whether it be stand-alone or Web-based.
Consumers often see cookies as an invasion of privacy and resent having them loaded into their computers without permission. While we have learned to delete traditional cookies, most are unaware of LSOs, and don't know how to disable them[9]. Users who delete traditional cookies may find those cookies resurrected because of Adobe/Macromedia's LSOs [10]. Since LSOs, unlike traditional cookies, have no expiration dates, the information resurrected in those cookies may persist indefinitely.
References
- ^ a b "Macromedia Flash MX Security" (PDF). Adobe. 2002-03-01. Retrieved 2007-12-05.
- ^ "What are local shared objects?". Adobe. Retrieved 2007-12-05.
- ^ a b "Local Shared Objects -Flash Cookies". Electronic Privacy Information Center. 2005-07-21. Retrieved 2007-12-05.
- ^ a b "Global settings manager". Adobe. Retrieved 2007-12-05.
- ^ "TechNote: How to manage and delete local shared objects?". Adobe. Retrieved 2007-12-05.
- ^ a b c Originally written for Microsoft Windows, but will run on Unix-like systems using Wine
- ^ "Addons Mirror". 2007-06-07. Retrieved 2007-12-05.
{{cite web}}: Check date values in:|date=(help) - ^ "Objection web site". Retrieved 2007-12-05.
- ^ "Company Bypasses Cookie-Deleting Consumers". InformationWeek. 2005-03-31. Retrieved 2007-12-05.
- ^ "Tool Can Resurrect Deleted Cookies". Out-Law.com. 2005-05-04. Retrieved 2007-12-05.
External links
Definitions from Wiktionary
Media from Commons
News from Wikinews
Quotations from Wikiquote
Texts from Wikisource
Textbooks from Wikibooks
Resources from Wikiversity
- "New Technique for Tracking Web Site Visitors". Slashdot. 2005-04-04. Retrieved 2007-12-05.
- "Tracking with Flash Cookies". InformIT. 2007-10-05. Retrieved 2007-12-05.