Feeds

back to article IE is tough on Flash cookies but ignores homegrown threat

Members of Microsoft’s Internet Explorer team are giving themselves a pat on the back for making it easier to delete the privacy menace known as Adobe Flash Cookies. Too bad the IE developers aren't tackling a similar snoop threat embedded in Microsoft's very own Silverlight framework. On Tuesday, a Microsoft program manager …

COMMENTS

This topic is closed for new posts.
Happy

Good news

I tend to use IE based browsers, like Avant Browser , the one I like best, but the flash cookies problem irritated me much for long. For some reason that the techs of Avant Browser might not be able to resolve the problem. Good to see Microsoft is finally there.

0
0
FAIL

Another Pointless MS Attempted Lock-in

Tara Silverlight, you are a waste of space just like the WP7, nobody loves you.

1
1
Thumb Up

I applaud...

... The Reg's use of the Bible in this article. I hope to see more of it (to describe or condemn the foolish things Microsoft do, natch).

(Thank goodness you chose a fairly recent language translation and skipped all that "thou art" rubbish).

2
0
Silver badge
Headmaster

"thank goodness"?

Why? Is

Judge not, that ye be not judged.

For with what judgment ye judge, ye shall be judged: and with what measure ye mete, it shall be measured to you again.

And why beholdest thou the mote that is in thy brother's eye, but considerest not the beam that is in thine own eye?

Or how wilt thou say to thy brother, Let me pull out the mote out of thine eye; and, behold, a beam is in thine own eye?

Thou hypocrite, first cast out the beam out of thine own eye; and then shalt thou see clearly to cast out the mote out of thy brother's eye.

too hard for you?

3
1
Silver badge
Headmaster

Mote.Beam - meaning

Are we sure that 'mote' refers to speck of (saw)dust and 'beam' refers to large plank of wood?

I've often considered the imagery as being a mote of light and a beam of (blinding) light which prevents one from seeing the truth.

0
0
Flame

FlashBlock rools KO

That is all.

0
0

Uh ...

... should finally get around to setting up a script to run the browser under another uid (Linux) where the home directory is wiped between sessions. Not only would this get rid of all tracking information, it would also render exploits less harmful. Some bother in this (as in logging in for each session) but the surveilance society by corporations where my data is sold and combined for who-knows-for-what purposes bothers me more. I suppose this could be refined to keep some bits and pieces instead of routinely binning everything. With dynamic IPs and maybe a script to change the MAC of the wi-fi box/router providing NAT to force an IP change every once in a while there should be little to collect and data mine.

0
0
Silver badge

Biggest annoyance about flash

Flash does let you clear shared objects but you have to do it through a bloody awful UI which is itself a miniscule flash object residing in the Macromedia domain. You could have 500 domain objects and the display is so tiny it will only show 3 or 4 at a time, unsorted. It beggars belief it's taken this long to fix the UI, or at least allow it to be integrated with browsers. Even now I'm not convinced it will offer all it's supposed to offer.

The NPAPI extension is just a couple of methods to enumerate private data and delete it. But what about active blocking? What about controls of the camera / microphone? The Flash settings need to be completely revamped and the plugin needs to provide a scriptable interface and listener callback so its actions can be vetoed or modified at runtime.

1
0
FAIL

One problem here

They do know that the LSO is actually used for allot more than just being a cookie, its used as a local application store for all information in a proper web application.

This means that if you had a web application in flex or flash that for example stored your user preferences etc, or was a more full blooded application, then you would be breaking that application.

This is going to damage allot of user experiences for the worlds most dependable environment for web applications.

Hmm come to think of it I think that's the point. This is a great way to get users to delete a whole pile of application data stores under false pretences and ruin the dominant RIA platform for them.

0
2
Grenade

Re: One problem here

If an application breaks if the cookie is removed, then it is a *very poorly* written application. A "proper web application" would not break on a missing cookie, and I certainly hope that you are not involved in web application development with the (lack of) knowledge displayed here.

1
0
Silver badge

The point

Flash shared objects are not just cookies. Flash can by default store up to 100k against an app which could be anything - preferences, table column order, session state. As far as the NPAPI is concerned, it has no idea what this data is, just that there is some. The data is associated with a particular domain so most of the time it should be obvious which is which, but it may not always be the case.

I do agree apps are pretty poor if they just break if the content is zapped, but it's also quite clear that a browser that needs fine grained control so users can keep the stuff they want and remove the stuff they don't want. The only exception to this IMO is when you enter / leave private browsing mode. I would hope and expect the browser and plugin to cooperate and ensure that a) preferably no data is written to disk, or b) if it is, that it is securely wiped afterwards.

0
0

King James version is more poetic ; )

"And why beholdest thou the mote that is in thy brother's eye, but considerest not the beam that is in thine own eye?"

1
0
Pint

The King James Translation...

...was written to be read aloud according to a PBS documentary.

It also reflects English language usage of the early fifteenth century.

The earliest versions follow the invention of phonetic writing. Written language had existed since 3000BC, but each symbol stood for a word, making it very difficult to learn. In 1500BCE a nameless Phonecian (Canaanite) came up with the idea of representing only the sounds.* The Jews, in their great migration from Egypt passed through Canaan about 50 years later, and used this new invention to transcribe their oral history.

*Asimov's Chronology of Science and Discovery. ISBN 0-08-015612-0

0
0
Anonymous Coward

The way I delete Silverlight 'cookies'

is by never installing Silverlight in the first place. I recommend it!

But as I understand it, Better Privacy and Ghostery would sort this out if you actually used this particular piece of Microsoft shite.

7
1
Bronze badge

SilverCrackAddicts?

But, see, the problem is that even non-website devs are using silvercrack as the basis or component of their apps. Imagine CAD developer being swooned by ms to embed silverlight to facilitate tablet use out in the field. Now, instead of the sl infrastructure being for tablet/slate users, it becomes an unremovable core component of the CAD app that never before needed sl.

SL will become insidious and odious to a whole lot more people when these lso-type cookies get someone into a lot of privacy or secrecy trouble. Imagine contractors or designers working on a drawing, but then using that machine to search for references that trigger special cookies to be created, linked to ms and to the virtual OS, and then a rogue SL app digs through and pulls out client design data.

0
0
Alert

No need for Better Privacy, use this

You don't need the Better Privacy plugin. Just browse to the Macromedia folder on your machine (it's usually somewhere in Application data, search for it), delete the #SharedObjects folder and then create an empty file called #SharedObjects, without extension. That way Flash will never be able to create a new directory to store its Flash cookies. Works perfectly.

You could also take this one step further and create an empty "Macromedia" file in Application Data.

Problem solved for good.

0
0
Anonymous Coward

Title

Would it work if you just made the following folder read only?

C:\Users\[USER]\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys

0
0
Coat

Tough on Flash...

tough on the causes of Flash

2
0
Silver badge

Uh ...

"can (currently) be deleted only by visiting an online settings panel"

"Better Privacy" and/or "FlashBlock" seem to work quite nicely, for folks who need/want that kinda thing.

Agree on MS's hypocrisy ... Part of the reason I don't run anything MS.

Disagree on use of scripture ... "Quote the bible in a technical forum and prepare to be summarily ignored. jake, 23:12"

0
0
Silver badge
Jobs Halo

Bible quotes

Surely should be reserved for Apple stories?

0
0
Anonymous Coward

SIlverlight does not need privacy guards

Surely nobody needs the privacy option in Silverlight because it has no 'penetration' (if you pardon the phrase) into the porn website market. (or so I am told :-))

0
0
Big Brother

Microsoft owns Silverlight

Microsoft owns IE. Microsoft owns Windows. Microsoft controls your computer. Why should you think that you have any privacy, any rights, any power?

0
0
This topic is closed for new posts.