IE is tough on Flash cookies but ignores homegrown threat Members of Microsoft’s Internet Explorer team are giving themselves a pat on the back for making it easier to delete the privacy menace known as Adobe Flash Cookies. Too bad the IE developers aren't tackling a similar snoop threat embedded in Microsoft's very own Silverlight framework. On Tuesday, a Microsoft program manager …
Why? Is
Judge not, that ye be not judged.
For with what judgment ye judge, ye shall be judged: and with what measure ye mete, it shall be measured to you again.
And why beholdest thou the mote that is in thy brother's eye, but considerest not the beam that is in thine own eye?
Or how wilt thou say to thy brother, Let me pull out the mote out of thine eye; and, behold, a beam is in thine own eye?
Thou hypocrite, first cast out the beam out of thine own eye; and then shalt thou see clearly to cast out the mote out of thy brother's eye.
too hard for you?
Flash does let you clear shared objects but you have to do it through a bloody awful UI which is itself a miniscule flash object residing in the Macromedia domain. You could have 500 domain objects and the display is so tiny it will only show 3 or 4 at a time, unsorted. It beggars belief it's taken this long to fix the UI, or at least allow it to be integrated with browsers. Even now I'm not convinced it will offer all it's supposed to offer.
The NPAPI extension is just a couple of methods to enumerate private data and delete it. But what about active blocking? What about controls of the camera / microphone? The Flash settings need to be completely revamped and the plugin needs to provide a scriptable interface and listener callback so its actions can be vetoed or modified at runtime.
... should finally get around to setting up a script to run the browser under another uid (Linux) where the home directory is wiped between sessions. Not only would this get rid of all tracking information, it would also render exploits less harmful. Some bother in this (as in logging in for each session) but the surveilance society by corporations where my data is sold and combined for who-knows-for-what purposes bothers me more. I suppose this could be refined to keep some bits and pieces instead of routinely binning everything. With dynamic IPs and maybe a script to change the MAC of the wi-fi box/router providing NAT to force an IP change every once in a while there should be little to collect and data mine.
They do know that the LSO is actually used for allot more than just being a cookie, its used as a local application store for all information in a proper web application.
This means that if you had a web application in flex or flash that for example stored your user preferences etc, or was a more full blooded application, then you would be breaking that application.
This is going to damage allot of user experiences for the worlds most dependable environment for web applications.
Hmm come to think of it I think that's the point. This is a great way to get users to delete a whole pile of application data stores under false pretences and ruin the dominant RIA platform for them.
If an application breaks if the cookie is removed, then it is a *very poorly* written application. A "proper web application" would not break on a missing cookie, and I certainly hope that you are not involved in web application development with the (lack of) knowledge displayed here.
Flash shared objects are not just cookies. Flash can by default store up to 100k against an app which could be anything - preferences, table column order, session state. As far as the NPAPI is concerned, it has no idea what this data is, just that there is some. The data is associated with a particular domain so most of the time it should be obvious which is which, but it may not always be the case.
I do agree apps are pretty poor if they just break if the content is zapped, but it's also quite clear that a browser that needs fine grained control so users can keep the stuff they want and remove the stuff they don't want. The only exception to this IMO is when you enter / leave private browsing mode. I would hope and expect the browser and plugin to cooperate and ensure that a) preferably no data is written to disk, or b) if it is, that it is securely wiped afterwards.
...was written to be read aloud according to a PBS documentary.
It also reflects English language usage of the early fifteenth century.
The earliest versions follow the invention of phonetic writing. Written language had existed since 3000BC, but each symbol stood for a word, making it very difficult to learn. In 1500BCE a nameless Phonecian (Canaanite) came up with the idea of representing only the sounds.* The Jews, in their great migration from Egypt passed through Canaan about 50 years later, and used this new invention to transcribe their oral history.
*Asimov's Chronology of Science and Discovery. ISBN 0-08-015612-0
But, see, the problem is that even non-website devs are using silvercrack as the basis or component of their apps. Imagine CAD developer being swooned by ms to embed silverlight to facilitate tablet use out in the field. Now, instead of the sl infrastructure being for tablet/slate users, it becomes an unremovable core component of the CAD app that never before needed sl.
SL will become insidious and odious to a whole lot more people when these lso-type cookies get someone into a lot of privacy or secrecy trouble. Imagine contractors or designers working on a drawing, but then using that machine to search for references that trigger special cookies to be created, linked to ms and to the virtual OS, and then a rogue SL app digs through and pulls out client design data.
You don't need the Better Privacy plugin. Just browse to the Macromedia folder on your machine (it's usually somewhere in Application data, search for it), delete the #SharedObjects folder and then create an empty file called #SharedObjects, without extension. That way Flash will never be able to create a new directory to store its Flash cookies. Works perfectly.
You could also take this one step further and create an empty "Macromedia" file in Application Data.
Problem solved for good.
"can (currently) be deleted only by visiting an online settings panel"
"Better Privacy" and/or "FlashBlock" seem to work quite nicely, for folks who need/want that kinda thing.
Agree on MS's hypocrisy ... Part of the reason I don't run anything MS.
Disagree on use of scripture ... "Quote the bible in a technical forum and prepare to be summarily ignored. jake, 23:12"
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
