homepage Welcome to WebmasterWorld Guest from 54.242.18.232
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Visit PubCon.com
Home / Forums Index / Code, Content, and Presentation / HTML
Forum Library, Charter, Moderators: incrediBILL

HTML Forum

This 65 message thread spans 3 pages: 65 ( [1] 2 3 > >     
Firm Exploits Flash to Restore Deleted Cookies
rogerd




msg:559316
 1:55 pm on Apr 1, 2005 (gmt 0)

Are you one of the many web surfers who deletes cookies on a regular basis to avoid tracking by marketers and others? Well, those nosy marketers have found a way to fight back:
[internetweek.com...]

By tagging your browser with a Flash object containing a unique ID, United Virtualities can recognize an individual PC and restore the deleted cookie data. Flash allows "shared objects" to be saved on the PC, which some clever person deduced could be an alternate form of unique identification.

Pretty soon you'll have to reformat your hard drive every week or so just to be sure...

 

Staffa




msg:559317
 4:18 pm on Apr 1, 2005 (gmt 0)

Great find rogerd

In a moment I'll remove Flash player from my PC and that'll solve that problem. It's not that we can't live without it, I never liked flash animations anyway ;o)

bcolflesh




msg:559318
 4:22 pm on Apr 1, 2005 (gmt 0)

Do people still surf with Flash enabled?

kaled




msg:559319
 4:37 pm on Apr 1, 2005 (gmt 0)

Do people still surf with Flash enabled?

Call me an idiot, but the last time I tried, I could find no way to disable flash in Firefox.

Kaled.

encyclo




msg:559320
 4:45 pm on Apr 1, 2005 (gmt 0)

I could find no way to disable flash in Firefox.

Short of wiping the plugin, I believe you're right, there is no direct way. I wonder if the AdBlock or Flash click-to-play extensions would block this?

You can also adjust your global Flash security settings via this control panel [macromedia.com]. I'm guessing that if you set the storage space to None, that should stop things.

If not, I'm reverting to Netscape 3 with Javascript and Flash disabled!

bcolflesh




msg:559321
 4:46 pm on Apr 1, 2005 (gmt 0)

If you just want to disable it - try:

[flashblock.mozdev.org...]

geekay




msg:559322
 6:20 pm on Apr 1, 2005 (gmt 0)

Tagging of your browser can be disabled on Macromedia's site at:
[macromedia.com...]

Scroll down to "What are storage settings?", open BOTH the panels and move BOTH settings to zero. This leaves the rest of Flash enabled. The panel showed I already had two taggings.

As an additional measure I downloaded a freeware TurnFlash by Nirsoft. Works with IE.

[edited by: tedster at 7:03 pm (utc) on April 1, 2005]
[edit reason] make link live [/edit]

rogerd




msg:559323
 4:18 am on Apr 2, 2005 (gmt 0)

Interesting, geekay. I had a half dozen sites listed with storage allocations, but it looked like only one had stored anything.

martinibuster




msg:559324
 5:34 am on Apr 2, 2005 (gmt 0)

Are we talking about PIE's? In my opinion this is a good thing. I hope all the affiliate sites move to pies. The hysteria over cookies cost affiliate marketers money.

Can someone explain how PIE's (or cookies for that matter) are a bad thing?

geekay




msg:559325
 8:27 am on Apr 2, 2005 (gmt 0)

Personally I accept cookies - and many sites wouldn't give me access if I denied cookies. Once in a while I just let my antispyware programme delete those cookies it considers "evil", and I don't bother to find out why. It's a pity that hysteria, be it justified or unfounded, has almost destroyed this fine instrument - and not only for the e-commerce. Abuse has damaged many other good things on the internet too.

Keeping PIE secret from users combined with the fact that they can't easily be deleted locally like cookies, could unfortunately start a new privacy rumour panic ruining Flash. Why this lack of transparency and information on what PIE can do? The cookie hysteria should have been a lesson.

In my previous post I just wanted to share some findings that interested me. Maybe it's good webmasters know what measures users may take. However, I don't think a deeper discussion belongs to the WebmasterWorld forum. I have tried to reason in this post like a web user might do.

rogerd




msg:559326
 3:27 pm on Apr 2, 2005 (gmt 0)

I agree that some users are overly paranoid about cookies. Personally, I love 'em on sites like forums where they allow me to be logged in automatically, and at shopping sites I frequent where I am recognized and offered appropriate new merchandise.

Much of the original cookie paranoia has passed - a few years ago, I remember getting emails like, "I refuse to return to your site because you tried to place a cookie on my hard drive." I haven't heard that in years, probably because EVERY site places cookies today and many sites won't function properly without them.

Still, I'd guess there are lots of more justifiably paranoid SEOs who don't want Google et al to remember every search they make, or be able to relate various Adwords and Adsense accounts to each other as well as searching behavior.

Third party ad-tracking companies might give some privacy advocates concerns as well, since they have the ability to generate a more complete map of surfing behavior, and potentially could match detailed account information to visiting unrelated sites. I like it when Amazon offers me new items related to my past purchases or even searches I've done there, but what if a user arrived at Amazon and was presented an array of gay p*rn material based on third party cookie analysis?

CritterNYC




msg:559327
 2:21 am on Apr 3, 2005 (gmt 0)

Firefox makes it easy to accept cookies for the current session only, which stops most privacy issues while still allowing sites that require cookies to work. As mentioned, FlashBlock for Firefox does a great job of blocking all flash apps but still letting you click to see the ones you want. And if you're really fed up, you can always uninstall Flash:
[macromedia.com...]

claus




msg:559328
 2:58 am on Apr 3, 2005 (gmt 0)

>> Firefox

There's an extension called PrefBar. It allows you to enable/disable images, javascript, flash, referrer, cookies, popups, animation, as well as change your user agent string to anything you like. And a bit more. I'm not affiliated in any way.

brendan3eb




msg:559329
 3:47 am on Apr 3, 2005 (gmt 0)

hello everyone, I develop in flash and I urge those of you who dont want flash trackers to change your flash settings so that everytime a sharedObject is set on your computer, you have to approve, because sharedObjects is great for people such as myself who use them for your benefit.

JeremyL




msg:559330
 4:50 am on Apr 3, 2005 (gmt 0)

Do people still surf with Flash enabled?

Were you being sarcastic? According to my stats, 98.53% of all visitors have flash installed.

amznVibe




msg:559331
 4:56 am on Apr 3, 2005 (gmt 0)

Flashblock as mentioned earlier is the only way to fly.
Lets you activate only the flash items you want in Firefox/Mozilla.

If word of this spreads (and novices actually understand why its bad) hopefully personal firewalls (and IE7) will have an easy way to defeat Flash. Until then, maybe this will make Firefox useage reach the 20%-25% mark before the end of the year.

tedster




msg:559332
 5:04 am on Apr 3, 2005 (gmt 0)

Whether it's "good" or "bad" is a pretty open debate, I'd say. What is very clear is that many users proactively delete their cookies - and that's a strong statement of preference on their part.

So any attempt to "restore" those intentionally deleted cookies seems likely to be doomed in the court of popular opinion, unless those marketers using the practice can build some positive spin pretty darned fast.

softwareengineer




msg:559333
 6:48 am on Apr 3, 2005 (gmt 0)

Wow, this is simply amazing! You people are fretting over text on your computer! I wish you would join my line of work and cookies and flash sharedobjects would be the least of your worries...lol. Plus, if you wanted to disable sharedobjects all you have to do is right click on a flashplayer item, click "settings" and then at the bottom there's a "Folder Icon" click it and set the KB of space to 0KB...and wow no more sharedobjects...

You have a better chance of getting in a car accident then someone hacking into your computer with text...lol funniest thing I ever heard.

tedster




msg:559334
 8:58 am on Apr 3, 2005 (gmt 0)

Welcome to the fourms, softwareengineer.

I don't think it's hacking that most people here are worried about on this Flash object issue - the concern is mostly about tracking. Personal tracking really bothers some folks, and they don't necessarily need to be up to something shady either.

In a world where appearances mean a lot, accumulated tracking data may seem imply certain things that aren't really true. To a degree I sympathize with this viewpoint. Remember that line from the original post -- "can recognize an individual PC."

No one wants to be a dolphin in the tuna net.

geekay




msg:559335
 9:21 am on Apr 3, 2005 (gmt 0)

Esteemed claus et.al.
Firefox is indeed quite advanced - in making it easy to cheat web sites in many ways. (I don't attach much weight to the fact that the extensions/plug-ins are not formally "official".)

Such properties may be important to certain kinds of users, but I never understood why a lot of _webmasters_ on WebmasterWorld promote Firefox so strongly.

killroy




msg:559336
 11:51 am on Apr 3, 2005 (gmt 0)

I'm a webmaster earning a living purly from income from advertising and ecommerce.

Out of respect for myself and my visitors, I've never set a cookie, have no javascript on my sites, and even avoid query strings and other ecomm staple that so many web developers don't seem to be able to do without. (Oh, no popups, no banners and no animations either, hey, I barely even use images over 5k in size).

I don't know if it's impacted my business negatively, but I can say that I've never been annoyed browsing my own sites...

Why is it so hard to get that customer is king works on the net too? If your visitors choose, don't pretend you know better, just accept it and work with it!

SN

<bad analogy>
If a street merchant grabs your arm and starts threatening you, swearing at you and scratching your car with a key because you didn't buy, do you think you cheated THEM out of their rightful money, or they cheated you?
</bad analogy>

claus




msg:559337
 2:44 pm on Apr 3, 2005 (gmt 0)

As tedster says, this is not about hacking, but about tracking. None of us here thinks that cookies or shared objects (or javascript, or whatever) can somehow magically do things that they just can't.

I work a lot with tracking on a pretty high level myself, and i do recommend personalization as well whereever it adds real benefit to the user experience. So, it's not like i'm even remotely against this stuff, as such.

I do realize, though, that some users don't think like me - i try to educate them and say that in general cookies do no harm, plus they're easy to remove, or even block if you feel like it. So, i don't see a big problem with normal cookies at all.

I see a problem with Flash cookies because they are stored in non-standard locations and it seems that the user cannot prevent them, nor remove them with standard tools (ie. those that are built into the browser). This is the problem i see with them; it's not a problem related to what can be done with them - it's a problem for the user that wishes to get rid of them.

People should always be able to opt out of any tracking schemes in an easy and straight forward way, especially in the cases where they do not actively opt in.

That said, working with tracking i just got myself a new tool, and of course i'm glad about that. I'm just not glad on behalf of the users that i track, which include myself. They should have an easy way to opt out. So, i will think twice and investigate the options carefully before using this new tool - if i do find that it is just as harmless and easy to handle as normal cookies then i will have no problems, i'm just not there yet.



>> why a lot of _webmasters_ on WebmasterWorld promote Firefox

geekay, i had actually written an answer for this question, but it's very off-topic for this thread. I have saved this part of the post and will gladly enter it in an on-topic thread if you start one.

geekay




msg:559338
 4:26 pm on Apr 3, 2005 (gmt 0)

In msg 13 of this thread claus said about Firefox PrefBar:
It allows you to enable/disable images, javascript, flash, referrer, cookies, popups, animation, as well as change your user agent string to anything you like. And a bit more.

In msg 16 FF usage is expected to reach the 2025% mark this year, and maybe much more later. Many will have that obfuscating PrefBar, which will make claus' and other webmasters' vital tracking and marketing research efforts more difficult. Here is the contradiction I'm wondering about.

I invite claus to start that new thread - why it is in the webmasters' interest to promote FF - as you seem to have the knowledge. I'm just confused over what appears to be a conflict of interests in this tracking issue. Is it right to fake UA, etc?

Regarding the main topic I'm satisfied to hear that en expert like claus confirms my own concerns (now as a web user) regarding Flash PIE tags, in my msg 10 here. Let's hope Macromedia can successfully convince the web users that tagging is harmless.

tedster




msg:559339
 4:39 pm on Apr 3, 2005 (gmt 0)

I've been looking for a while but have not discovered the answer to my question on one issue:

Can PIE tags be set or read by 3rd party domains?

claus




msg:559340
 4:49 pm on Apr 3, 2005 (gmt 0)

Good point tedster, that's exactly what i'm wondering as well. If so, it will make them useless for some of my potential purposes.

--
Okay geekay, i will do that, just give me a little time. You've got a point and it's certainly worth a discussion.

softwareengineer




msg:559341
 4:56 pm on Apr 3, 2005 (gmt 0)

Trust me, cookies and sharedobjects are not the easiest way to successfully track a user's computer. There are plenty of other ways, why do you think microsoft has billions of updates all the time?

claus




msg:559342
 5:02 pm on Apr 3, 2005 (gmt 0)

>> Trust me, cookies and sharedobjects are not the easiest way

Bring on the more easy ways then - i'm always interested in learning new stuff ;)

>> track a user's computer

Cookies (and afaik SO) work at the login and browser level, not at the computer level. I have no use for tracking machines as i'm more interested in user behaviour.

softwareengineer




msg:559343
 5:25 pm on Apr 3, 2005 (gmt 0)

From [internetweek.com...]

Point 1:
"The user is not proficient enough in technology to know if the cookie is good or bad, or how it works,"

Point 2:
For its part, Macromedia has posted on its [macromedia.com...] instructions for disabling shared objects uploaded to browsers.

Cookie and SO problems solved...now while your sitting back and relaxing, there's only time till you "Realize" through media sadly (which is about 5 years behind technology) that this is the least of your worries lol.

Jon_King




msg:559344
 5:34 pm on Apr 3, 2005 (gmt 0)

>>it seems that the user cannot prevent them, nor remove them with standard tools

Agree Claus. I think the cookie issue is one of transparency. Easy to turn off or on, seeing what vars are tracked, clear use policies, etc... then the user truly chooses based on understanding.

claus




msg:559345
 5:42 pm on Apr 3, 2005 (gmt 0)

softwareengineer, you did not provide any examples of the easy techniques you mentioned?

Welcome to WebmasterWorld btw. :)

This 65 message thread spans 3 pages: 65 ( [1] 2 3 > >
Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / HTML
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved