New York — Since time immemorial, many internet users are already aware of the risks presented by browsers that have been able to store small text files called cookies that collects your internet activity. Adobe Systems Inc., this week is extending assurances that it is working to improve the privacy controls in its popular Flash video player, amid concerns over companies using the software to track Web users.
Although most likely harmless, cookies can be stored to track visitors across different websites, they can be useful, such as for remembering passwords and settings on sites that you surf to frequently, but there are also concerns that advertisers are increasingly using them to target ads based on our web surfing habits–for example when Amazon wants to present product suggestions.
Nevertheless, the capability to clear out cookies is built into every browser, but few people realize that the so-called Adobe Flash Player’s “Flash Cookies,” — the plug-in used to provide YouTube video and Web games–has a similar system that is annoyingly difficult to monitor and clean.
More importantly, this flash cookies can be adopted to track a person’s surfing activity from site to site, and they can be employed to “respawn” other cookies that a user has deleted. Flash is used for most of the Web’s video content and animation. This has raised privacy questions because they are more difficult for users to detect and delete than regular cookies associated with Websites abusing the system in order to track users.
Web cookies can easily be removed, but management of cookies inside products like Flash are a bit more complex. Flash Player refers to its system of small data files as local shared objects, or (LSOs), although the rest of the world calls them Flash cookies. They’re typically used to store login details for Websites, or perhaps game scores on Flash games. They can even be used to store larger amounts of data for Flash applications, such as image editors or office programs.
Flash cookies, or (LSO), was recently hot in the news when the Federal Trade Commission released a report that called on browser makers to include a “do not track” option in their products. The FTC also quoted Adobe because it said the cookies gathered by Flash are collected regardless of the browser’s settings.
“Since local storage allows sites and apps to remember information, there are concerns about the use of local storage to store tracking information — or of greater concern, to restore tracking information to a browser cookie that a user has intentionally deleted,” Emmy Huang, group product manager for Flash Player, wrote in a blog post. “This use of local data storage has raised questions about privacy. So we are continually working to make sure that users have better control over the local data stored by applications running in Flash Player.”
Among the upcoming options will be the ability to clear Flash cookies, users generally must either go to the files on the computer itself, or make changes in Adobe’s settings manager for Flash — a technique that can be confusing. Adobe now says it also will redesign the settings manager in the first half of this year. “We know the Flash Player Settings Manager could be easier to use,” the company said.
Adobe already introduced an in-private browsing option to Flash Player 10.1, which empowers users to surf and play video content without having their activity tracked. But going forward, users will also be able to delete LSOs from their browser settings, whether they are using normal browsing or private.
“Representatives from several key companies, including Adobe, Mozilla, and Google have been working together to define a new browser API (NPAPI ClearSiteData) for clearing local data, which was approved for implementation on January 5, 2011,” Huang wrote. “Any browser that implements the API will be able to clear local storage for any plugin that also implements the API.”
And before long, users of Google Inc.’s Chrome Web browser will be empowered to delete these Flash cookies the same way they delete regular cookies, by going to the privacy options in the browser, Adobe said in an official blog post. Other browsers are expected to get the capability in the future as well, Adobe said, although it is unclear when that will be.