Protecting Privacy: Sandboxie vs. "Flash cookies"

[Stardance]

After reading the following article by Michael Kassner on Tech Republic titled Flash cookies: What's new with online privacy, I decided to investigate whether any "Flash cookies" were stored on my computer system:

http://blogs.techrepublic.com.com/secur ... ag=nl.e036

"Flash cookies", created by using Adobe Flash Player, have become the most-favored method for "behavioral tracking" of people while they access a series or set of websites. I have occasionally examined whether any Flash Player data files were stored on my computer by using the Adobe Flash Player Settings Manager, almost since Adobe Systems introduced it to their website. As I reported in a post to the discussion on Tech Republic:

"It occurred to me as a result of reading the discussions here that, because I almost always run Firefox (and I.E.) in a Sandboxie sandbox, any 'Flash cookies' that are created and stored on my computer are stored in the sandbox instead of where they would be stored without Sandboxie's intervention.

So (out of curiousity), I re-configured Sandboxie to 'recover' files that are stored in the C:\Documents and Settings\MyAccount\Application Data\Macromedia\Flash folder and its subfolders. My observations since confirm that, without previously recovering any files for that directory, all 'Flash cookies' which websites have been leaving have always been left in a sandbox. When I deleted all of the contents of each sandbox, as I have done at the end of each day, the 'Flash cookies' were deleted along with each and every other file in the respective sandboxes.

Since each 'Flash cookie' endures only as long as it is in the sandbox, they have usually become, in effect, 'session cookies'.

The only 'Flash cookies' that have been indefinitely retained on my computer were those which were in the actual ...\Flash folder and its subfolders before I installed Sandboxie last November.

At present, when a website creates and stores a Flash LSO in the ...\Flash folder, Sandboxie queries whether I want to recover the file immediately. In effect, it alerts me to the creation of each and every 'Flash cookie'; if I respond with 'Close' instead of 'Recover', the cookie remains in the sandbox and will eventually be deleted.

So, I can pick and choose, and I know who wants to store one or more 'Flash cookies' on my computer system -- such as the top-level domain that hosts the Firefox Better Privacy add-on :-O.

ADDENDUM: The online Adobe Flash Player Settings Manager stores its data in the same ...\Flash folder tree in which the LSO files are stored. While Firefox or I.E. is running in a sandbox, the AFPSM data is stored in the sandbox instead of in the corresponding actual directory, so it will also be deleted when the contents of the sandbox are deleted, unless the AFPSM data is recovered before the sandbox is emptied.

I wish that Sandboxie could be deployed on 64-bit hardware, but for technical reasons, it cannot -- in the meantime, I enjoy the protections that if affords on 32-bit systems."

{end of post 20 of 116 at http://techrepublic.com.com}:

NOTES:

(1) Just because a website wants to store one or more Flash Player LSOs (data files) on your computer does not necessarily signify that they are tracking your activities from website-to-website. They might be doing that, too, but often a LSO, like an ordinary browser HTTP cookie, simply contains data about your computer and/or your "account". The data makes it easier for the website to identify you and to initiate services when your browser fetches a page from their website in the future.

(2) So far, very few websites actually demand that you enable the Adobe Flash Player Settings Manager - Global Storage Settings option "Allow third party Flash content to store data on your computer" -- or even that you enable them to use Adobe Flash Player to store one or more "Flash cookies" on your computer at all. However, as word spreads about what so many websites are doing, and as people seek to prevent such tracking by using the AFPSM, it seems inevitable that websites will begin to require that we allow them to do that.

For those who need or want to know, the Adobe Flash Player Settings Manager is at:

http://www.macromedia.com/support/docum ... nager.html