Flash is evil

[David Arnstein]

This article from Yahoo/techweb describes a spying technique that uses
features of Macromedia Flash:

http://story.news.yahoo.com/news?tmp..._cmp/160400719

If the link doesn't work, the title of the article is "Company
Bypasses Cookie-Deleting Consumers."

Apparently, the company United Virtualities uses Flash "shared
objects" in place of cookies. The article links to a Macromedia web
page that explains how to control "shared objects." I thihk that I
will just remove Macromedia software instead.

I hope that the anti-spyware vendors will provide features to control
these "shared objects."
--
David Arnstein
arnstein+usenet@pobox.com

[lee]

David Arnstein wrote:
> This article from Yahoo/techweb describes a spying technique that uses
> features of Macromedia Flash:
>
> http://story.news.yahoo.com/news?tmp..._cmp/160400719
>
> If the link doesn't work, the title of the article is "Company
> Bypasses Cookie-Deleting Consumers."
>
> Apparently, the company United Virtualities uses Flash "shared
> objects" in place of cookies. The article links to a Macromedia web
> page that explains how to control "shared objects." I thihk that I
> will just remove Macromedia software instead.
>
> I hope that the anti-spyware vendors will provide features to control
> these "shared objects."

You can disable Flash, temporarily or permanently, using SpywareBlaster,
for example. This way, for sites you wish to enable flash, you can.

[AvianFlux]

A solution is provided by 'Macromedia Flash Players Settings Manager'
at:

http://www.macromedia.com/support/do...manager02.html

Adjust your 'Global' and 'Website' security-privacy settings there.

[Marko]

On 2/04/2005 9:46 AM Far Canal came forth from the Plutonian shore and said:
> AvianFlux wrote
>
>
>>A solution is provided by 'Macromedia Flash Players Settings Manager'
>>at:
>>
>>http://www.macromedia.com/support/do...manager02.html
>>
>>Adjust your 'Global' and 'Website' security-privacy settings there.
>>
>>
>
>
>
> Macromedia don't make that info easily available.
>

Agreed, however the option is only a right click away.

Cheers
Marko

[Redmond du Barrymond]

On Fri, 1 Apr 2005 20:42:01 +0000 (UTC), arnstein@panix.com (David
Arnstein) wrote:

>This article from Yahoo/techweb describes a spying technique that uses
>features of Macromedia Flash:
>
>http://story.news.yahoo.com/news?tmp..._cmp/160400719
>
>If the link doesn't work, the title of the article is "Company
>Bypasses Cookie-Deleting Consumers."
>
>Apparently, the company United Virtualities uses Flash "shared
>objects" in place of cookies. The article links to a Macromedia web
>page that explains how to control "shared objects." I thihk that I
>will just remove Macromedia software instead.
>
>I hope that the anti-spyware vendors will provide features to control
>these "shared objects."

I'm safe. I don't allow the evil Flash player on my PC.

[Tim Smith]

In article <d2kbmp$5ts$1@reader1.panix.com>,
arnstein@panix.com (David Arnstein) wrote:
> If the link doesn't work, the title of the article is "Company
> Bypasses Cookie-Deleting Consumers."
>
> Apparently, the company United Virtualities uses Flash "shared
> objects" in place of cookies. The article links to a Macromedia web
> page that explains how to control "shared objects." I thihk that I
> will just remove Macromedia software instead.
>
> I hope that the anti-spyware vendors will provide features to control
> these "shared objects."

In the long run, it doesn't matter, as more and more people are getting
broadband, where they either have static IP addresses, or they have
dynamic addresses that very rarely change. Combine that with hard disk
space being dirt cheap, and pretty much everything that a site can do
with a cookie on your computer, they can do with a database on their
server.


--
--Tim Smith

"David Arnstein" <arnstein@panix.com> wrote in message
news:d2kbmp$5ts$1@reader1.panix.com...
> This article from Yahoo/techweb describes a spying technique that uses
> features of Macromedia Flash:
>
> http://story.news.yahoo.com/news?tmp..._cmp/160400719
>
> If the link doesn't work, the title of the article is "Company
> Bypasses Cookie-Deleting Consumers."
>
> Apparently, the company United Virtualities uses Flash "shared
> objects" in place of cookies. The article links to a Macromedia web
> page that explains how to control "shared objects." I thihk that I
> will just remove Macromedia software instead.
>
> I hope that the anti-spyware vendors will provide features to control
> these "shared objects."
> --
> David Arnstein
> arnstein+usenet@pobox.com


Visit http://www.macromedia.com/ or any site that shows Flash content.
Right-click on the Flash content and select Settings. Click on the
Folder icon button. Set their cache to zero and check the box to
remember your setting. Flash uses its own cookie files which have the
..sol filetype.

If the web page you visit with Flash content has disabled user
configuration of some settings, visit Macromedia's online settings
manager at
http://www.macromedia.com/support/do...manager02.html
(they have yet to deliver a seperate utility that you can run locally).
Unlike UI applications that open their own window, the mouse cursor will
not change when you hover over clickable objects in that web page; i.e.,
you click on the tab buttons to change between panels but you won't see
the mouse cursor change to indicate they are clickable. If you use the
Website Privacy Settings panel (5th tab) to clear the Flash cookies
(.sol files), not all are deleted as a file search will shows some still
around, one of which retains the settings you configured.

I use PopUpCop as my popup blocker (works better than the rest that I've
trialed) but haven't yet managed to convince its author to include .sol
files in its cookie whitelist feature (the author isn't familiar with
Flash cookies enough to want to touch them yet).

You don't need anti-spyware to eliminate the shared objects (i.e., .sol
cookie files that different domains can access). Just set the Flash
caches to zero then you have no locally saved shared objects.


--
__________________________________________________ __________
Post your replies to the newsgroup. Share with others.
E-mail reply: Remove "NIXTHIS" and add "#VS811" to Subject.
__________________________________________________ __________

"Redmond du Barrymond" <redmond@STUFFIT.invalid> wrote in message
news:lorr41trh0s98qeqoiepk1m40raj6c4i8h@4ax.com...
> On Fri, 1 Apr 2005 20:42:01 +0000 (UTC), arnstein@panix.com (David
> Arnstein) wrote:
>
>>This article from Yahoo/techweb describes a spying technique that uses
>>features of Macromedia Flash:
>>
>>http://story.news.yahoo.com/news?tmp..._cmp/160400719
>>
>>If the link doesn't work, the title of the article is "Company
>>Bypasses Cookie-Deleting Consumers."
>>
>>Apparently, the company United Virtualities uses Flash "shared
>>objects" in place of cookies. The article links to a Macromedia web
>>page that explains how to control "shared objects." I thihk that I
>>will just remove Macromedia software instead.
>>
>>I hope that the anti-spyware vendors will provide features to control
>>these "shared objects."
>
> I'm safe. I don't allow the evil Flash player on my PC.


Some sites only provide a Flash-enabled web page because they want to
hide how their web site is structured so some bozo with a web crawler or
spider can't steal their web site. You'll find that you won't be able
to visit those web sites. They may provide a non-Flash equivalent page
but they may not. Just like it is your choice not to install and
support Flash content, it is just as much a web site's owner choice not
to let you steal their web site pages. So far, I haven't hit many sites
that are Flash-only sites but I have hit some, like my own ISP's home
page which paints a page that Flash must be installed to view their home
page (they no longer provide a non-Flash version if the Flash detect
fails).

Some sites that provide some free service make up for it by revenue
garnered from ads on their pages (yeah, you might not like the spam but
then you shouldn't be using their free service) and will use Flash to
present those ads, and if you have Flash disabled so the ads don't
display then the site refuses to show you their web page. You get their
service for free but those resources cost them money and they don't work
for you, so don't visit there if your intent is to pickpocket.

You can decide to not install Flash. Just be aware that more site
authors are attempting to protect their copyrighted content by NOT using
simply HTML coding and relying on other mechanisms to secure their site
code, like using Flash to hide the code.

--
__________________________________________________ __________
Post your replies to the newsgroup. Share with others.
E-mail reply: Remove "NIXTHIS" and add "#VS811" to Subject.
__________________________________________________ __________

[Redmond du Barrymond]

On Sat, 2 Apr 2005 00:09:45 -0600, <Vanguard> wrote:


>Some sites only provide a Flash-enabled web page because they want to
>hide how their web site is structured so some bozo with a web crawler or
>spider can't steal their web site.

That's right, and I have come across a few of those sites. I just
close my browser and say adios. No great loss.

[Redmond du Barrymond]

On Sat, 2 Apr 2005 00:09:45 -0600, <Vanguard> wrote:


>You can decide to not install Flash. Just be aware that more site
>authors are attempting to protect their copyrighted content by NOT using
>simply HTML coding and relying on other mechanisms to secure their site
>code, like using Flash to hide the code.

http://www.useit.com/alertbox/20001029.html
Summary:
Although multimedia has its role on the Web, current Flash technology
tends to discourage usability for three reasons: it makes bad design
more likely, it breaks with the Web's fundamental interaction style,
and it consumes resources that would be better spent enhancing a
site's core value.