flash cookie awareness campaign

No doubt still a little raw following the “not bundling, just offering” Yahoo! toolbar fiasco Macromedia seem to be taking the initiative by providing information in response to some recent Flash local object privacy rumblings. Local objects, often called “Flash cookies”, are used to store data locally – very much like the browser cookie functionality. There is a new Flash Player technote, How to disable Local Shared Objects, and John Dowdell has been thinking about some of the concerns recently.

According to this techweb.com piece, some of the internet marketing outfits are beginning to use Flash local objects as an alternative to cookies following a recent study which claims that a large percentage of users are deleting cookies on a regular basis. I think the bottom line is that local objects seem to be no more, nor no less, nefarious than cookies and users should be informed about how to manage both (as well as why they would want to). Apparently Macromedia is also talking with the major browser developers with a goal of integrating cookie and shared object managment.That would be useful. In the meantime manage your local object and other Flash Player settings here:
http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager02.html
Also, here is a link to information on managing cookies in FireFox:
http://www.mozilla.org/support/firefox/options#privacy
And for Internet Explorer too:
http://support.microsoft.com/default.aspx?scid=kb;EN-US;q283185

All that said, I do have a couple of questions / observations about Flash local objects and browser cookies:
Are the Flash Player settings machine (as opposed to browser) specific? Meaning if I change my settings using Firefox do the same settings apply under IE?
Flash local objects default to a maximum size of 100KB and can be configured from 0KB to “unlimited”. It would appear that cookies are limited to 4KB. Is this correct?
Are the browser cookie file format(s) published? How about Flash Player local objects?

I’ll do my best to find some answers to these when I have a little bit more time If anyone happens to find this and has some answers I’d be interested in hearing them…

2 Responses

  1. John Dowdell says:

    April 2, 2005 at 6:07 pm

    “Are the Flash Player settings machine (as opposed to browser) specific?”

    Depends ont he browser. IE/Win uses system-level ActiveX Controls, and so any variant browser (NeoPlanet, eg) will use the same system-level extension.

    Modern Macintosh operating systems also use system-level browser extensions, but I’m not sure which browsers use these shared resources and which use the traditional local “plugins” folder.

    (Rephrased, some browsers share extensions, and some do not, and I don’t know that anyone has collected together the documentation for each browser version on this characteristic.)

    I’m not sure where the “4 KB” figure came from… maybe this is “What constraints do various browser have on cookie size?” If so, then this is another cross-browser feature which I haven’t seen documented (across brands) before.

    “Are the browser cookie file format(s) published? How about Flash Player local objects?”

    These are the same thing, though…?

    I don’t think the local storage format has ever formally been written up, because this isn’t intended as a data-exchange format. A few years ago these were stored in domain-specific directories, in plaintext name/value pairs, but the ability to write arbitrary strings to a predictable disk directory address could conceivably have been used to nefarious effect, and so the data and filenames were hashed up a few years ago, and are not as human-readable as before.

    jd/mm


  2. andrew says:

    April 3, 2005 at 9:41 pm

    Hiya John! Thanks for this information. And on the weekend too.

    I appreciate the ‘different browsers use different extensions’ point you make. I guess I was thinking more along the lines of whether the Flash Player extensions all shared the same local object settings. While this can be the case in a win-IE-FireFox setting (for example), from you comments I take it that cannot necessarily be extrapolated across all OS, browser, Flash Player configurations?

    To tell you the truth I’m not sure where the 4KB originally got stuck in my mind. Google turned up this older article on shared objects in Flash MX which seems to imply it:
    http://uk.builder.com/webdevelopment/design/0,39026630,20278036,00.htm

    A.


Leave a Reply