Deleting Cookies? Don’t Forget The SuperCookies!

August 15th, 2009 | Posted in Current Events, domestic spying, FireFox, freeware, Internet, Opinion, Privacy, Tracking, Tutorials | 13 Comments

By now I think that probably most people online these days knows about cookies.  That they’re little text files that allows a website to store up to 4k of information on your computer.  They allow websites to recognize you when you come back, remember your login information and preferences settings and so on.

Cookies are also infamous in allowing websites, advertising sites in particular, to set a cookie with a unique identifier and then use that to track your activities across the web.  This is where various cookie management programs and techniques were developed over the years to give web surfers a measure of privacy and control over which cookies they allow to be set and also giving them the ability to delete any and all cookies any time.

Modern browsers like Firefox or Opera even have the ability to delete all cookies either on demand or every time you close the browser.

This practice was starting to hurt the datamining crowd as suddenly more and more people were deleting cookies and they didn’t have nearly as much data to mine.

Then they discovered the flash cookie.  This is a “feature” of Adobe Flash that allows it to set LSOs (Local Shared Objects).  These LSO’s aren’t traditional cookies at all since there handled and created with flash.  This means that when you delete all of your cookies, absolutely nothing is done to the LSO files.  Another thing advertisers love about LSO’s is that they can store up to 100K of information instead of the 4K that traditional cookies can hold.

Finally, some genius worked out a way to use these flash cookies to restore the traditional cookies that you deleted!  Now Adobe does provide a way to control these flash cookies but it’s so obscure, hard to find and even harder to understand that most people don’t bother with it.

You CAN however, delete those LSO’s manually.  To find them, click Start and then Run.  Enter %SystemRoot%\explorer.exe /n,/e,C:\ in the box and click OK

Then navigate to C:\Documents and Settings\{UserName}\Application Data\Macromedia\Flash Player\#SharedObjects

In the #SharedObjects folder will be another folder with a random looking name.  Open that folder.  Inside it you will find a folder for each site that has set flash cookies (LSO’s) on your machine.

I personally prefer to take a hard line approach and delete every folder I find here along with all of their contents.  You may decide that it’s ok for some of these sites to keep flash cookies and not delete them.

But wait, There’s more!

That’s right.  There’s another folder with information about these flash cookies.  You’ll find it here. C:\Documents and Settings\{YourUserName}\Application Data\Macromedia\Flash Player\\support\flashplayer\sys\

Once again in that folder you’ll find a directory bearing the name of every site you visit that uses flash cookies.  First I think this list is very educational because you’ll find that most sites don’t say a word about flash, flash cookies, or Local Shared Objects in their privacy policy at all.

My personal preference here is the same as the previous folder.  I delete everything, no exceptions.

Once these flash cookies are deleted, the next step is to start your browser, cookie manager if you use one, and nuke all of the cookies that you don’t want, secure in the knowledge that THIS time they won’t magically rise from the dead.  This is another place where I take the easy way out and nuke everything.

This is the procedure that I’ve been using for some time now to keep flash cookies under control.  Yes, It seems involved, but honestly, once you do it a few times it’s a less than one minute job, especially if you follow my example and nuke everything.

Up until recently I was not aware of any software tool outside of Adobe that even attempted to manage LSO’s at all.  Today I’ve found a tool called BetterPrivacy 1.29, which is a Firefox plugin that promises to make it easier to have LSO’s automatically deleted.  It can even keep track of which ones you don’t want deleted.

[Tags]cookies, flash cookies, lso, local shared object, undelete cookies, restore cookies, privacy, delete lso, firefox plugin[/tags]

If you enjoyed this post, make sure you subscribe to my RSS feed!
Link to this post:
Just copy this code and paste it on your site where you want the link to appear:

13 Responses to “Deleting Cookies? Don’t Forget The SuperCookies!”

  1. I’m using four different browsers and I think it’s tedious to do this every time I want to erase cookies.  Do you known any tool common to all browsers?
    .-= Raj´s last blog ..Free Medical Transcription Softwares. Download & Resource Center =-.

  2. Sadly no.  I have not heard about any such utility to remove and / or manage “flash cookies”.  It’s something that’s sorely needed and if I were up to that level of programming, I’d take a stab at it myself.  Unfortunately, I’m not.

  3. I’ll probably check it out sometime when I can afford the time to set up a virtual machine to sandbox it in however I’ve got to say that the page about it gives very little information about the program or exactly what types of files it cleans out

  4. Really very nice post.
    .-= Mian Farhan´s last blog ..Google Secret tricks & hacks =-.

  5. Thanks for the heads up on this. I use CCleaner,, and you can set it for custom files and folders. I’ve set it for those folders so now every time I run CCleaner it will automatically take care of those along with all it’s normal things. And it’s FREE.

  6. Talk about your basic “DUH” moment!

    I’ve had CCleaner since it was called “Crap Cleaner” and it never occurred to me to use that feature to nuke flash cookies!

    Thanks for pointing out the obvious!

  7. LOL Well it’s the ONLY custom thing I have set in CCleaner because I trusted CCleaner to take care of everything without ever thinking about it. Then I read your blog. Thank you again for the instructions. :-)

  8. Oh yes, forgot to mention that someone commented to me that they didn’t want to use CCleaner to clean them because there were some that they wanted to keep. My thinking is that if they got there so easily without us realizing it to begin with, they can get there just as easily a second time, so why keep them. Am I right in that thinking?

  9. I’d say so since any site that has flash on it (and it seems like most use at least some these days, like YouTube players) can, set a flash cookie (LSO) and unlike text cookies browsers don’t have any functionality to control or limit this.

  10. Thanks Ed.

  11. I’ve been on that flash settings manager and it’s always been more of a pain in the arse than it was worth.  I honestly prefer deleting the LSO’s myself, that way I KNOW they’re gone instead of trusting a third party to do it for me.  (which I do not)