Flash to offer more control over cookies

Most users are already aware of the risks presented by cookies, the small data files that browsers save on our computers to remember things like login details, or Website preferences. Although arguably harmless, cookies can be used to track visitors across different Websites, and advertisers are increasingly using them to target ads based on our Web surfing habits.

The capability to clear out cookies is built into every browser, but few people realise that Adobe Flash Player--the plug-in used to provide YouTube video and Web games--has a similar system that's annoyingly difficult to monitor and clean. This has led to Websites abusing the system in order to track users.

Flash Player refers to its system of small data files as local shared objects, or LSOs, although the rest of the world calls them Flash cookies. They're typically used to store login details for Websites, or perhaps game scores on Flash games. They can even be used to store larger amounts of data for Flash applications, such as image editors or office programs.

You can see how many LSOs are stored on your system by visiting the Global Storage Settings panel page on Adobe's Website. You can also clear LSOs there and discover what sites they came from (although beware that porn sites are some of the heaviest users and abusers of LSOs, so if you're viewing the LSOs of a shared computer, you could dig-up dirt you weren't expecting.)

You might be wondering why you have to visit Adobe's Website to clear data on your own computer. That's a very good question and has been asked by many. Adobe's excuse might be that Flash Player is a plug-in, and as such lacks a user interface.

The good news is that in conjunction with privacy advocates Adobe has begun work on a number of systems to make it infinitely easier to control LSOs. For example, forthcoming releases of Flash player will add an applet to Control Panel (or System Preferences on a Mac) to allow the same degree of control over LSOs as can be found at Adobe's Website.

Adobe has also been working with Mozilla and Google to integrate LSO management features directly into Firefox and Chrome, respectively. This is courtesy of a new Application Programmer Interface (API) that theoretically can be easily added into any browser by developers. Sadly, there's no news whether Microsoft or Apple will be doing so for Internet Explorer and Safari, and given Apple's rocky relationship with Adobe in recent times, it might be unlikely.

Although the browser control panel will be along soon in Chrome and Firefox, those eager to get a look can try downloading developer builds of Google Chrome in the coming weeks and searching through the Preferences dialog. Beware that these releases haven't even reached the beta stage, however, so won't be stable.

Adobe's work is undoubtedly being spurred on by substantial privacy concerns. Last year entertainment companies Disney, Warner Bros. Records, and others were sued for allegedly tracking users, many of whom were minors, using Flash Player LSOs. Additionally, the University of California at Berkeley published a paper showing how LSOs can be used by nefarious individuals to recreate cookies that the user has chosen to delete. Up to 50 per cent of sites were caught doing so, in fact.

Flash Player has been under attack from all directions in recent times, with Apple leading the charge and pointing out that Flash is to be superseded by HTML5, which will be built into every browser. For this reason Apple does not include Flash Player on its iPhone or iPad devices, and has also begun leaving it off MacBook Air computers, possibly because of battery drain issues.

However, although cynics might suggest that Adobe's efforts are too little, too late, the fact is that--imperfect as it is--Flash is still a strong contender for providing interactive and multimedia content online for some time to come. As well as addressing security issues, forthcoming releases of Flash Player are also to be significantly more efficient, and will therefore drain laptop batteries less.

Demonstrations of multimedia and interactive functionality via HTML5 are still novel enough to raise eyebrows and engender a short round of applause--hardly a sign that HTML5 is yet mature enough to push aside a more established technology, regardless of security issues.

Keir Thomas has been writing about computing since the last century, and more recently has written several best-selling books. You can learn more about him at http://keirthomas.com and his Twitter feed is @keirthomas.