Flash to offer more control over cookies

Adobe will build in Control Panel access to Flash Player security settings, but is it too little, too late?

Most users are already aware of the risks presented by cookies, the small data files that browsers save on our computers to remember things like login details, or Website preferences. Although arguably harmless, cookies can be used to track visitors across different Websites, and advertisers are increasingly using them to target ads based on our Web surfing habits.

The capability to clear out cookies is built into every browser, but few people realise that Adobe Flash Player--the plug-in used to provide YouTube video and Web games--has a similar system that's annoyingly difficult to monitor and clean. This has led to Websites abusing the system in order to track users.

Flash Player refers to its system of small data files as local shared objects, or LSOs, although the rest of the world calls them Flash cookies. They're typically used to store login details for Websites, or perhaps game scores on Flash games. They can even be used to store larger amounts of data for Flash applications, such as image editors or office programs.

You can see how many LSOs are stored on your system by visiting the Global Storage Settings panel page on Adobe's Website. You can also clear LSOs there and discover what sites they came from (although beware that porn sites are some of the heaviest users and abusers of LSOs, so if you're viewing the LSOs of a shared computer, you could dig-up dirt you weren't expecting.)

You might be wondering why you have to visit Adobe's Website to clear data on your own computer. That's a very good question and has been asked by many. Adobe's excuse might be that Flash Player is a plug-in, and as such lacks a user interface.

The good news is that in conjunction with privacy advocates Adobe has begun work on a number of systems to make it infinitely easier to control LSOs. For example, forthcoming releases of Flash player will add an applet to Control Panel (or System Preferences on a Mac) to allow the same degree of control over LSOs as can be found at Adobe's Website.

Adobe has also been working with Mozilla and Google to integrate LSO management features directly into Firefox and Chrome, respectively. This is courtesy of a new Application Programmer Interface (API) that theoretically can be easily added into any browser by developers. Sadly, there's no news whether Microsoft or Apple will be doing so for Internet Explorer and Safari, and given Apple's rocky relationship with Adobe in recent times, it might be unlikely.

Although the browser control panel will be along soon in Chrome and Firefox, those eager to get a look can try downloading developer builds of Google Chrome in the coming weeks and searching through the Preferences dialog. Beware that these releases haven't even reached the beta stage, however, so won't be stable.

Adobe's work is undoubtedly being spurred on by substantial privacy concerns. Last year entertainment companies Disney, Warner Bros. Records, and others were sued for allegedly tracking users, many of whom were minors, using Flash Player LSOs. Additionally, the University of California at Berkeley published a paper showing how LSOs can be used by nefarious individuals to recreate cookies that the user has chosen to delete. Up to 50 per cent of sites were caught doing so, in fact.

Flash Player has been under attack from all directions in recent times, with Apple leading the charge and pointing out that Flash is to be superseded by HTML5, which will be built into every browser. For this reason Apple does not include Flash Player on its iPhone or iPad devices, and has also begun leaving it off MacBook Air computers, possibly because of battery drain issues.

However, although cynics might suggest that Adobe's efforts are too little, too late, the fact is that--imperfect as it is--Flash is still a strong contender for providing interactive and multimedia content online for some time to come. As well as addressing security issues, forthcoming releases of Flash Player are also to be significantly more efficient, and will therefore drain laptop batteries less.

Demonstrations of multimedia and interactive functionality via HTML5 are still novel enough to raise eyebrows and engender a short round of applause--hardly a sign that HTML5 is yet mature enough to push aside a more established technology, regardless of security issues.

Keir Thomas has been writing about computing since the last century, and more recently has written several best-selling books. You can learn more about him at http://keirthomas.com and his Twitter feed is @keirthomas.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags privacyflashspamvirusesAdobe Systemsonline securitybrowser security

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Keir Thomas

PC World (US online)
Show Comments

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Cate Bacon

Aruba Instant On AP11D

The strength of the Aruba Instant On AP11D is that the design and feature set support the modern, flexible, and mobile way of working.

Dr Prabigya Shiwakoti

Aruba Instant On AP11D

Aruba backs the AP11D up with a two-year warranty and 24/7 phone support.

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers


This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang


It really doesn’t get more “gaming laptop” than this.

Featured Content

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?