BetterPrivacy 1.29
by NettiCat

Ever wondered why you are still tracked though you tried everything to prevent it?
BetterPrivacy is a Super Cookie Safeguard which protects from usually not deletable LSO's. [LOCAL SHARED OBJECTS] It blocks longterm tracking on Google, YouTube Ebay and many other domains.
https://addons.mozilla.org/en-US/firefox/addon/6623

I think this extension probably has a low impact on browser speed because its default action is merely to erase the Flash cookies when the Firefox browser closes.

I had about 240 Flash cookies before I erased them.

For those users who object to "web beacons" (which can be implemented by other means than mere one pixel GIF's, etc.) I would expect that they would also be interested in this. (It's pretty easy to set firefox to erase normal cookies when it closes, e.g. to erase cookies that might be associated with web beacons, so I assume no instructions are needed.)

Sites pulling sneaky Flash cookie-snoop

Academics fret over privacy threat

By John Leyden • Get more from this author

Posted in ID, 19th August 2009 12:42 GMT
...
We find that more than 50 per cent of the sites in our sample are using flash cookies to store information about the user. Some are using it to 'respawn' or re-instantiate HTTP cookies deleted by the user. Flash cookies often share the same values as HTTP cookies, and are even used on government websites to assign unique values to users. Privacy policies rarely disclose the presence of Flash cookies, and user controls for effectuating privacy preferences are lacking.
...

http://www.theregister.co.uk/2009/08/19/flash_cookies/

BTW, other Firefox extensions which block Flash (e.g. Flashblock) shouldl stop Flash cookies from being created, but only by blocking Flash from running in the browser (Firefox).

HOWEVER, O T H E R programs, such as IM programs, like AOL Instant Messenger and Yahoo Messenger, run flash animations which create Flash cookies. If Firefox "Better Privacy" runs AFTER those O T H E R programs have created Flash cookies then "Better Privacy" apparently DOES delete such Flash cookies (according to my very limited experiements).

BTW, other Firefox extensions which block Flash (e.g. Flashblock) shouldl stop Flash cookies from being created, but only by blocking Flash from running in the browser (Firefox).

HOWEVER, O T H E R programs, such as IM programs, like AOL Instant Messenger and Yahoo Messenger, run flash animations which create Flash cookies. If Firefox "Better Privacy" runs AFTER those O T H E R programs have created Flash cookies then "Better Privacy" apparently DOES delete such Flash cookies (according to my very limited experiements).

FlashBlock works for me because it turns all flash objects into little icons along with whatever text info is there. If I want to see the flash presentation, I click on it after reading what I think it might be and then it runs, but not before that.

As Flash has been a culprit over time, this is a safe way to browse for me, along with Policy Manager. AdBlock is merely a convenience that needs maintenance as web masters constantly change up their pages as advertising dollars change and NoScript doesn't impress me at all.

In K-Meleon, you don't need to have Flash loaded, merely the Netscape flash plugin is enough to run things. And by doing it that way, there are no flash coookies preserved at all.

In K-Meleon, you don't need to have Flash loaded, merely the Netscape flash plugin is enough to run things. And by doing it that way, there are no flash coookies preserved at all.

Windows Issues
Can I use Flash Player for Internet Explorer with Mozilla?

No. Flash Player for Internet Explorer is an ActiveX control, which is not supported by Mozilla.

How do I uninstall Flash Player?

To uninstall Flash Player, you can use the Flash Player Uninstaller, or delete npswf32.dll and flashplayer.xpt by hand.

I didn't install Flash Player for Mozilla, so why is it using it?

Mozilla's plugin scanning is locating another copy of Flash Player, using the Netscape 4.x plugin scan. To disable this, open \default\pref\winprefs.js, and uncomment the following line by removing the //.

//pref("plugin.scan.4xPluginFolder", false);

Note that this will prevent any plugins from being detected using the Netscape 4.x plugin scan, not just Flash Player. More information about plugin scanning.

Note: In recent Mozilla builds, you will need to edit \greprefs\all.js instead of \default\pref\winprefs.js.
http://plugindoc.mozdev.org/faqs/flash.html#win-flashplayer-ax ..
Nick, I'm not sure what you mean by "In K-Meleon, you don't need to have Flash loaded"?
According to the above FAQ extract from Mozilla site, the MS IE active X control for Flash certainly would NOT be loaded , assuming that K-Meleon is based on part of Mozilla.
K-Meleon is an extremely fast, customizable, lightweight web browser based on the Gecko layout engine developed by Mozilla which is also used by Firefox. K-Meleon is free, open source software released under the GNU General Public License and is designed specifically for Microsoft Windows (Win32) operating systems.
http://kmeleon.sourceforge.net/

On my XP PC, I believe the Flash plugin is called npswf32.dll. It's resident in the c:\windows\system32\macromedia\flash folder. It is NOT in the "plugins" subfolder of Mozilla Firefox. Therefore I assume based on my above quote from the mozilla site FAQ that , like Netscape, Firefox also searches for the plugin and finds it in the c:\windows\system32\macromedia\flash folder.

NPSWF32_FlashUtil.exe , in the same folder , appears to be an updater / downloader for Flash.

Since Flash is an Adobe product I assume that for Flash files to be rendered, a Flash EXE or Flash DLL MUST be loaded in memory and running at the time when the file is rendered in the browser. It would not make much sense for Mozilla to incorporate Flash functionality directly embedded into any of their products, esp. in view of the fact that security bugs show up rather regularly in both Firefox and Flash, not to mention many other softwares.

Firefox "BetterPrivacy" extension tells me that my Flash cookies are stored in the following folder on my PC:

C:\Documents and Settings\memyselfandi\Application Data\Macromedia\Flash Player

Have you identified the Flash cookie storage folder on your system and verified that there are no cookies in there?

I myself would never have known where the Flash cookies are stored until BetterPrivacy told me where.

I do not consider Flash cookies to be a security issue for myself. I would not be surprised if and when somebody figures out a way in future to use them to compromise security, but since I have only heard of them mentioned as a possible privacy issue so far, I'm mainly deleting them as a matter of principle (Don't tread on me, etc.).

In case anyone is running Flash in a non MS IE (or a MS IE) browser you can check what version it is by going here:
http://www.macromedia.com/software/flash/about/

My Firefox says:
You have version 10,0,32,18 installed

One may also check the version of Flash used by the browser by right clicking on whatever Flash animation might be currently playing.

As I noted in a previous message, other programs besides browsers may run Flash animations. I run/view some SWF files in Irfanview, for example, intentionally. In addition to the Flash ads I am forced to view in AOL IM, etc.

David,

Nope, don't need the full flash program, just the plugin (along with FlashBlock) in K-Meleon.

http://kmeleon.sourceforge.net/forum/read.php?4,96155,96184#msg-96184

Disrupted's posts explain better than I can.

David,

Nope, don't need the full flash program, just the plugin (along with FlashBlock) in K-Meleon.

http://kmeleon.sourceforge.net/forum/read.php?4,96155,96184#msg-96184

Disrupted's posts explain better than I can.
Thanks for the link to the post in kmeleon forum.

Just for the heck of it, I tried an experiment with Flash in Opera. In Opera, the plugin DLL (SWF DLL) is installed in the plugins subfolder of Opera. Running some Flash in Opera did put some cookies in the normal folder for Flash cookies. So there may be more to blocking the Flash cookies than merely having the plugin (SWF DLL) in the browser's plugins folder:

1. Maybe Opera actually didn't use the DLL from its plugins folder, and used the other (system) SWF DLL instead.

2. Maybe it is required to have Flash "officially" installed somehow so that certain entries exist in the Windows registry before Flash will actually store Flash cookies.

I suspect that disrupted's alternative suggestion to delete the folder where Flash would store the cookies might not be a good general solution for users who want to clean out Flash cookies, since the temporary presence of certain Flash cookies might be required at least while the Flash program is running for the Flash program/file to perform properly. For example, this hypothesized Flash cookie requirement may or may not exist for such programs as Web based Yahoo Messenger which has been implemented as a Flash application.

Thanks for the link to the post in kmeleon forum.

Just for the heck of it, I tried an experiment with Flash in Opera. In Opera, the plugin DLL (SWF DLL) is installed in the plugins subfolder of Opera. Running some Flash in Opera did put some cookies in the normal folder for Flash cookies. So there may be more to blocking the Flash cookies than merely having the plugin (SWF DLL) in the browser's plugins folder:

1. Maybe Opera actually didn't use the DLL from its plugins folder, and used the other (system) SWF DLL instead.

2. Maybe it is required to have Flash "officially" installed somehow so that certain entries exist in the Windows registry before Flash will actually store Flash cookies.

I suspect that disrupted's alternative suggestion to delete the folder where Flash would store the cookies might not be a good general solution for users who want to clean out Flash cookies, since the temporary presence of certain Flash cookies might be required at least while the Flash program is running for the Flash program/file to perform properly. For example, this hypothesized Flash cookie requirement may or may not exist for such programs as Web based Yahoo Messenger which has been implemented as a Flash application.

David,

I don't know from nothing about Opera, but K-Meleon, otoh, is what I use as my main browser. I can do nothing but assure you that I only have the plugin for Macromedia Flash and no other flash component or executable running elsewhere. In general, Flash likes to be kept in c:\windows\system32\macromedia\flash, etc. etc. and that is empty.

Web cookies that existed prior to my running in this fashion, I manually deleted just to make sure. No such cookies exist on my system that I can find.

Meanwhile, when I use FlashBlock with the plugin in KM, flash modules run just fine whenever I care to click on the small "F" icon that flashblock uses instead of automatically running.

but K-Meleon, otoh, is what I use as my main browser. I can do nothing but assure you that I only have the plugin for Macromedia Flash and no other flash component or executable running elsewhere. In general, Flash likes to be kept in c:\windows\system32\macromedia\flash, etc. etc. and that is empty.

Web cookies that existed prior to my running in this fashion, I manually deleted just to make sure. No such cookies exist on my system that I can find.

Meanwhile, when I use FlashBlock with the plugin in KM, flash modules run just fine whenever I care to click on the small "F" icon that flashblock uses instead of automatically running.

Just to clarify, I'm nearly 100% sure that the ONLY Flash related file for NON MS IE browsers with any Intel CPU executable code in it is NPSWF32.dll

Therefore if you ever run any Flash animation at all in a NON MS IE browser on your Windows PC, then NPSWF32.dll file MUST exist somewhere on your hard disk.

The OTHER Flash related files on your PC with OTHER file extensions besides DLL, such as EXE, are for installing or uninstalling Adobe Flash. They are NOT needed to render Flash files per se.

So to do a MINIMAL install of Flash for a non MS IE browser it is sufficient merely to copy this DLL file into the appropriate "plugins" subfolder of the folder where the browser itself is installed. I am not sure whether such a minimal install of the DLL by itself would or would not result in Flash cookies being stored as LSO's in an appropriate folder somewhere on your system. It may well be as the poster in the kmeleon forum seemed to indicate that, under such MINIMAL circumstances, Flash cookies would NOT be stored in the usual folder, whatever that may be.

I think however, for those doing a normal (no brainer style, like me) install of Adobe Flash, it should be noted that Flash cookies from MANY sites WILL be stored and many of such cookies would remain (and presumably be tracked) INDEFINITELY.

Incidentally, I used Windows Explorer to check in my
...\Application Data\Macromedia\Flash Player\#SharedObjects\YGF7GFUC
folder and found 98 subfolders, each subfolder named after a particular web site. Some of these subfolders also had subfolders. It seemed that almost all of the subfolders were EMPTY. I assume they were empty because BetterPrivacy extension of Firefox had cleared them (every time I exit Firefox). Although it probably would not hurt to erase all the subfolders, I don't know that for a fact, and an not in a mood to do that experiment. For now, I'll merely trust BetterPrivacy that it knows what it's doing and it's not lying to me.

Since at least a few Flash programs used by a at least a few users may require certain Flash cookies to remain existing at least during the duration of their online sessions, I would not recommend any user boldly deleting these folders unless he or she knows what they're doing. I figure tracking usage during one session is not much of a privacy invasion unless one leaves the Flash program/animation and the browser running 24/7.

By the way, Flash cookies created when running Flash animations, etc. in MS IE are ALSO erased by BetterPrivacy. Therefore , FWIW , as long as a Mozilla browser which uses the BetterPrivacy extension is exited AFTER MS IE is closed or after any OTHER non MS IE browser is closed, there will be no Flash cookies stored as LSO's in the Flash cookie folders.

It should be repeated that AFAIK this is "merely" a privacy issue. I do not know of any instance of Flash cookies being used in/as an attack vector. Which is not saying much.

Just to clarify, I'm nearly 100% sure that the ONLY Flash related file for NON MS IE browsers with any Intel CPU executable code in it is NPSWF32.dll

Therefore if you ever run any Flash animation at all in a NON MS IE browser on your Windows PC, then NPSWF32.dll file MUST exist somewhere on your hard disk.



David,

Yes, the npswf32.dll is the plugin that non-IE (Mozilla) browsers use and if you do that in KM, you don't incur flash cookies on your hard drive that you cannot easily remove, e.g., with something like Cookie Culler which handles normal cookies.