Secret Cookies on your computer that you cannot delete

I am a computer security professional, when I'm not plotting Ley lines, and a very good freind of mine imparted this information to me about super-cookies that are on your computer that you probably have no idea even exist. They cannot be removed normally, but I am supplying you with a batch file that will remove them. They are called LSOs.

A LSO, or Local Shared Object, is a cookie installed by Macromedia Flash, but it is not stored in the same location as other cookies, does not have the same constraints as other cookies, like text only and a size no larger than 1K, and are not deleted by using the browser option to Clear Cookies.

en.wikipedia.org...

These cookies can share data across domains, allowing unrelated web sites to know your browsing habits from other sites.

Even more insidious is that they are part of a P2P network. That's right, Adobe and other sites can store data on YOUR computer, without your knowledge or permission, and then YOUR computer serves that data to other users on the internet, to take the load off of the web servers of the sites that planted these cookies on your computer. Your computer becomes a robot, sending data to other computers, as part of a giant botnet.

This is not a WINDOWS issue. Linux and OSX users are susceptible to flash cookies just like Windows users, and they may be at an even greater risk, because they are so entrenched in their belief that their OS is invulnerable to malware and spyware that they never even know that have these LSO's. At least Windows users have a clue when they run a scan with any AV or Anti-Malware software because it reports the presence of tracking cookies. It may not be able to remove them, but at least they know there is something there, and can seek assistance on removing it.

They can be manually removed, or a batch file can be created:

rem name this nukeflash.bat ============================================
rem :: nuke any existing cookies and subdirectories ::
echo off
rem c:
rem cd "%APPDATA%MacromediaFlash Player#SharedObjects"
rem dir /b/s
rem pause
rd /q/s "%APPDATA%MacromediaFlash Player#SharedObjects"
md "%APPDATA%MacromediaFlash Player#SharedObjects"
rem cd "%APPDATA%MacromediaFlash Playermacromedia.comsupportflashplayersys"
rem dir /b/s
rem pause
rd /q/s "%APPDATA%MacromediaFlash Playermacromedia.comsupportflashplayersys"
md "%APPDATA%MacromediaFlash Playermacromedia.comsupportflashplayersys"
rem ======================

What makes this even more evil is that there is no setting or control on your computer that you can use to prevent or even delete these cookies. You must visit the Macromedia web site at:
www.macromedia.com...

When you visit the site, Adobe attempts to disguise the settings control panel by making it appear to be a picture of a control panel, and in very small print says “Note: The Settings Manager that you see above is not an image; it is the actual Settings Manager.”

To check the effectiveness of the Macromedia tool at removing these LSO’s, I removed all two hundred plus LSO’s on my computer, then I ran a standalone LSO remover called KFC. (Kill Flash Cookies) KFC found seven additional LSO’s that the Macromedia Control Panel not only failed to remove, but failed to report that they existed.

Trusting Macromedia to remove the cookies that they plant on your computer is like trusting a virus writer in the Ukraine to produce a tool that will remove their own virus. In my opinion, this is worse than the Sony Root Kit debacle where playing a Sony DVD in your computer installed secret anti-piracy software without notification or permission.

Hopefully, HTML5 will kill Flash, and there will be one less piece of bloatware from Adobe bogging down our systems.





NOTE: This thread was not moved into the "HOAX" forum because of the content on what locally stored objects are, but because of the notion that such objects might be shared between website domains or that the objects are inherently bad, which is incorrect.

Additionally, the information on "Peer-Assisted Networking" (P2P) in this opening post is overly alarmist. The evolution of RTMFP in Flash allows for client-to-client data transfer, such as Flash-based video or audio chat, not the hijacking of user bandwidth.

WOW. That's pretty messed up. I was wondering how you can hide your IP Address, aren't there websites that do this? Also does this prevent them from knowing your browsing habits?

If you're on a Mac, the Safari Cookies extension gives you easy management of Flash cookies.
You can also weed them out yourself in your User/Library/Preferences/Macromedia folder.

cool thanx...bookmarked

Thanks for that bit of info. It worked and I deleted those cookies

Tons of add ons available on Firefox to delete LSO's on browser exit.

Also, go to the adobe site and block adobe add ons (there is a direct link if you are using Chrome)

Should help, some.

Not that I don't trust you, but how do I know that this little batch program is not a virus itself?
I am no computer expert so...
Please just give me your word, and once you do please tell me how to run your program lol
I am serious about computer safety as all my personal files are stored on this one computer and this computer is almost always connected to the internet...

edit: I guess your work is not a virus (as I was posting the above, other posted confirmation)
although, I am still confused as to how to run the batch file (or create it)

Take the following with the proverbial paranoid grain of salt....
From the wikipedia page the OP linked:

The current version of Flash does not allow 3rd party LSOs to be shared across domains. For example, an LSO from "www.example.com" cannot be read by the domain "www.example2.com".

and

Users can also opt-out of them on a per-site basis by right-clicking the Flash player and selecting 'Settings'.

reply to post by Sarene


It's not a virus.

If you are concerned, read up on windows command line commands and arguments. You will see for yourself that it is harmless.

Another option people have when using Windows in order to erase their cookie trails, Active x trails and key logged log's is to reboot your System while holding F5 or F6, You will be brought to a menu where you can boot up in safe modet. You want to choose "Boot into safe mode with cmd prompt."

After all the files load and you have the command prompt up feel free to type this in exactly as shown

del /index.dat

"Index DAT files are files that keep a back up history of your computer. So when you delete your history, it's not really gone completely because it is stored in index.dat files. These files are normally hidden, but they can be accessed with the appropriate software. If you want, you can clean Index DAT files using a command prompt that will ensure they are erased every time you shut down your computer. This will prevent you from having to manually erase them each time."

This will erase all log's and cookies associated with IE and FireFox.

Thanks I used the macromedia link, and found that indeed there were things to delete, but how do I get kill flash cookie ? could you post a link for that too ?

Oh and how often should I check the macromedia page, to keep it clear ?

Sorry for all the Q's

Hi thanks for bringing this up for people who might not know, you might want to point out that the batch is for windows as some newer users might think it works on their linux system etc.
But the wiki page you pointed to does have a good section on finding the LSO on all systems ie pathnames, and even how to stop them coming back by locking down the directory to read only permissons.
by the time you type in the batch file, you could have navigated to the directory manually and locked it down and deleted its contents but good idea none the less.

reply to post by Sarene


Copy all of the text. Right click on desktop select "new text document".
Paste into blank text document.
Save As lsoremover.bat

Click.

Awesome info!!
now if only we could get a glass of cold milk to go with all these cookies i have.

seriously thanks for the info, Good Stuff.

If you use Firefox, you can install a plugin called Better Privacy. It was specifically designed to remove LSO and DOM storage (Supercookies).

Thanks, sorry about that

Originally posted by sixswornsermon
reply to post by Sarene

 

Copy all of the text. Right click on desktop select "new text document".
Paste into blank text document.
Save As lsoremover.bat

Click.

Won't work if "Show Filetype Extensions" is not enabled in Explorer properties: You'll end up with "lsoremover.bat.txt".

So on the Macromedia site, do I want to always deny the P2P settings?

reply to post by abecedarian


Thanks again.
Great post by the way. I will flag this thread

reply to post by abecedarian


Works on my Xp SP3 even though there is no option to save as any type other than a text format.

Trying to rename a .txt to .bat does not work however.

Go figure.