Monday, September 20, 2010

Locking down Adobe Flash

who-watchesAn article in the New York Times today revealed that Adobe Flash maintains separate storage for Flash, creating a rabbit hole for third party trackers to hide.

The cache holds Flash browsing cookies and third-party applications, separate from the public cache used by IE and Firefox.  Clearing the browser cache and cookies from your computer doesn’t touch the Adobe area, creating a big privacy hole.  Third party vendors have been using this as a back-door way to re-insert their tracking cookies and applications.

Tech sites advise that simply finding and deleting the storage contents also disables Flash.  Adobe says this is normal: the area was intended to store user settings and not for third party use (although they don’t prohibit it).  I did some reading at Macromedia, and it’s unsettling: Flash also determines whether third-parties can activate your camera and microphone without permission

Yike: that’s a case where I’ve been telling folks that they are being too paranoid.  Who would want to (or could) access your laptop camera without your knowledge?  Now it turns out that people could.

It’s always discouraging to see what the companies are doing behind the scenes to get information about you and access to your computer that they can sell to others.  Free-market libertarians should take note of the abuses.

Unfortunately, it’s not practical to avoid these applications entirely: the best you can do is lock them down so that they don’t do more mischief.

Adobe globalAdobe has a description of the issue here , and a Global Settings Manager that can be used to adjust privacy and security for your computer.  The options include denying use of your camera and microphone to applications, clearing third party cookies, and preventing storage of third-party applications.

It’s worth taking a couple of minutes to close this privacy hole if you are a Flash user.

No comments: