"This means that if, for example, you use the private mode to browse pornography..."
I like that private browsing is recognized for it's primary purpose without the usual hypocrisy (like: "private browsing is useful when you browse for presents for your family and don't want to spoil the surprise"). We all know why private browsing is there.
What I also find quite funny is that Apple was the first one to introduce private browsing. The same Apple that now wants to "free people from porn" (quote from a Steve Jobs email).
That's a good point, but the first time I had a need for it was when my wife was searching for "breast cancer treatments," and the search popped up for one of the kids. That caused some grief because they thought that "mommy" was sick. She wasn't/isn't, she was just doing some research, but we had a bit of a tense time.
The Firefox "Better Privacy" extension can delete these when you close the browser, or better yet on a timer, every few minutes. This allows you to use Flash sites that rely on them without most of the privacy issues.
(Note: don't play any long-term Flash games with Flash cookies disabled).
I found the Adobe page to manage these settings[1] to be somewhat funny.
The notice underneath the Flash content says:
Note: The Settings Manager that you see above is not an image; it is the actual Settings Manager. Click the tabs to see different panels, and click the options in the panels to change your Adobe Flash Player settings
I don't use any flash applications that I want to store anything. In the past (in linux) I did:
rm -Rf ~/.macromedia && touch ~/.macromedia
which stopped flash creating the ~/.macromedia directory and being able to store anything on disk. This caused problems with the odd rare site that insisted on storing things, and the BBC iplayer would become unresponsive. Now I call my browser from a shell script which deletes ~/.macromedia whenever I close it.
My experience with trying to disable cookies was that the (Flash) web became unusable. All sites with Flash content would just keep nagging and nagging.
If you disable 3rd party flash cookies, that should eliminate all unwanted tracking.
Meanwhile, flash cookies are useful for other things: Pandora uses them to keep you logged in forever, even if your session on the server dies (unless you log out), on our site we use it to store copious amounts of user data (such as music libraries) so that it doesn't need to be loaded from the server every time you visit.
Flash cookies are also a win over regular cookies because they aren't sent along to the server with every single http request.
It would be pretty intrusive/noticeable, since the user has to opt in to allow the site to use it. So it's probably only a risk on sites that also make legitimate use of Web Storage.
localStorage is subject to same-origin restrictions (so advertisers can't easily use it to track you across sites). And localStorage is handled like cookies when you use the private browsing mode in browsers like Firefox and Chrome, e.g.:
"When the browser goes into private browsing mode, a new, temporary database is created to store local storage data; this database is empied, and is thrown away when private browsing mode is turned off."
Set data:
window.localStorage.setItem(key, value);
Get all data.
// (Given that you have the "key" be numeric)
/**
* var setData = ['trackingID', 'trackingURL', 'trackingTS'];
* for ( var i = 0; i < setData.length; i++) {
* window.localStorage.setItem(i, setData[i]);
* }
*/
var n = 0, items = [], count = window.localStorage.length;
while (n < count) {
items[n++] = window.localStorage.getItem(window.localStorage.key(n));
}
/* return items; */
-----
Or, you can just set the items with trivial keys (id, timestamp, url) and get the values with window.localStorage.getItem([id, timestamp...]).
I suspect the use of Flash cookies will decline gradually as the use of HTML 5 increases, since a great many of them are just used to store volume settings for commonly-used Flash-based video players.
That's not to say the use of Flash cookies by certain ad networks isn't completely obnoxious.
It seems like all these problems could be solved by tighter integration with browsers: add hooks for browser privacy features to NPAPI and support them in Flash. Adobe seems to already be heading that way with the new private-browsing support.
This particular issue seems to pop up every year or so and there is vast online info available on the topic already. But Flash-bashing seems to be de rigueur these days...
Yes, Adobe is aware of some of the issues mentioned (we Flash pros cringe at the old Macromedia settings windows still in use) but some of his bugs are in fact features (such as being browser agnostic) that behave differently because it's simply different tech (like Mac vs Win).
In all fairness, Adobe has their hands very busy these days with AIR, the new Flash player, and porting Flash to multiple platforms. If the old stuff works, they're not messing with it.
That's because adobe are assholes. Don't think that avoiding/subverting user intent with respect to cookie management is anything but an intentional feature and selling point.
And also the convenience of having the user/session info in HTTP headers where all sorts of other code/frameworks expect it -- instead of only where Flash in-page objects can see it.
"This means that if, for example, you use the private mode to browse pornography..."
I like that private browsing is recognized for it's primary purpose without the usual hypocrisy (like: "private browsing is useful when you browse for presents for your family and don't want to spoil the surprise"). We all know why private browsing is there.
What I also find quite funny is that Apple was the first one to introduce private browsing. The same Apple that now wants to "free people from porn" (quote from a Steve Jobs email).