You Deleted Your Cookies? Think Again (Wired) [LWN.net]

Wired looks at the use of Flash cookies implemented by Adobe's browser plugin. "Several services even use the surreptitious data storage to reinstate traditional cookies that a user deleted, which is called re-spawning in homage to video games where zombies come back to life even after being 'killed,' the report found. So even if a user gets rid of a websites tracking cookie, that cookies unique ID will be assigned back to a new cookie again using the Flash data as the 'backup.'" See also this 2008 post from Gnash developer Rob Savoye, as well as an LWN article from last October, for more information on Flash cookies.

Origins of "respawn"

Posted Aug 11, 2009 14:13 UTC (Tue) by bkw1a (guest, #4101) [Link] (1 responses)

"...which is called re-spawning in homage to video games where zombies come back to life even after being 'killed,'..."

I think inittab predates zombie-based video games:

1:2345:respawn:/sbin/mingetty tty1

Origins of "respawn"

Posted Aug 12, 2009 7:58 UTC (Wed) by Los__D (guest, #15263) [Link]

I would think that what the one that coined the term thought about, matters a whole more than the origin of the word in computing.

You Deleted Your Cookies? Think Again (Wired)

Posted Aug 11, 2009 16:30 UTC (Tue) by ikm (guest, #493) [Link] (2 responses)

Does the FlashBlock extension help prevent this (in the cases where no flash videos were clicked to be loaded)?

Stop the crap!

Posted Aug 11, 2009 17:02 UTC (Tue) by phd (guest, #952) [Link] (1 responses)

I think so. And NoScript should do, too.

Stop the crap!

Posted Aug 11, 2009 18:55 UTC (Tue) by leoc (guest, #39773) [Link]

And periodically removing your $HOME/.macromedia directory.

You Deleted Your Cookies? Think Again (Wired)

Posted Aug 11, 2009 17:03 UTC (Tue) by tavis (guest, #14187) [Link] (10 responses)

Is there any good reason not to just run a cron or init script that deletes everything in ~/.macromedia? Is there likely to be anything of value stored in the directory?

You Deleted Your Cookies? Think Again (Wired)

Posted Aug 11, 2009 17:12 UTC (Tue) by sitaram (guest, #5959) [Link] (2 responses)

I've been running like this for more than a year now:

[ff@sita-lt ~]$ ls -al |grep null
lrwxrwxrwx 1 ff ff 9 2009-01-01 17:46 .macromedia -> /dev/null

You Deleted Your Cookies? Think Again (Wired)

Posted Aug 12, 2009 5:44 UTC (Wed) by jengelh (subscriber, #33263) [Link]

To avoid spurious problems just think about bugs in closed-source software"!!!" it might be useful, as a fallback, to use `mount -t tmpfs none $HOME/.macromedia`, though of course that only "clears" it on boot rather than whenever you restart firefox.

You Deleted Your Cookies? Think Again (Wired)

Posted Aug 12, 2009 9:57 UTC (Wed) by mlankhorst (subscriber, #52260) [Link]

or chown 0:0 .macromedia .adobe; chmod 000 .macromedia .adobe :)

You Deleted Your Cookies? Think Again (Wired)

Posted Aug 11, 2009 19:08 UTC (Tue) by sbergman27 (guest, #10767) [Link] (3 responses)

> Is there any good reason not to just run a cron or init script that deletes everything in ~/.macromedia?

Is there any good reason that the plugin's behavior is not illegal?

If I invite someone over for dinner, I don't expect them to dig through my dresser drawer to find my spare door key and have a copy made so that they can let themselves in later.

You Deleted Your Cookies? Think Again (Wired)

Posted Aug 11, 2009 21:56 UTC (Tue) by mikachu (guest, #5333) [Link]

You're the one running the code, they just gave it to you. Why would/how could it be illegal?

its probably in the EULA

Posted Aug 13, 2009 8:08 UTC (Thu) by alex (subscriber, #1355) [Link] (1 responses)

I'd be fairly sure this behaviour is somewhere in Flash's EULA (not that I have checked).

its probably in the EULA

Posted Aug 13, 2009 12:26 UTC (Thu) by micka (subscriber, #38720) [Link]

... which doesn't mean it is legal.
When something written in a contract is not legal, it is just considered as if it where not written at all, the rest being still valid.

You Deleted Your Cookies? Think Again (Wired)

Posted Aug 11, 2009 20:27 UTC (Tue) by tetromino (guest, #33846) [Link] (2 responses)

> Is there likely to be anything of value stored in the directory?

Well, if you play flash games, that's where your preferences and save files will be stored.

You Deleted Your Cookies? Think Again (Wired)

Posted Aug 12, 2009 13:37 UTC (Wed) by kfiles (subscriber, #11628) [Link] (1 responses)

> Is there likely to be anything of value stored in the directory?

Also, the flash cache is used to improve performance, and in the case of features like bitmap filters and compositing on vector art, is a prerequisite. So, some of the niftier UI elements of flash apps could break if the asset cache isn't writable. I'm not sure whether they would degrade gracefully, or not.

You Deleted Your Cookies? Think Again (Wired)

Posted Aug 15, 2009 2:02 UTC (Sat) by dirtyepic (guest, #30178) [Link]

on my system the asset cache is in ~/.adobe, or at least it contains an AssetCache directory that ~/.macromedia does not.

You Deleted Your Cookies? Think Again (Wired)

Posted Aug 13, 2009 16:34 UTC (Thu) by ssam (guest, #46587) [Link]

if you dont need flash dont install it. you can view youtube videos with totem, miro, moovida, or various download scripts.

lots of sites have a flash and an html version. even if you use flashblock, it reports to the site that you have flash installed, so you get the flash version. if you remove flash you get the html version.

i installed flash into firefox in a second user account. on rare occasions that i want to browse with flash i use use ssh to start firefox as the other user.