For the paranoid: deleting Flash local storage objects

Posted on Thu 30 October 2008 in misc

I'm reasonably careful about the cookies I accept from Web sites - I don't want companies to be able to track every site I visit, for example, so that they can build a nice little profile about me. It's for the protection of the companies more than anything else: someone there might die of extreme boredom following the trail of "Evergreen", "Linux Weekly News", "Python docs"...

However, I recently learned about Flash "local storage objects" (LSO), which are similar to browser cookies but capable of storing much richer information and also completely inscrutable in terms of the effectiveness of Adobe's security model. Is Flash really capable of preventing a Flash application running on microsoft.com from accessing an LSO from mail.google.com? I certainly don't know, and as Flash is a closed-source application it's hard for anyone except for the developers at Adobe to know--but I bet there are people extremely motivated to find out. (Insert obligatory "See? Closed source sucks!" comment here.)

So, in my crude attempt to prevent too much garbage accumulating due to the occasional YouTube video or NBC Saturday Night Live skit that I might watch, I've added the following rules to my cron entries to delete my entire set of LSOs every four hours:

5 ∗/4 ∗ ∗ ∗ rm -fr /home/dan/.macromedia/Flash_Player/#SharedObjects 5 ∗/4 ∗ ∗ ∗ rm -fr /home/dan/.macromedia/Flash_Player/macromedia.com/support/flashplayer/sys/

You Windows users can probably do something similar, but I haven't bothered to track that down yet. Sorry.