1 BetterPrivacy introduction
BetterPrivacy is a Firefox addon that is able to delete a special kind of cookies: Local Shared Objects in short LSO's which are placed on your computer by a Flash plugin.
Why are LSO's harmful?
- they are never expiring - staying on your computer for an unlimited time.
- by default they offer a storage of 100 KB (compare: Usual cookies 4 KB).
- browsers are not aware of those cookies, LSO's usually cannot be removed by browsers.
- via Flash they can access and store highly specific personal and technical information (system, user name, .).
- ability to send the stored information to the appropriate server, without user's permission.
- flash applications do not need to be visible to the user
- there is no easy way to tell which flash-cookie sites are tracking you.
- shared folders allow cross-browser tracking, all browsers use the same LSO folder
- the company doesn't provide a user-friendly way to manage LSO's, in fact it's incredible cumbersome.
- many domains and tracking companies make extensive use of flash-cookies.
- flash-cookies are used to re-create data of deleted traditional cookies.
Since Flash is a seperate application, running on your system (also outside of Firefox) , there is no way to prevent it from storing those LSO's on your disk.
However they can be deleted at any time but unfortunately most browsers are unable to remove LSO's.
BetterPrivacy can help here and offers some options from manual deletion up to full automatic cleaning.
How does BetterPrivacy work?
After installation BetterPrivacy tries to find the folder where your Flash plugin stores the LSO's.
Thus the first start of Firefox could be delayed for some seconds.
Then BetterPrivacy does absolutely nothing until you quit Firefox.
At that time the addon will look in the LSO folder, and if it finds cookies a popup will be shown.
BetterPrivacy asks if you would like to delete the LSO's at that time.
You might decide to review every single LSO later at the next Firefox session.
Otherwise you can choose to delete once or even to automatically delete on every Firefox exit.
BetterPrivacy does not need to be configured -
except you want to keep certain LSO's or you want to define the time of LSO deletion.
See next chapter for configuration options.
2 BetterPrivacy Options
To open BetterPrivacy's options go to the Firefox menu, click tools, click BetterPrivacy.
The first tab shows the LSO manager, the second tab contains the options for configuration.
BetterPrivacy is pre-configured to ask for LSO deletion on Firefox exit.
You can also choose automatic deletion on Firefox start or deletion at special intervals (every customized days, hours, seconds).
The timer deletion option can be configured to skip deletion if a LSO was used shortly.
Thus timed deletion will not interfere with your browsing. If you prefer to use the built-in 'Clear Recent History' Firefox feature (Ctrl+Shift+Del) for manual cleanup, then you might want BetterPrivacy to add a LSO item there.
The Flash default cookie (origin settings.sol) also stores some settings for your Flash player, including the Flash application update interval. That's why it is excluded from deletion by default. However it also keeps a list of all visited sites which ever stored a Flash cookie on your computer. Thus BetterPrivacy offers an extra option for this special cookie: "Also delete Flashplayer default cookie". The decision about this is up to you.
LSO's are stored in folders and sub folders that are named according to the web site domain where they came from.
Usually -on LSO deletion- those folders are left over. In default configuration BetterPrivacy checks that they are empty and then removes them.
Besides of Flash cookies there is another kind of super cookie: The DOM storage system.
At the time BetterPrivacy cannot delete DOM cookies seperately.
You can choose to delete all DOM cookies on Firefox exit/start (recommended).
| DOM cookies threaten your privacy because they never expire.
However, deletion of DOM cookies might cause some web-services to stop working
(note: Always prefer deletion over deactivation because deletion has less side-effects). |
Click pings is a special Firefox feature that enables servers to easily track user movements.
However, at the time there is no known case where this feature is effectively used.
Select 'Portable mode' only if the Flash application data folder might change on every Firefox start. Relative folder locations will be used.
3 The LSO Manager
The LSO manager lists all LSO's (Flash cookies) found on your computer.
The LSO's are stored in sub folders of the main Flash application data folder.
That main folder is shown on top and can be changed manually if needed.
If the path field turns red (no path is shown) then you can try to press the 'Search Directory' button:
It might be necessary to scan the systems home directory, so please be patient until the folder is found.
If no folder can be found, make sure that the Flash plugin is correctly installed.
The LSO table mainly provides information concerning creation (modification) time of the LSO's and about their origin.
Unfortunately
it is not possible for an addon to get the exact URL's of the sites that stored those LSO's.
However the first column shown in the table as well as the last folder names of the full path (shown below the table) should give a clue which web site probably stored the LSO to your hard disk
To exclude an LSO from automatic deletion simply select (click) the LSO row, then press 'Prevent automatic LSO deletion'.
The status column of the selected LSO will turn to 'Protected folder'.
Be aware that a click on the button always toggles between the unprotected and protected state!
In case you protected several LSO folders and you want to remove or edit one of those paths, click edit protection list.
- Note 1: All sub folders of a protected folder are protected too.
- Note 2: Protected LSO means that it is excluded from automatic deletion. It still can be deleted by the Flash application or other privacy applications!
There are two buttons, to remove a single selected LSO or to remove all at once. If you press the 'Remove all' button you might be asked what action should be taken on protected LSO's. On the bottom you find some LSO statistics, showing the quantity of automatic deleted LSO's: Since the time you last opened the options and cumulative.
4 Problem solving
It might happen that a web-service stopped on usage of BetterPrivacy and that you consider this as a problem.
This can be lost game settings, non-working login or other lost cookie-stored data.
It can be caused...
- because you accidentally deleted one or more LSO's that are needed for the web-service to work, or
- because BetterPrivacy removed DOM cookies (more unlikely).
In the first case you have the option to exclude needed LSO's from automatic deletion.
In the second case you should consider to uncheck deactivation and/or deletion of DOM cookies in the options tab.
Since it is difficult to determine what exactly is the cause of the problem I would recommend to do both.
It is impossible to address every potential situation here, but an example as follows can be given:
A PROBLEM SOLVING EXAMPLE: Not working Yahoo login (Yahoo signup seal broken or lost):
This is caused because the signup seal is a LSO cookie which once was stored on your computer.
In case you accidentally deleted that LSO, the seal is lost and needs to be created new.
Remember that is important to protect the seal LSO as soon as it is recreated.
This can be done with BetterPrivacy's LSO manager, but you need to know which LSO is the right one to protect.
For that reason it is recommended to remove all currently stored LSO's first - so the next new LSO will be the seal.
Immediately after clearing the old LSO's visit the Yahoo site to recreate the login seal.
This done you can open the LSO manager,
but make sure that the Yahoo site is closed!
(some LSO's are not stored until the web site closes completely)
If the seal has been successfully recreated, then you will see the
appropriate LSO in the manager table.
Select the LSO and click Protect folder. That's all.
5 FAQ
Q: I notice that when I go to the Flash Player settings manager site I still get a list of visited pages.
A: In default configuration BetterPrivacy does *not* delete the Flash-Player-default cookie. Some users consider the default cookie as important since it keeps Flash-Player update settings as well as some camera or microphone settings. The default cookie also keeps a complete list of all visited flash-cookie pages. However, the stored data associated with those visited pages will be deleted by BetterPrivacy though.
As long as the default cookie is kept, Flash-Player's settings-manager still shows a complete list of all visited pages, even if BetterPrivacy deleted all data storing objects. Go to BetterPrivacy's options and check 'Also delete Flash-Player default cookie' in order to remove the list of visited pages as well as the Flash-Player settings.
----------
Q: Error-message: Flash application data folder not found!
A: As noted at the beginning, if you do not have a FLASH-PLUGIN installed, then you do NOT need BetterPrivacy! Only a Flash-plugin can place LSO's on your disk. Otherwise make sure that your browser-flash-plugin is correctly installed and that it works.
----------
Q: Error-message: BetterPrivacy is searching for your LSO cookie directory. The search takes longer than expected.
A: In Firefox open BetterPrivacy (Menu->Tools->BetterPrivacy) and enter the correct path of your Flash data directory. Depending on your operating system this should be one of the following paths:
Windows: %APPDATA%\Macromedia\Flash Player\
Macintosh: ~/Library/Preferences/Macromedia/Flash Player/
Linux/Unix: ~/.macromedia/Flash_Player/
----------
Q: Flash has a built-in panel to define storage settings, why should I use an addon?
Q: What about the 'Global Privacy Settings panel' located on a fairly hidden company page?
A: The usual Flash control panel only provides an option to set a storage limit on a per site basis. Thus you would need to define a new limit for every single flash-site you visit. If you look at many different sites a day you easily end up in wasting your time by defining all those limits. Moreover there exist functional Flash embeds that are not visible - so you would not be aware that you missed to define a limit.
A: You can use it to globally deny storage of web site data - but as storage is disabled it might happen that a LSO powered site denies it's service too. Of course, with global settings you cannot make exceptions. Besides the global LSO there will be stored additional settings LSO's for every Flash site (so some tracking still remains possible). Also be aware that the global settings LSO does not get deleted. Note that the company could have made this global panel available from the right click menu but they didn't. All in all you see that the process for managing permissions is practically unusable.
----------
Q: How to find out how many cookies currently are stored on my computer?
A: Go to BetterPrivacy's options (Firefox tools menu), LSO-manager tab. All currently stored Flash-cookies, if any, are listed there. Note that some sites store their cookies instantly when loading, others not before they are closing.
----------
Q: What might happen if I give permission to delete (some of) my Flash cookies?
A: It is pretty much the same thing as with usual cookies. In most cases nothing happens. However, to gain all conveniences some services might require you to be tracked. For example they could store some data (e.g. flash game settings) together with the tracking data itself. They bundle some interesting feature along with tracking data to get you to keep the awful cookie. Read next topic on how to exclude special cookies from deletion.
----------
Q: How to exclude certain Flash cookies from automatic deletion?
A: Go to BetterPrivacy's options (Firefox tools menu), LSO-manager tab, select the site/cookie folder you want to exclude and press 'Prevent automatic deletion of folder contents'. Note that you allow tracking with every excluded Flash-cookie. Important: Protection means those LSO's are excluded from BetterPrivacy's deletion but the owner web site still can delete them as well as any other programs you might have running!
----------
Q: Does BetterPrivacy block any sites or alter any settings of my Firefox installation?
A: No! BetterPrivacy never modifies web pages! The addon does not even know that web sites exist. It just looks in the cookie folder on your hard disk at the end of a Firefox session. For sure, if you confirmed to delete some Flash cookies it might happen that some previously LSO-stored data, e.g. Flash game settings, are lost: It is as like as with usual cookies! To prevent such data loss, see above (How to exclude...). BetterPrivacy also stores some own preferences using a unique name space, just as every addon does.
----------
Q: Does every Flash application/video place a cookie on my hard disk?
A: No! There are many Flash applications which store nothing on your computer. Though BetterPrivacy will not affect them in any way.
----------
Q: Does 'Private Browsing' protect me from tracking with LSO's?
Q: Is Firefox's 'Delete Private Data' function capable of deleting Flash-cookies?
A: No! Currently private browsing cannot protect you from LSO's, because until now the Flash-application's company did not implement a feature that obeys that browsing mode.
A: No! As Flash is an external application, Firefox is not even aware of Flash-cookie storage.
----------
Q: Why is it not possible to manage exclusions on a 'per site' basis like e.g. Adblock does?
A: Though it is installed as a plugin, Flash still runs as an external application on your computer. So Flash does not permit to be intercepted on cookie storage and moreover it's cookies can be accessed only indirectly. Thus an addon -like BetterPrivacy- can only get limited information, derived from cookies and their folder structure.
----------
Q: Are there other ways to delete those Flash-cookies, not using BetterPrivacy?
A: Yes, for sure! For example...
- You could write a short script to do this for you, eg. batch or vbs.
- Objection is an alternate Firefox extension capable of acting like BetterPrivacy.
- Flash itself provides an option to set a storage limit on a per site basis, but you would need to define a new limit for every flash-site you visit.
-You might also use an external 3rd party application which you would need to install on your computer.
- Finally you can delete the LSO's manually by using a simple file manager. See Wikipedia article, which is mentioned above, for details.
- Addons like 'StopAutoplay' can limit the amount of stored LSO's though some of them will slip through because you sometimes decide to run a flash application (FlashBlock does not block Flash cookies because it only prevents Flash from running but Flash is still pre-loaded).
----------
Q: Why does BetterPrivacy not delete the Asset-cache or flash folder xyz?
A: BetterPrivacy only deletes privacy related data, that means data that helps to identify the user or computer. Fore sure, data of that kind must also be accessible by web sites. It is a common misunderstanding: The Asset-cache does not store such data.
----------
Q: How to know what LSOs were generated during the session?
A: Open the LSO manager and click the modified column. Then all LSO's are sorted by creation date. You should see the most recent on top.
----------
Q: Where do I get more information about LSO tracking and the involved companies?
A: Visit Privacychoice Blog --or-- Social Science Research Network
|
