On Improving Privacy: Managing Local Storage in Flash Player

Adobe Flash Player delivers some of the most compelling, interactive experiences on the web. The team works hard to add new features and push Flash Player capabilities so designers and developers can make the richest content available. We’re also committed to continuously improving Flash Player in less conspicuous areas, such as privacy. Privacy is a hot topic, and there are good reasons it’s on many people’s minds, so we wanted to share some of the work we’re doing to help you protect your privacy.

Some of the Flash Player team’s privacy efforts are happening around a feature of Flash Player called “local storage” (often called local shared objects or LSOs, and sometimes incorrectly referred to as “Flash cookies”). Local storage is required functionality to provide the quality web experience you expect from today’s rich Internet applications (RIAs). It is used by a number of Web technologies, including Flash Player and similar plugin technologies, as well as browsers that support HTML5.

Why is local storage helpful for web apps? Using local storage means information doesn’t need to be stored on a website’s servers. Instead, small amounts of information are stored locally, on the user’s computer. For Flash Player, the default amount of disk storage space is minimal – the LSO is at most three-hundredths the size of a typical MP3. Local storage can be used to allow you to save your website or app login details, site history, or form information so that you can avoid retyping data the next time you visit. Local storage allows you to store work in progress from a photo editor or productivity app, for example. Local storage is also the feature that helps your computer or device remember that you like the volume turned down when you watch videos of your favorite TV show on YouTube, or a video website can show you your most recently viewed playlist without requiring a user account or login. This kind of helpful productivity data is saved on your computer, and Flash Player protects this information so that only the exact website that saved that information can access it.

Since local storage allows sites and apps to remember information, there are concerns about the use of local storage to store tracking information – or of greater concern, to restore tracking information to a browser cookie that a user has intentionally deleted. This use of local data storage has raised questions about privacy. So we’re continually working to make sure that users have better control over the local data stored by applications running in Flash Player.

Most recently, we’ve been collaborating with browser vendors to integrate LSO management with the browser UI. The first capability, one that we believe will have the greatest immediate impact, is to allow users to clear LSOs (and any local storage, such as that of HTML5 and other plugin technologies) from the browser settings interface—similar to how users can clear their browser cookies today. Representatives from several key companies, including Adobe, Mozilla and Google have been working together to define a new browser API (NPAPI ClearSiteData) for clearing local data, which was approved for implementation on January 5, 2011. Any browser that implements the API will be able to clear local storage for any plugin that also implements the API.

Keep your eye on the Google Chrome dev channel to see this feature show up in the coming weeks.

We expect other vendors to be rolling out support for this capability in the near future, and we will continue to work on additional capabilities to improve user privacy in partnership with browser vendors.

The ability to clear local storage from the browser extends the work we did in Flash Player 10.1, which launched with a new private browsing feature integrated with the private browsing mode in major browsers, including Google Chrome, Mozilla’s Firefox, Microsoft’s Internet Explorer, and Apple’s Safari. When you are in a private browsing mode session in your browser, Flash Player will automatically delete any local storage that was written by websites during that browser session once the browser is closed. This ensures that Flash Player can’t be used to store any history or other information from your private session. In striving to ensure a great user experience, we’ve made this seamless and automatic for the user.

Finally, you will soon see improvements to the Flash Player Settings Manager. Since local storage functionality was first introduced, users have been able to fully control their local storage settings using the online version of the Flash Player Settings Manager. By right-clicking on any content that is written for Flash Player, and selecting “Global Settings…” (or by visiting the Flash Player Settings Manager directly), you can customize which sites, if any, are allowed to use local storage. You can even turn local storage off entirely, if you don’t feel you need the functionality for things such as saving game data or your preferences on websites. If you’d like to turn it off just click on “Global Storage Settings panel,” drag the storage amount slider to “None” and select “Never Ask Again.”

Still, we know the Flash Player Settings Manager could be easier to use, and we’re working on a redesign coming in a future release of Flash Player, which will bring together feedback from our users and external privacy advocates. Focused on usability, this redesign will make it simpler for users to understand and manage their Flash Player settings and privacy preferences. In addition, we’ll enable you to access the Flash Player Settings Manager directly from your computer’s Control Panels or System Preferences on Windows, Mac and Linux, so that they’re even easier to locate and use. We expect users will see these enhancements in the first half of the year and we look forward to getting feedback as we continue to improve the Flash Player Settings Manager.

These local storage improvements will give you better control over the information stored on your computer and are part of our ongoing efforts to help you manage your privacy.

Emmy Huang
Group Product Manager, Flash Player

This entry was posted in Flash Player, Flash Professional, Runtime and tagged , , , , , , , , by Emmy Huang. Bookmark the permalink.


Emmy Huang

About Emmy Huang

Emmy Huang is the director of product management for Gaming Solutions at Adobe. Emmy’s background includes working in engineering and product management on a range of digital entertainment technologies at Sony Pictures Digital, Liberate Technologies and Intel. She has worked on interactive toys, interactive TV, a digital media sharing service, Macromedia Director & Shockwave Player, and most recently Adobe Flash Player. Emmy’s love affair with video games began with Oregon Trail on the Apple IIe, deepened while programming simple BASIC games on the IBM PC/AT and was secured while conquering the Legend of Zelda for Nintendo NES at least four times. She doesn’t have as much time to play games now, but at least she can at least say it’s for work!

Show Comments

Hide Comments

38 thoughts on “On Improving Privacy: Managing Local Storage in Flash Player

  1. It’s about time. Adjusting the runtime’s settings should never have required browsing to a website. No other software that I can think of makes this same mistake. I’m very glad you’re finally fixing this.

  2. this looks like what Silverlight does especially the “storage” tab in flash player settings. Nice work!

  3. This is great news. The browser based Settings Manager has been one of the single weakest aspects of the Flash Plugin. Not only is it obscure, but can also be a slightly unnerving experience for the end user. A random SWF sitting on Adobe.com has no business being able to inspecting and manipulate privacy data on my machine. Using a native OS dialog/panel will not only make this much clearer but will bring it more in line with how users expect applications to work. I hope the browser based Manager is going away entirely?

  4. OK. You got me. The browser based Settings Manager SWF sits on Macromedia.com. But that makes it even more confusing to the average user….

  5. @rezmason: Flash offered control over local storage and update rate long before most other software did. Back then we had to solve the problem of “How can you offer a control UI for software which does not impose vendor chrome!?” That’s why the UI is a webpage, even though all operations/controls happen locally.

    (Many SWFs are smaller than any reasonable UI would be. That’s why it was hard to do the UI on a same-page display, and why a separate page was needed.)

    Glad to see the interface is taking advantage of recent improvements in browsers, though!

    jd/adobe

  6. I think this is the beginning of a move that you guys should have made a long time ago. But you need to add in a more descriptive term for “identifies this computer”

    I might suggest that explaining to people by saying “Information that may be used to identify you or your computer” might be closer to the truth.

    While the intention may not have been that you are enabling Flash Cookies, the truth is that you have been. The big danger of FSO is that a website publisher can (and many do) create technologies that can track you across the entire Web in a way that users do not realize. (Widget technologies for example, Wrapper technologies, Flash games and video players, etc.)

    FSO is a hugely successful workaround for users who delete cookies. The tracking ability of FSO is huge and until recently, very few in the world knew about it.

    I think that if you really want to clean up the problem created with people using this feature to implement “Flash Cookies” Adobe should implement and enforce a new policy “outlawing” such use. Adobe should make it against the TOS to record personally identifiable information in an FSO or to use FSO to repopulate regular cookies after users have deleted them – It’s a paper tiger, but better than none.

  7. This is a great step forward, and something many people have been complaining about.

    I’m curious how this will be implemented on Linux, where traditionally installing Flash has just been placing a single (.so) file in the right place.

  8. @ Miles – because the website supports old versions of the Player, and because there is security code related to running the Settings Manager SWF with Flash Player, we’ve had to keep the Settings Manager on the macromedia.com domain. Another reason we’re excited to revamp it into a native control panel!

    @ Don – Thanks for the wording suggestions.

    Adobe has publicly stated that we condemn practices such as respawning of browser cookies because it clearly circumvents the user’s expressed choice. See a recent post from our Chief Privacy Officer here: http://blogs.adobe.com/conversations/2010/12/ftc-issues-preliminary-privacy-report.html

    On the TOS question, that might be more difficult than you think. We have a TOS for the player for end users, and we have TOS for our tooling. However, you don’t have to use Adobe’s tools to create content or applications that run in Flash Player. There is a pretty healthy ecosystem of tools that target the Flash Platform. It is important for developers and website owners to be aware of PII and the regulations around collecting that data, and to ensure they give notice and get consent where appropriate.

    best,
    Emmy

  9. Nice move. I would like to see complete UI within Flash Player settings. I know, present Settings Manager is legacy.

    BTW! Do you really want people to store “app login details” in LSO?

    I know, a lot of folks do that. But reading it from offcial blog sends wrong message, you might want to add another line “hashed/encrypted/encoded information” or “user-id or no sensitive details”….

    -abdul

  10. I have been asking MM/Adobe for the same for a long time. Glad to see finally they are implementing it.

    Silverlight really does a great job on this part. But Adobe, please do not forget to put the complete version of current Flash Player and a button to manually check for updates.

    And the final thing to fix the Flash Player installer. Do not try to bundle any crap-ware along, and get rid of that getPlus crap. Can’t imagine a company like Adobe can’t write a better web-installer on its own.

    // chall3ng3r //

  11. @ Don Synstelien Cross-site tracking depends on third-party content. Those web beacons are the bigger issue than any particular local-storage method. Even if cookies had never been invented, browser-fingerprinting and session IP tracking can “track you across the entire Web”, when the webpages you visit summon a variety of third-party web beacons.

  12. When opening a “private tab” or “private window” in Opera 11, does LSO detritus get cleared out, as well?

    Will this apply to Opera Mobile or Opera for Tablets/Netbooks, also, as that gets rolled out to Flash-enabled mobile devices…or your mobile Flash offerings won’t seamlessly share this LSO mgmt code…? Thx.

  13. I have a script that executes every two minutes via the OS’s task scheduler. It outright wipes away your macromedia and flash folders. All your hundreds of LSOs are wiped clean, all the hundreds of folders named after the websites I’ve visted are wiped clean.

    That’s how it should be done. Nobody should ever entrust their privacy to you guys. Your little Settings Manager can take a hike. Nobody should trust that thing.

  14. Adding a control panel is quite a good thing… next step is to add proxy settings configuration within this component! It’s quite a nightmare to manage RTMP flows in corporate networks…

    • Hi –

      Opening a new private tab or a private window will not clear out the current in-session private LSOs. If you are referring to LSOs on disk, those are also untouched by Private Browsing. It appears from our quick/informal tests that you have to actually quit the browser app, all windows included, in order to get the private LSOs cleared – vs. just closing a tab since these private LSOs are associated with the Flash Player instance on the tab, and with most of the browsers Flash Player instances are deleted only at shutdown.

      Thanks,
      Matt

  15. Glad to see Adobe is finally doing something here. At least you are starting to pretend that you care about our privacy.

  16. Recently, I noticed that certain sites are still able to put 4k LSO’s (flash cookies) in the folder on my computer even though all the settings at the Adobe Global manager are set to NOT allow this (settings under all the tabs there).

    This is the path to the folder I’m talking about a Mac 10.4: User –> Library –> Preferences –> Macromedia –> Flash Player –> macromedia.com –> support –> flashplay –> sys) BTW, there’s not a “parner” .sol file in the Shared Objects folder like there was before I “blocked” cookies.

    From what I’ve read, using “Private Browsing” in Firefox will not prevent sites storing Flash cookies. However, if you clear all the regular cookies and then set Firefox to “Private Browsing” these sites don’t store the Flash cookies.

    I’m not real smart about all this tech stuff, but have some sites figured out how to use regular cookies to bypass the settings at Adobe? If that’s not the answer, how is it that those certain sites can add new LSO’s to my computer in spite of the settings at the Adobe manager?

    • Hi-

      The files in /User/Library/Preferences/Macromedia/FlashPlayer/macromedia.com/support/flashplayer/sys are created by Flash Player, and they are actually saved site-specific and global settings. This is how Flash Player retains your preferences per site. For example, you may tell one site to allow the use of the camera while telling another site to always deny using the camera. These Flash Player settings cannot be read by any website. Only the player itself can read them.

      Hope that helps.
      -Matt

  17. I don’t understand any of the tech stuff you guys have been saying, but I would sell my soul to have that script Anonymous wrote about set to run every 2-3 seconds.

  18. Lawsuits brought about this change. Not spyware companies concern for anyone’s privacy. You are being fed bullcrap sandwiches. They are only concerned with their bottom lines and you can be sure they are working on other secret ways of getting all of your private data to keep spammers supplied with the info they need to feed the junk mail machines.

    My last online visit is to:
    http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager09.html
    where I delete all the stored content from my browsing session. After closing my browsers; I run CCleaner to finish the job. CCleaner does wipe out FlashCookies saved by Macromedia.

    THEY ARE NOT YOUR FRIEND…

  19. my yahoo.messger Flash Player settings cannot be read by any website is not play but i put it on others will play but i want to her christerns don’t play can u fix it for me pls.
    thank u .

    • Hi –

      There may be a problem with the version of Adobe Flash Player that you have installed on your computer. To try and resolve this issue, uninstall and then reinstall a new version of Adobe Flash Player.

      To uninstall and reinstall Adobe Flash Player:

      1. Go to the Adobe Flash Player Uninstaller page and follow the uninstall directions (http://www.adobe.com/go/tn_14157).
      2. Download and install the most recent version of Adobe Flash Player (http://get.adobe.com/flashplayer/).

      To verify Adobe Flash Player is working correctly:

      1. Now you need to verify that Adobe Flash Player is working correctly. To do this, please go to the “Version Test for Adobe Flash Player” page (http://www.adobe.com/go/tn_15507).
      2. Look to the right of the text, “Your Player Version,” and you’ll see a display of the updated version number of Adobe Flash Player that you just installed. This display verifies that your new Adobe Flash Player is working correctly.

      Hope this helps!

      Craig

  20. Amen! to finally a bit of transparency and user control of their own privacy!

    Way past time, but better late than never.

    (Like Egypt and elsewhere, people do not tolerate being treated as fools forever.)

    Google: take note.

    Thanks for the steps toward honesty and transparency as well as user control over privacy.

  21. I appreciate your suggestions, Craig Corica, however it did not correct anything.

    Google mail has not been the only one to be able to bypass the settings at Adobe for the Flash Player. However, I have reason to go there, so used it for the testing.

    I uninstalled and reinstalled a total of 5 times to try to catch any glitches. I did learn that the uninstaller does not remove the Macromedia preference files, at least on my mac, so I removed the two main folder types and later the whole Macromedia preference file manually each time. I also removed the webapsstore.sqlite (dom storage) file from the Firefox profile each time.

    After reinstalling, I went to the Flash global manager and shut things down tight. Then I would go to google and sign in and watch as a google mail sol (4k) was placed in the Macromedia sys folder. I would also check and find a webapsstore.sqlite file in the Firefox profile folder.

    I didn’t start “Private Browsing” until the last re-install. I changed the settings at the Flash Player manager, went to google and signed in for my mail account. No google mail sol was placed in the Macromedia sys folder. No webapsstore.sqlite file was placed in the Firefox profile folder. I don’t know why “Private Browsing” prevents this from happening, but I will continue to use it until this gets fixed.

    I realize that this is not a troubleshooting thread, but wanted to let you know that what you suggested did not work. If you will direct me to the proper forum, I’ll post there.

    Thank you again for your reponse.

    • Thanks for the details – looking to see if I can get some help with this.

      UPDATE: PLease see Emmy Huang’s comment below.

      Thanks,
      Matt

  22. @DRJ

    Sorry for the late reply. This blog is where I got the script: (https://adblockplus.org/blog/getting-rid-of-flash-cookies)
    And there’s no need to run it every 2 seconds, doing so will affect your harddisk’s performance negatively. Once every 2-5 minutes is fine for this purpose.

    I took that script and modified it to delete two folders:
    FSO.DeleteFolder(Shell.ExpandEnvironmentStrings(“%APPDATA%\\Macromedia”), true);
    and
    FSO.DeleteFolder(Shell.ExpandEnvironmentStrings(“%APPDATA%\\Adobe\\Flash Player”), true);

    If there’s something I’ve learned, it’s to take matters in your own hand for the best result. There’s no need to wait years for adobe to release some obscure settings manager. There’s no need to bother with their settings manager’s user unfriendliness and nagging(as detailed in that blog I linked).

  23. Hi C.Fred,

    Please read the information provided on private browsing in the following article: http://www.adobe.com/devnet/flashplayer/articles/privacy_mode_fp10_1.html

    As Matt described above, there are .sol files written for Flash Player settings — this is a technical implementation detail, but the settings LSOs are not written by the site or domain to store information. They are written by Flash Player to store settings related to that domain (e.g. camera and mic access, defaults about whether you are allowing storage to be written to the domain, etc).

    The sol file you see written is the settings sol file for that domain. When you delete everything, and visit again in private browsing, the player stores that setting sol in memory and when you leave the site it deletes it. It doesn’t get written to disk. This is why you don’t see it being written in private browsing mode. Same for the other database file the browser is writing. That is how private browsing mode works — files are written to memory so the site still works, but when you exit they are never written to disk.

    best,
    Emmy

  24. It is about time. The settings manager on the site has been weak. My complaints are that you couldn’t scroll down the long list of websites if there was one, and they weren’t in any order at all. It could be so much better though. Why hasn’t it been part of flash player?

    Just throwing it out there too, but Opera and Flash have some issues when it comes to the settings and global settings dialogs. You can’t seem to click anything. An integrated settings manager would be much better, and would solve this too though.

  25. @ Calvin

    You can scroll down the list of sites by clicking on the arrows for the scroll bar. You can also order the sites alphabetically by clicking on “Websites.” But you are correct, using native system controls will allow Adobe to provide a better user experience for the lists and navigation.

    If you are seeing issues with Opera and the online Settings Manager, please file a bug: bugs.adobe.com/flashplayer so that we can investigate.

    regards,
    Emmy

  26. good move. Waiting for this for so long … it gets user really confuse going to Adobe’s site to adjust settings.

  27. This is THE MOST confusing event of the day – – trying to get ONE SIMPLE question answered. Why is it so hard to “Deny” adobe flash player local storage requests in the window that covers EVERY video I want to view? I have to click it MULTIPLE TIMES, all to no avail, as whatever I am trying to watch begins, so I have to go back and restart it. It’s like they are trying to force me to let it access, to “Accept” it.
    AND
    WHY IS IT NEARLY impossible to find a simple and straightforward contact for Adobe to ask about this? All I seem to encounter are myriad and confusingly esoteric drop downs and little help for direct contact.
    That’s about all I have to say. That, and that I am fast losing respect for Adobe for even allowing this nonsense to prevail upon us uninitiated and nontechnical folks.