Does Private Browsing block those new "super cookies", the non deletable LSO's?
Flash-cookies (Local Shared Objects, LSO) are pieces of information placed on your computer by a Flash plugin. Those Super-Cookies are placed in central system folders and so protected from deletion. They are frequently used like standard browser cookies. Although their thread potential is much higher as of conventional cookies, only few users began to take notice of them. It is of frequent occurrence that -after a time- hundreds of those Flash-cookies reside in special folders. And they won't be deleted - never and are used by companies to trace our internet activities. CCleaner etc do not delete them, nor does the web browser.
Visit the Community page
Join our forums
Subscribe to our email newsletter
Subscribe with RSS
Follow us on BlueSky
Follow us on Facebook
Follow us on LinkedIn
Follow us on Mastodon
Follow us on Twitter
No. Firefox Portable has no control over Flash's cookies.
BetterPrivacy
is it called, claims to remove LSO etc., in fact you can also protect some of those objects, I need one for example, some stupid internet TV wants it so, but I can remove all the rest and keep the one protected.
BTW: I can not see what some people mean by the supper cookies can not be deleted. I can simply right click on each, or each of their folders and they are gone. It is only the browser which does not delete them , but otherwise they are under appdata under macromedia. (on XP)
The text in your post looks like copied from the website of the BetterPrivacy, well they have to justify the use of their addon certainly somehow, so will create big dramatic issue of it. The pathetic 'central folders' are just appdata, special is only that they have # in the name.
Otto Sykora
Basel, Switzerland
Yes, LSOs *are* blocked by default in Private Browsing. This is because FlashBlock is blocking all flash objects. If you run a flash object (by clicking play over it) that object will be able to access LSOs, though.
This should block nearly all Super Cookies. Unless you click play on ads of course.
Sometimes, the impossible can become possible, if you're awesome!
I been testing this and it has javascript enabled and it DOES NOT block the new "super cookies" at all. I needed to install the firefox addon "Betterprivacy" to have control over the flash LSO cookies.
Any possibility to fix this security breach in Private Browsing? And automatically block all cookies as well, because at current Private Browsing allows cookies by default!
Private Browsing blocks LSOs by default. If you never click on a flash object, you won't get them. Private Browsing has *temporary* cookies enabled. That means they are cleared on each exit. Some website that purports to test if you are 'vulnerable' to super cookies will always say you are if you have cookies enabled even per-session. But, if you disable cookies, a lot of websites won't work at all (including being able to use this site as anything but a guest).
Sometimes, the impossible can become possible, if you're awesome!
Ok John, sounds good then.
BTW, I ran some tests, here are the results:
Test results
* Passed Mozilla crashes with evidence of memory corruption - passed
* Passed Internet Explorer bait & switch race condition - passed
* Passed Mozilla crashes with evidence of memory corruption - passed
* Passed Internet Explorer createTextRange arbitrary code execution - passed
* Passed Windows MDAC ADODB ActiveX control invalid length - passed
* Passed Adobe Flash Player video file parsing integer overflow - passed
* Passed XMLDOM substringData() heap overflow - passed
* Passed Mozilla crashes with evidence of memory corruption (rv:1.8.1.5) - passed
* Passed Opera JavaScript invalid pointer arbitrary code execution - passed
* Passed Apple QuickTime MOV file JVTCompEncodeFrame heap overflow - passed
* Passed Mozilla code execution via QuickTime Media-link files - passed
* Passed Mozilla crashes with evidence of memory corruption (rv:1.8.1.8.) - passed
* Passed Mozilla memory corruption vulnerabilities (rv:1.8.1.10) - passed
* Passed Mozilla crashes with evidence of memory corruption (rv:1.8.1.12) - passed
* Passed Apple QuickTime 'QTPlugin.ocx' ActiveX Control Multiple Buffer Overflows - passed
* Passed Window location property cross-domain scripting - passed
* Passed Mozilla Firefox MathML integer overflow - passed
* Passed Internet Explorer XML nested SPAN elements memory corruption - passed
Congratulations! The test has found no vulnerabilities in your browser!
And where exactly do these mysterious tests come from?
Release Team Member
There are a few browser checkers, but I used this one:
http://bcheck.scanit.be/bcheck/
John, I just checked something. Even though firefox has Adobe Flash blocked, somehow some youtube LSO cookies are still getting through and being stored in C:\Users\truth\AppData\Roaming\Macromedia
How come?
videos then you deliberately selected this, so this cookie has to be accepted. If you block everything, you will not have much fun with your browser possibly. It can be that the lash itself will not appear (due to flash blocker), but the cookie can be transmitted before the actual flash file was downloaded. The flash file itself will probably not execute the flash player then, but the cookies are separate files.
As John stated, cookies are blocked if you do not deliberately click on some flash. The aim can not be to block all cookies completely, but rather help to remove them after the use again.
Otto Sykora
Basel, Switzerland