Understanding Super Cookies and Protecting Yourself Online
There is always a furious battle being waged with Internet technologies. On the one hand, your average Internet user doesn’t want anyone to see what they are up to online, although this isn’t necessarily because they are up to no good. With the government being caught red handed in recent years wiretapping and intruding on truly harmless domestic communications, everyone in the United States feels threatened and violated. Furthermore, people don’t want their information compromised. It seems every week there is a new story of identity theft or other malicious forms of online attacks that can cause serious consequences.
On the other hand, big companies love to gather and store data about Internet users. Quite simply, it helps them make more money. By looking for trends in Meta data, companies can discern demographic information and better understand why people make purchasing decisions. The number one tool that companies use to gather and track information about users is cookies.
However, most people don’t have a good understanding of what a cookie is, how it functions, and what data it stores. In truth, some cookies are simple in nature and don’t really pose a threat to your online privacy and security. Essentially, a cookie is a tiny text file that is stored in your browser and can be used to track your activities as you browse the Internet. To date, more and more Internet users are figuring out how to disable cookies as well as delete and manage them.
Unfortunately, that’s not stopping Internet marketers and analytics firms from doing everything in their power to push the envelope as far as they can. As a way to get around the tactics people employ to protect themselves against cookies, Internet marketers have created super cookies.
Super Cookies Explained
What is a super cookie, you might ask? Well, it is a rather general term for all kinds of different collections of code and information that is stored on your computer in the same manner as regular cookies, but they are much harder to detect and remove. Two common types of super cookies are LSO (local shared object) and Flash cookies. These cookies are hard to find, hard to remove, and widely used. In fact, over half of the websites in the Internet use some form of super cookie.
But if they are so common, you would think that you would have already heard of them, right? It’s actually not surprising if you haven’t already heard of super cookies because they are intentionally created and deployed in a secretive manner and are intentionally designed to be difficult to find and delete. So, even if you think that you have cleared and deleted all of the cookies on your computer, there is still a chance that you have super cookies lurking somewhere unseen.
Flash cookies – which are only one kind of super cookie – are declining in popularity, however. Flash is not as popular as it once was due to HTML5 as well as Apple speaking out about the various security holes found in Flash.
Flash Cookies vs. Zombie Cookies
Though many browsers today include some way to manage and delete Flash cookies, this wasn’t always the case. Before, Flash cookies could use Adobe’s multimedia Flash plugin to secretly hide cookies on your PC that couldn’t be deleted or managed by changing your browser settings.
Also, these types of cookies aren’t stored within your browser – meaning other browsers visiting the same site will utilize the cookie. Basically, this means that you can’t protect yourself by simply opening another browser. Furthermore, they have the ability to hold up to a whopping 100KB as opposed to the measly 4KB that HTTP cookies can store.
One of the scariest types of these cookies is referred to as a zombie cookie, because you just can’t seem to kill it. It comes back when you thought it was dead already! Even after you delete them out of a cookie directory in your browser, a certain piece of Flash code will rewrite the cookie back into your browser.
How to Deal with Flash Cookies for Good
The first way that you can make sure Flash cookies aren’t storing data about you is to change your settings on the Adobe website. This will provide you with a list of Flash cookies that are currently stored as well as tell you how much data they are taking up. If you see any odd looking cookies that are taking up a lot of space (close to 100KB) you may very well want to delete them. However, if you see cookies from reputable sites that you visit frequently, you may want to keep them.
In addition, you may also want to stop other sites from storing Flash cookies in the future. Simply click on the second tab in the panel, which is the Global Storage Settings tab. You can drag the bar as far to the left to ‘none’ to prevent sites from storing cookies and check the box that is labeled ‘never ask again.’
Manually Delete Flash Cookies
If you want, you can also manually deal with Flash cookies and use this method as a way to verify that no other websites are actually storing cookies. If
you are running windows, simply open a window in Explorer and type “%appdata%” in the search bar at the top. Then click on Macromedia, Flash Player, macromedia.com, support, and finally flashplayer. Look for any files that end in “.sol” as they are the actual cookie. You can delete these if you wish.
In an OSX environment, navigate to users, username, library, preferences, macromedia, flash player, and delete any unwanted .sol files.
Lastly, if you are in a Linux environment, navigate to home, username/ .macromedia, flash_player, macromedia.com, support, flashplayer, and sys. Search the directory for any unwanted cookies and delete them if you feel it necessary to dispose of them.
Deleting Flash Cookies in IE, Firefox, or Google Chrome
If you are using the latest version of Chrome, IE past version 8, or the latest version of Firefox, they can automatically remove unwanted Flash cookies with their clear history feature (as long as they use Flash Player version 10.3 or later). Though these features are nice, they aren’t perfect. In fact, after you clear cookies using this method, there is still the potential that LSO cookies will remain after the fact. You are better off using a method described earlier and manually checking for cookies.
Protecting Yourself from Super Cookies on Android Devices
Android versions 4.1 and later don’t support Flash, but older models and versions of code could still have it installed. The truth is that much of the web still utilizes Flash, and you may want to edit Flash Player settings by selecting the icon in the app drawer. Once opened, simply go to the local storage settings and select ‘never.’
Utilizing Browser Plugins
You also have the option of using plugins for your favorite web browser to stop cookies dead in their tracks. Plugins such as Better Privacy, Disconnect, and Ghostery will help you manage Flash cookies and super cookies, but understand that they aren’t perfect tools. It is generally inadvisable to use these plugins because they make your web browser more unique, and thereby increases your risk to fingerprinting.
Cookies can be a real pain, especially if they are super cookies that are being stored without your knowledge. Even if you think that you have deleted all cookies from your browser, super cookies, Flash cookies, and zombie cookies could still persist and be stored outside of your browser. Though the general public is becoming more concerned with their online privacy, too many people still don’t understand how Internet marketers and other entities can track your habits online. Remember to implement these tips if you want to increase your online security and privacy.