JJ Luna

Flash Player Security Issues

Submitted by:
I am quite militant about privacy & try to keep up, especially, with computer-related privacy invasions. But the risk posed by using Adobe Flash Player (like to watch a Youtube video) was something I had not heard mentioned. I did a search of this site using both Google & your site's internal search feature, & it doesn't appear that this has ever been mentioned.

I first became concerned when I a window popped up telling me that there was an updated version of Adobe Flash Player available & asked if I wanted to download it. I was a bit alarmed, because I do not allow any of my programs (except Firefox) to automatically check for updates. If my computer knows there is an update, there had to be communication between my computer & an outside server--a security risk. But there is nothing listed in my ZoneAlarm programs list that would allow / disallow this. The popup window gave me an option of changing my update settings, but when I click on it, it doesn't open a program on my own computer. It goes to the macromedia.com website where I can change my settings.

So now I am concerned & confused. How is the program communicating with an outside server without my knowledge? How are these settings that I am selecting on an outside website going to be remembered by my computer? I searched my brain for some knowledge that would explain how this was happening. I came up with nothing. So I Googled & eventually came up with this excellent article from EPIC.org (see below).

It explains what's happening very simply & thoroughly. Basically, because so many of us are deleting or refusing cookies, there is now a Flash cookie being used that isn't so easily identified or deleted. So read this article, then download Objection, a great Firefox extension that helps you delete those Flash cookies. Also, if you are using Evidence Eliminator, modify your options to include deletion of these .sol files.

One thing I have learned on my own--I use NoScript (a Firefox extension) & I always keep javascript turned off. When I come across a web page where I need javascript, I just turn it on temporarily and refresh the page. As long as javascript is off, flash will not play and no Flash cookies will be placed. The only Flash cookies I had were from websites where I turned on javascript, like Youtube. Another tip: if you get Download Helper (a Firefox extension), you don't even need to turn on javascript--you can just download the video from any web page and play it on your computer anytime. The files you download will be .flv files (or they will have no extension so just rename them "anything.flv"). FLVPlayer4Free.com is a free program that plays the .flv files well.

I sure wish I had known about this sooner. Hope all this helps!

URL #1: http://epic.org/privacy/cookies/flash.html

comments powered by Disqus

< Back to Questions & Comments

© 2013 - JJ Luna, All Rights Reserved.