Website Administrator

    delivering administrator solutions for your website...


Date added: 20 July 2010
Last Mod: 25 Feb 2011
© 2010 Steve Campisi

Website Administrator Know How Articles

The Flash Super Cookie - The Local Shared Object (LSO Cookies).

(review part 01 - Background data for LSO Cookie)
(jump to LSO removal Tools)


How a Local Shared Object gets onto your computer.

(Continued from Part One)
Your web browser is left unawares as the LSO cookie passes onto your system under the guise as a legitimate part of the flash portion of the page which embeds it. The LSO can be stored at several locations on your hard drive, where as the common cookie has only one location (per browser) to choose from. The LSO can be tiny but it can also be huge. Sizes assigned can be either 10kb, 100kb, 1000kb or 10,000kb (10 Mb) of storage for each LS Object. The default setting is 100kb (compared to the HTTP cookie's default of 4kb). To put this into perspective, you can download a 1994 version of Mario (Bros) and lose hours of time playing it and all for a total space consideration of less than 65kb! (If you do download this game, you will probably also want to download DOSBox so memory, cpu and newer graphics modes all make sense to your space-age generation of computer.)

And a comment should be made that the vast majority of general flash coders do not code LFOs into their presentations etc. And a large number that do use the LFO, do use it to actually better your experience while on their website. But regardless of the coder's intention, and in any case, the result is the same: your browser is not able to clean the LSO (nor the similar styled DOM Storage Object or Microsoft's new flash program look-alike Silverlight cookies etc.) in the same manner as the common HTTP cookie because it is not.

Where and How to find Local Shared Objects on your computer.

Mostly, we can find the Flash Local Shared Objects in various \Macromedia\Flash Player\ directory paths but this is not always the case. The LSO uses a .sol extension so we can also search for any files that use this suffix. Therefore, to search where the Local Shared Objects are on your computer, you can use your normal search option and search for the term *.sol in the "find files or folders" on your computer's data drives. By including the asterisk as a wildcard means that the search will return any result that uses .sol as a filename extension. And this does not mean all *.sol items found on your computer are flash cookies. Removal is best carried out with the aid of one of the programs and/or the adobe tool as referenced later in this article.

How to Code the Local Shared Object.

For the technical minded, if you do explore this next adobe website link (and more specifically, the links with-in that link), you can find some various extra data on setting some of the various parameters of the Local Shared Object and a couple of pretty diagrams describing how updating and synchronizing the LSO is achieved. Also, here is a basic tutorial for flash coders who are wondering how to get started on coding an LSO.

Capabilities of the Local Shared Object.

Having reviewed part 01 of this series, we now come to understand that what ever any ol' cookie can do, the Local Shared Object can do too, and with trimmings if need be. And take heed, ignorance of the existence of Local Shared Objects does not exempt one from their use in any day to day web surfing. And it is up to the end user to be aware of, and to learn how to set the preferences for these super cookies.

Adobe explains on their website that the flash LFO is "...exactly like a browser cookie, except that it can also store data more complex than simple text..." [emphasis added]

Further, "...shared objects cannot access or remember your e-mail address or other personal information unless you willingly provide such information..." [emphasis added]

But before we go instantly ballistic or set fire to our hard drives, let us learn what we can do to reign in these silent seemingly semi-sentient lurkers that would happily thrive in any world reminiscently cloaked in the doublethink and pervasiveness of George Orwell's Nineteen Eighty-Four.

cookie free web surfing

Control of Local Shared Objects

The most drastic control level you can take is to totally disable shockwave flash in your browser. This might be ok for some, but for those that enjoy flash based games or still want to watch flash movies etc., you would skip this level of control.

Though, if you insist, Firefox users can disable shockwave flash from the Plugins tab in the Add-ons menu in Tools (see Fig. 03) and highlighting the Shockwave Flash plugin. If it says Disable, then click the button. The image below shows shockwave flash in the disabled condition. You would need to click the "enable" button for the plugin to work if it appears similar to this image.

FireFox Tools/add-ons/Plug-ins - [ Fig 03 ]firefox add-ons

Internet Explorer Uses would take the following steps to achieve this: (A neat trick for more modern i.e. users is to first load a simple page containing Flash like this small animated spider poem sampled from ARACHNE SPEAKS, a book of modern mythology works by the talented and award winning Kate Hovey before starting this checklist as you may only need to do the four "1" steps in this list)
  1. 1. Tools
  2. (1b. if "manage add-ons" is in this list, select it else jump to step 2)
  3. (1c. from the right hand side list, find and select/highlight "Shockwave Flash Object")
  4. (1d. select "disable" then "close" and you are done, if you encounter problems with this step then jump to step 5)
  5. 2. Internet Options
  6. 3. Programs
  7. 4. Manage add-ons
  8. 5. In this tab find "show:" and select "run without permission" from the pull down list under it.
  9. 6. From the right hand side list, find and select/highlight "Shockwave Flash Object"
  10. 7. Select "disable" then "close" and you are done


Local shared object control at adobe.com

This step is enigmatic in that in order to change the flash settings in your local computer, you must do so from the Adobe Website using the Adobe Flash Player Settings Manager. (If you do not have flash installed on your computer, or have disabled your flash as per the above setting, you will not see this flash player settings manager menu. This also means you are now free of any LSO intrusion during any web browsing activities. If you want to see the settings manager, you will have to either download flash or enable flash and then refresh the webpage.)

There are eight different HTML pages you need to visit to fully set your LSO options. The next figure (fig. 04) is a picture copy of the actual settings manager from which you control the configuration settings of your flash program on your computer. You can navigate all eight pages by clicking each of the tabbed icons at the top of the panel. Modify the settings on each page as you progress through the tabs. The second tab (as shown here) allows you to turn off third party Local Storage Objects. And judging by the "yet" word given in this panel, the sooner the better. Tab seven will reveal the list of owners for LSOs that are current on your system with the option of deleting the lot or one at a time.

(Please note: These links open in a new tab/window. You can navigate and set the different settings in that tab/window)

Adobe's Global Storage Settings panel - [ Fig 04 ]
firefox add-ons

Manage your Flash Components by clicking this link here

If you are in doubt on any setting, you can choose "always ask" where this is applicable. And if you are ever asked, you just say "no!" That way you can tell after a few denials whether turning off the setting would effect your browsing habits or not. You should set any storage space to zero (flash game players might want to allow some storage for better game performance). The new Flash10 Peer2Peer feature is due to adobe's purchase of amicima (2006) starting to come to fruition. You may need to check your P2P program details to see if and how any LSOs are used. If you do not use any Flash P2P, then disable this feature.


Store Common Flash Components to reduce download times is in reference to .swf or .flv and other files that are identical and are to be served to your browser from some website. The Adobe website gives an example of how this may be shared with-in sub domains of the same domain. Checking the box is probably as safe as it is with cookies when you have third party cookies turned off. If you turn it off, it would only be annoying if the shared .swf or .flv etc were fantastically huge in file size. If you don't like third party content, then make sure you turn off Allow Third Party Flash Content here.

Exploring each of these pages offered up whilst using this flash player settings manager tool also uncovers some interesting data on LSOs. If you are further interested, a browse around each page for some extra juicy data is well worth your while.

Management of the Local Shared Object (LSO) from your computer

By far, the best thing to do next, or even first, is to make sure you use firefox and get an add-on which will do the hard yards for you. If you must use Internet Explorer, you should still install firefox or chrome then download and set-up an LSO remover add-on so that you are able to at least periodically clean out your system by starting and closing firefox.

Download LSO Removal (Privacy) tools for your Web Browser

Mozilla Firefox: Add-on LSO Cleaners

Better Privacy

Originally a project begun by Greg Yardley, and later adopted by netticat.ath.cx, an excellent Local Shared Object (LSO) tool for the Firefox web browser is this add-on now known as BetterPrivacy. (Note: the netticat link usually has the most updated version of BetterPrivacy for download) With this add-on, you are able to configure your settings for how you would like the LSOs stored on your computer to be treated. Better Privacy will also clear your DOM Storage Objects which can also retain data on your internet browsing activities. One of the features is delayed deletion which allows the movie to start (Some movies check that an LFO was installed before they will begin to play) and then deletes the LFO at some specified time later - you set the timer.

Privacy Plus

Privacy Plus is another add-on which will add a "Clear Flash Local Shared Object" checkbox option in the list of items to be cleared when the browser history is cleared. (see Fig. 02 image in Part 1)

Google Chrome: Add-on LSO Cleaners


Click&Clean from hotcleaner.com is a free add-on chrome users can download which will add a clean button to the browser interface. Click&Clean will also remove other privacy issues such as the HTTP cookie as well as microsoft's newly introduced LSO-type clone for their flash look-a-like program silverlight.

Microsoft Internet Explorer: Add-on LSO Cleaners


At some point, something will be written here that makes sense for i.e. users. But for now, if you use internet explorer, i would recommend downloading and installing one of the other above browsers and also download an LSO cleaner add-on to suit that browser. Just remember to set the cleaner up and use it often. Else, it might be time you took the hint and switched to a browser that allows you easier control of your privacy no matter how you browse the internet (privacy mode or not).

Removing MicroSoft's Silverlight: Online link to Remove SilverLight

This is for those that want the link to remove SilverLight from their system. It is also the same link that one uses to install silverlight. Just ensure you select the correct tab. I have to have an MS Live account in order to use Bing WebMasterTools. And to get any benefit from Bing WebMasterTools tools, the WebMaster needs to also install SilverLight which goes about it's business silently in the background for ever after. Here's my eyewittness account of something that drew my attention after installing SilverLight for the first time (Notes are in Australian)...

Notes on installing MicroSoft's SilverLight:

"...So, anyways, there i am and there i go, i wanna add a new url into Bing's webmaster tools, 'cause honestly, wot chance has Bing of findin' it by its self if left to it's own devices then? Am I right? Huh? Naw, I'm kiddin', they got their sitemap.xml bot goin' better nowa days i reckon. But anyways, i still don't trust 'em to find it so i needa log into windows live first before i can tell bing to do just that. So i do just that, don't i? And that's ok, 'cause i also know i gotta have javascript enabled if i wanna use anythin' that is MicroSoft. Right? Yeah? No, really, Sesame Street should swap out that blue monster for a windows logo puppet 'cause there ain't nuthin on earth that luvs cookies more. Can i say that? Naw, 'tis just a techie joke. Anyways, seriously, i got my javascript goin' and my Silverlight is now freshly installed and i let Bing know where to go to find this new url on this website, and then and that's it. My job's done so i'm goin' to quit windows live now, you see, after all, who uses msn, hotmail or anythin' like that anymore? That's old, old stuff init? Wouldn't even bother with Bing if it weren't for i saw it on GossipGirl a ton a times as it seems none of 'em YuppieYorkers seem to know what a Google is on that show. Init? Am I right? Yep. Maybe some NYNY schools aint never heard of Google to let their kids know about it. So there i is and i go and tell microsoft i am done and wanna log out and guess wot? It won't lemme log out. It's now tellin' me i gotta have javascipt enabled or i can't log out! So i check my browser settings agin jus' ta make sure i'm not dim witted. I don't wanna come across as bein' totally daft or nutten, don't i? And there 'tis. Javascript is enabled. So wot's this about then? So i check this again and again over the next few weeks and it's the same thin' every time. But only ever since i installed SilverLight. If log into WindowsLive, i can't log out. It's lookin like silverlight is a more thorough tracker than any flash LSO but i aint done nothin' about researching this any further just yet, it's caught my attention and has made itself onto my to do list is all, but i thought i might just mention it 'case you wanna check or research this for yourself..."

Closing food for thought

Also, bear in mind that there are other newer cookie types aborning so ensure you stay vigilant and for starters make sure you install one of these cleaners (there may be others which are good too) to help you regain supremacy over this new breed of stalker acting like a monkey on your back.


Next Page: Back to Part One - Cookies First.

Hook this article/post into:
Delicious Digg Facebook Google StumbleUpon Technorati Twitter Yahoo

| downloads | home | articles index |