It is currently Sun Apr 20, 2014 12:35 am

All times are UTC - 4 hours [ DST ]




Post new topic Reply to topic  [ 4 posts ] 
Author Message
 Post subject: On the Flash track - Tracking with Flash
PostPosted: Sun Apr 15, 2007 6:26 am 
Offline
Involved
Involved
User avatar

Joined: Fri Apr 13, 2007 5:07 pm
Posts: 20
Location: Black Hole
Posted to my blog

By Ed 4.15.2007

Most are aware of the use of Cookies to track you across the web. Some are aware of the use of Java/Javascript for this same purpose. Few,except Developers and people who deploy the ads are aware of using Flash to track you. And they don't want you too know.

Why did the use of Flash become so popular?
Because they know what you know.
They know you delete your cookies. They know you turn java and javascript off. They know you don't know ,they track you with flash.

Every website you visit that has advertisements created with Flash,has the capability to Track you.
Every time you watch a video created with flash it knows who you are and where you've been.
Don't believe me?
Well for you that use youtube,how do you think they know how many videos you've watched. It sure isn't from a cookie. It's from the Flash player storing information. Don't get me wrong cookies are still used on most every website you go to.

Why do you think you see all the flash advertisements on websites these days.
It isn't because its cool[ although some are ].
Most of them are placed by your favorite tracking company and they pay the operator of the website that installs them to help build the massive database on your surfing habits,along with the use of cookies and some javascript.

Not to many sites require you to use java to surf. But turn off cookies and they tell you that they need to be on to surf their site. Don't have flash installed, they'll let you know. Most of the time if you don't have Flash installed the only thing that doesn't work on a particular site are the advertisements, not the site itself.

Still don't believe or understand, maybe this will help.

A couple of years ago some folks became aware that they were being watched after their Unauthorized pictures were found on the web. How did this happen? Through Flash and their WEBCAM. The same thing happened with audio files, through flash accessing their plugged in MICROPHONE.

The easy remedy for this unauthorized access was to unplug the webcam and microphone when not in use. The webcam issue remains the same. However, the microphone issue is different. Most computers these days have a BUILT IN MICROPHONE attached to the MotherBoard and Some new monitors have built in microphones and cams, and I don't know how you would go about disabling them without loss of function to the entire device.

Note that it is the person or company that has created the Flash application you are using that is requesting such access, not Adobe (unless Adobe has created the application that wants access to your camera or microphone).

But hey, in this day of Surveillance what doesn't have a built in microphone or camera?


So how do I stop flash from tracking me? Don't use it!

From the Adobe Flash website they even tell you in a round about way that Flash could be used to track you.

"When Flash content is being played, the settings you select for Flash Player are used in place of options you may have set in your browser. That is, even if you have specified in your browser settings that you do not want cookies placed on your computer, you may be asked if a Flash application can store information. This happens because the information stored by Flash Player is not the same as a cookie; it is used only by the Flash application, and has no relation to any other Internet privacy or security settings you may have set in your browser."

"It is the responsibility of the person or company requesting access to make it clear to you why they want access and how they plan to use the audio or video. You should be aware of the privacy policy of anyone who is requesting audio or video access."

"It's important to understand that even though this settings panel is part of Adobe Flash Player, the audio and video will be used by an application created by a third party. Adobe assumes no responsibility for third-party privacy policies, actions of third-party companies in capturing audio or video on your computer, or such companies' use of such data or information."

But Flash will only ask if you have set it to ask!


If you need it,applying these settings may help.

You will have to go to the Macromedia/Adobe Flash website to access your settings manager.
Here-http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager.html
I suggest when/if you go and are not sure what to do, READ the information they provide.

What you will see in the following images are my settings, and Adobe's explanations for use in QUOTES.

"To specify privacy settings for all websites, use the Global Privacy Settings panel."

Image

If you use the Global Privacy settings as shown above you have 2 choices: Deny or Ask. I personally clicked the DENY. I mean why would a website need to access my Camera or Microphone. If I were using my camera or microphone such as in a chatroom, I would already know it was being used. No reason for any other site too use them. Using the Global settings will override the setting for Individual website settings. In other words....If you want or need individual websites to access you camera or microphone use the Website Privacy settings, Not the global settings.

"To specify privacy settings for individual websites, use the Website Privacy Settings panel."

Image

In the above image you need to choose. These settings are not used by myself as I have set my privacy setting in the Global tab which overrides this setting.

"To specify storage settings for websites you haven't yet visited, use the Global Storage Settings panel."

Image

In the above image I have set it to NONE by moving the Slider all the way to the left. I left the box beside Never ask again un-checked. Who knows, maybe later I would like them to store information on my computer. I doubt it though.
I also UN_CHECKED the box that would allow a THIRD-Party to store DATA on my computer. Much in the way I do not accept Third Party COOKIES.
Remember this is the GLOBAL STORAGE setting which will override the Website storage setting shown below.

"To specify storage settings for websites you have already visited, use the Website Storage Settings panel."

Image

This again doesn't apply to myself as I have set it with the GLOBAL SETTINGS. I did however click DELETE all sites as I did visit a couple before coming here to adjust my settings and I don't want or need their information on my computer.

Now this area is a little confusing and from the way I have read it, possibly a little Misleading.

"Using the Global Security Settings panel, you can specify that certain Flash applications on your computer may communicate with the Internet."

Image

First, my choice ALWAYS DENY. Why did I choose this setting? As I said their wording makes it a little misleading.

As you can see from the text on this panel They tell you,"Some websites may access information from other sites using an older system of security. This is USUALLY HARMLESS, BUT it is possible that some sites could OBTAIN UNAUTHORIZED INFORMATION using the older system."

First of all in the PHRASE above the image they told you,"you can specify that certain Flash applications on your computer may communicate with the Internet." Now exactly what are they talking about when they say "certain Flash applications on your computer may communicate with the Internet". The way I interpret it is, if you have saved a flash movie, video, animation to your computer it may at some time later when you play it again(locally not on a website) want to send information to the internet. What information and were does it send it? Your guess is as good as mine.

If you have an ALWAYS ON internet connection such as DSL or Cable, I suggest you turn it OFF before running any saved file and also get a FIREWALL that will alert you when something on your computer tries to access the internet. You would be surprised at the applications on your computer that access the net without you knowing.

The other part is as I told you at the beginning- Tracking you with FLASH. How else do you explain what they mean by "Some websites may access information from other sites." ?????

This next setting is for updates-
"To specify automatic notification settings, use the Global Notifications Settings panel."

Image

I have it set to notify me every 30 days. If I find that there is a update through other means sooner than this,I will get it.

Now too further clarify that FLASH is used to TRACK you just like COOKIES this is at the bottom of the page where you access the settings manager----

"You may be aware that some websites work together with your browser to store small amounts of data, called cookies, on your computer for their own use in the future. For example, when you go to a website regularly, it may welcome you by name; your name is probably stored in a cookie, and you can use browser options to determine whether you want cookies or not. You may also have specified in your browser that pages you visit can take up only a certain amount of disk space."

"When Flash content is being played, the settings you select for Flash Player are used in place of options you may have set in your browser. That is, even if you have specified in your browser settings that you do not want cookies placed on your computer, you may be asked if a Flash application can store information. This happens because the information stored by Flash Player is not the same as a cookie; it is used only by the Flash application, and has no relation to any other Internet privacy or security settings you may have set in your browser."

Do you understand what they told you here? In the simplest way I can tell you, FLASH overrides your Browser settings. In other words you may have a setting in your Browsers Privacy tab for cookies that looks like this-

Image

But setting the Global Security settings in Flash to Always Allow will override this. Always Ask is better if it does ask, and DENY is even better for me. Having it set to DENY if it works, is one less thing to worry about accessing your information.

This last image is of the Folder Tree in Windows Explorer. NO not Internet Explorer. If you don't know the difference do not MODIFY anything in here after I tell you how to access it.

Image

Where it shows User name, this would be what ever name you are logged on to your computer with. This is basically just to show those of you who do not know, Flash DOES store information from where you have visited and what you have viewed.

Do this at your own risk--- To access this in windows XP go to start button left click, go to ALL Programs, Then Accessories and when this list opens look for Windows Explorer and click on it. Go to your main drive, in my case as most it is C: click it to open tree, look for Documents and Settings click it,look for your user name click it,look for Application Data click it,look for Macromedia in my case or Adobe Flash or Adobe or Flash and look for Flash Player. From there just look in the Folders. Notice the Folder in the image that is highlighted [ #SharedObjects ] open it and be amazed.

Coming next FLASH EXPLOIT. What Flash Exploit you ask? Here is a little taste----

Summary:

"If you look into how widespread Flash Player's use is (something like 98.5 percent of all browsers carry the Flash Player in some version or another) vs. the security measures in place to prevent misuse –there are almost none– an entire array of malicious activity has yet to be explored.

Flash banner ad’s are everywhere. They’ve become the de-facto standard for online advertising. Sometimes these ads are distributed through internal advertising departments; most of the time, however, these advertisements go through advertising-specific distributors such as AdServe who deploy them to millions and millions worldwide through algorithmic distribution mechanisms...

The only safeguard, so far, is code auditing before a person publishes their file to the internet –which is also difficult to check since the source files, 9 times out of 10, aren’t hosted with the ad distribution company. And think: If just one high-profile banner ad was deployed with such a program embedded, it would affect millions of people.

Until then,
Ed aka 2_4GHz[/url]

_________________
Image
Image


Top
 Profile  
 
 Post subject:
PostPosted: Sun Apr 15, 2007 11:07 am 
Offline
SuperMember!
SuperMember!
User avatar

Joined: Sat Jul 24, 2004 11:58 pm
Posts: 866
Location: Planet Usury
Thanks .. Lots of helpful info. 8)

_________________
You will know you have spoken the truth when you are angrily denounced; and you will know you have spoken both truly and well when you are visited by the thought police.


Top
 Profile  
 
 Post subject:
PostPosted: Sun Apr 15, 2007 3:39 pm 
Offline
Site Admin
Site Admin
User avatar

Joined: Sat May 29, 2004 11:46 pm
Posts: 14442
Location: NC
WHOA! THANKS FOR THAT VERY USEFUL INFO. :D

I have several firewalls on my computer and STOPZILLA stops the popups, among other things.

_________________
Image

"Behind every great fortune lies a great crime."
Honore de Balzac

"Democrats work to help people who need help.
That other party, they work for people who don't need help.
That's all there is to it."

~Harry S. Truman


Top
 Profile  
 
 Post subject:
PostPosted: Mon Apr 16, 2007 5:55 am 
Offline
Moderator
Moderator
User avatar

Joined: Mon Jan 24, 2005 9:11 am
Posts: 5620
Location: western New York
Fantastic information. Thank you for posting it!!!

_________________
Libertarianism

Libertarianism Makes You Stupid


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 4 posts ] 

All times are UTC - 4 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
cron
Blue Moon by Trent © 2007
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group