Upload
wilona
View
40
Download
1
Embed Size (px)
DESCRIPTION
Privacy of Flash Cookies. Quentin Mayo,Chris Hoofnagle , JD Ashkan Soltani , MIMS. Abstract. - PowerPoint PPT Presentation
Citation preview
Privacy of Flash CookiesQuentin Mayo, Chris Hoofnagle, JD Ashkan Soltani, MIMS
April 22, 2023
Flash cookies are emerging as a new consumer tracking technology. Flash cookies, also known as Local Shared Objects, are similar to HTML cookies, but they can store more information and they are more persistent. Privacy issues are intensified by Flash cookies because they are not controlled by the browser, and because consumers are likely to be unaware of their presence. This study focuses on the presence and operation of Flash cookies on the top 100 websites.
• Determine how flash cookies are being used on the web
• What were the most frequently appearing ad companies that are using flash
• Check if any companies use flash to bypass user settings or to contravene user expectations
Data came from Quantcast Top 100 July 1, 20095 five additional “Government Websites” were studied• LSO files stored Set by Adobe, Domain, and Third Party Companies in the macromedia folder. Holds IDs, preferences and other values• Cache Temporary storage for data needed to be frequently access.• SWF (small web files) files Embedded into WebPages for multimedia and advertisements.• Standard Cookies• Basic string values access by a domain
Results:
Overlapping Cookies?
Means that some of the same key values/tags inside the Flash Cookies also are found in HTML Cookies. These values could include user IDs or unique strings
Overlapping Cookies
2241%32
59% IDs Overlap
No Overlap
46 of the top 100 sites stored flash cookies
46%54%
Sites that had solfilesSites without solfiles
goog
le.co
m
msn.co
m
yahoo
.com
live.c
om
faceb
ook.c
om
wikipe
dia.or
g
youtub
e.com
micros
oft.co
m
myspa
ce.co
m
ebay.c
om
aol.c
om
ask.c
om
blogs
pot.co
m
craigs
list.o
rg
abou
t.com
amaz
on.co
m
mapqu
est.c
om
answ
ers.co
m
window
s.com
photo
buck
et.co
m0
20
40
60
80
Top 20 sitesRatio Flash Vs. HTML Stored On User's Computer
HTTP Cookies Flash Cookies
Cookie Respawning• Flash cookies are present on more than
half of the top 100 sites, and instead of being used to store preferences, some appear to be tracking individuals because they have settings mirroring ordinary HTML .
• We demonstrated some of top 100 sites are using Flash cookies to respawn deleted HTML cookies, from both first party and third party domains. This circumvents user attempts to prevent tracking.
Future Work and Importance
• Raise awareness of the emergence of Flash's tracking capabilities. Analyze more domains for cookie respawning or other tracking activities
012345678
Goverment Site: LSO/HTTP Content
HTTP Cookies
Sol Stored
Sites #SharedObjects Obtain from Government site
cdc.gov None
data.gov Clearspring.sol
dhs.gov Clearspring.sol
irs.gov None
nasa.gov None
whitehouse.gov Clearspring.solSoudData.sol (Youtube LSO file)Videostats.sol (Youtube LSO file)
1. No Data Modified. One HTML Cookie contains same string value
as Clearspring’s LSO.
2.HTML Cookies deleted but left Clearspring’s LSO file
3.Visited same webpage. Two HTML Cookies created. Both contained
different values.
4. After surfing domain, the HTML cookie is rewritten, establishing the
original flash cookie value
Abstract
Conclusions
Data Collected
Research and Purpose