Home Page

  


EARLIER FEATURES

  


FEATURES CONTENTS

  


LATER FEATURES

  

Features Contents
1st June 2011

THIS IS HOW THE COOKIES CRUMBLE

Brian Grainger

email.gif (183 bytes)
 brianATgrainger1.freeserve.co.uk
 

How do you feel about the use of cookies on your computer? Do you delete them at regular intervals or do you ignore them and let them build up. You may be surprised to know that even if you delete cookies faithfully then they are still building up without your knowledge. This article is about cookies and other similar bits that are being stored on your computer without your knowledge.

When the Internet became popular we were all told about how various sites would store little text files on your computer, called cookies, that would store information by that site, such as where you have visited. Apparently one site would not be able to look at the cookies from another site, so your privacy was ensured. Nevertheless, browsers would have options to delete cookies so that the more security conscious could get rid of these bits of information. At my place of work the security settings are such that these text file cookies are deleted at the end of the day. These text files have their own folder called 'cookies', inside you windows folder, so they were not trying to hide themselves.

Before reading any further try doing a file search on your computer for all files with an extension sol, that is search for *.sol. Do this after you have allowed Windows Explorer to see all files and unhide file extensions. How many appeared? Do you notice how the names are usually of web addresses. Do you know what they are doing? Did you know they were there?

Unless you have already read about .sol files the chances are you will be a little surprised about how many of these files there are.

What are .sol files? SOL stands for stored objects (local). They were introduced with Adobe Flash and have been around for a long time. In another article I have mentioned that Flash is more than a tool to play videos. Flash is a programming tool for developing visual applications, especially those hosted online. As with other programming languages Flash makes use of variables that can contain the values of parameters. The problem that arises is what happens if you want to store a value for use the next time the application is executed when you return to the web site hosting it. For example, if you play a video on YouTube and you adjust the volume then the value is stored so the volume is correct the next time you visit. The answer to the problem was the .sol file which, as their name implies, are stored on the local machine. More details can be found here:
http://blogs.techrepublic.com.com/security/?p=2299&tag=nl.e036

This is all well and good but then other websites, who are not using Flash, realised here was another way to store cookie information. It also had the advantage that users did not know about these files and, even more important, there were no automatic methods for deleting the files as there are with normal cookie files. It wasn't just dodgy websites using these files either. Well known sites were using them.

These files have been around for a long time and their usage as cookie files has also been known, as you can tell if you search for info on the web. Nevertheless, their existence had been unknown to me until fairly recently, never mind the man in the street. I suddenly became aware of them when I was monitoring what was eating up my profile space in my Windows XP environment at work.

Until now the only known way of exercising some form of control on these files was to go to the Adobe website and enter the flash control section.

This situation has remained this way for quite some time and then some websites got even more controlling. The Walt Disney organisation has been accused of using .sol files, (flash cookies), to deliberately undermine the control that users may have set on the normal cookie files. If users had specified that cookies were to be deleted then .sol files would be used to regenerate them without the user knowing. Clearly, this is a breach of privacy. More details can be found here:
http://www.theregister.co.uk/2010/08/17/flash_cookie_lawsuit/


Adobe had commented, in January 2010, on Flash cookies to the Federal Trade Commission in the USA condemning such use of Flash cookies. Adobe's comments can be found here:

http://www.ftc.gov/os/comments/privacyroundtable/544506-00085.pdf

As you can see in the comments, Adobe had still not come up with an easy way for the sol files to be deleted.

Nine months after the Disney revelation, Adobe announced that they would give local machine control of flash cookies in an upcoming update of Flash. It has finally happened with Flash version 10.3. More details here:
http://www.theregister.co.uk/2011/05/13/adobe_flash_10_point_3/
Removal will not be possible with older browsers, (Internet Explorer 6 for example, which is still used a lot). The technically savvy will be able to remove all the Windows Explorer hiding of files and manually delete these .sol files. It is, however, a pain to have to remember and do this without it being done automatically.

Don't think that once we have control of Flash cookies that this will be the end of the matter. Other mechanisms for providing a cookie-like file have already been identified - which are even more difficult to remove. While software writers keep providing mechanisms to write files on the local machine when online, other unscrupulous people will exploit them to invade our privacy or extract our information without our knowing.

The threat of viruses is now very old hat. Why bother trashing a user's system. Much better to surreptitiously collect a user's private information and use it against them.

 

 

 

 


TOP