7 Replies Latest reply: Dec 15, 2010 1:45 PM by pyry
pyry Level 1 (0 points)
A good and bad thing about MBP is its transparency in documenting things done (things done today, past week etc). Everything is documented and available. It is disturbing of course if one is equipped with secrecy-genes.
In Safari private browsing is not quite private. As Christian Buerli wrote in MacFormat, uk on page 77 in summer 2008 "even with private browsing on, the domain names of visited, Flash enabled sites will be recorded to /Library/Prefs/Macromedia/FlashPlayer/#SharedObjects/.
My question is if I can dump all these shared objects (must be many hundreds of them) with no harm done to anything else.
pls advice,

 MBP 15" 2,66 GHz, i7, 8GB 1066 MHz DDR3 SRAM 2x4GB, 1TB 5400rpm., Mac OS X (10.6.5),  2xTime Capsule 1TB  iPhone4 32GB,  iPod 5gen 30GB,  iPod Nano 4 GB
  • Klaus1 Level 8 (47,755 points)
    Safari can keep your browsing history private. When you turn on private browsing, Safari doesn’t remember the pages you visit, your search history, or your AutoFill information, so your partner cannot see where you have been, but you must also remember to also turn off acceptance of cookies.

    In all other respects Private Browsing is not as private as you might think:

    http://www.switchingtomac.com/tutorials/how-to-make-safaris-private-browsing-fea ture-actually-private/


    and then Apple's own advice from here: http://www.apple.com/pro/tips/privacy_safari.html

    "Note that the Private Browsing option does not prevent Safari from collecting cookies (the preference files automatically generated by many websites). The Reset Safari option clears all cookies. If you want to delete only certain ones, choose Preferences from the Safari menu, click the Security tab, and then click Show Cookies. You can select and delete individual cookies from the list that appears. Careful, though — if you’re a frequent web user, this list can be very, very long."

    which is itself incomplete, the relevant part being 'If you want to delete only certain ones.

    To that end it is useful to have Safari Cookies installed, which is the only cookie manager available for Safari:


    which automatically deletes all cookies not marked as 'favourites' when closing Safari. It does the same for Flash Cookies, but they are subject for themselves:

    From this website: 


 For those who do not know about Flash cookies, more properly referred to as Local Shared Objects (LSO), they operate in a similar way to regular browser cookies but are stored outside the purview of your browser, meaning you cannot delete them from within your browser, whether Safari, Firefox, Opera or any other. Typically they are issued from sites or 3rd party sites that contain Adobe Flash content. Since virtually all internet advertising is  delivered in Flash, Google/Doudleclick and all other internet advertising companies are sure to be tracking your browsing behavior with Flash cookies. These companies can see you traverse the Internet as you come upon the plethora of sites that contain their embedded advertising. Check out the Wikipedia entry here.

In Mac OS X they are stored in the following location:

    /User’s Home Folder/Library/Preferences/Macromedia/Flash Player/#SharedObjects


The settings for the Flash cookies are stored in:
/User’s Home Folder/Library/Preferences/Macromedia/Flash Player/macromedia.com/support/flashplayer/sys

 In OS X Local Shared Objects, or Flash Cookies, are appended with a .sol suffix. Flush deletes all the Flash cookies (.sol) and their settings.

Flush can be downloaded from that page.

If you want to retain certain Flash cookies but not others, the excellent add-on for Safari called SafariCookies now includes a setting for automatically deleting flash cookies you don't want to retain, when Safari is shut down, in the same as it deals with ordinary cookies:


 which not only does that but much more equally useful stuff! 

This article covers the issue in more depth:


 Flash cookies are also known as 'Zombie Cookies' and are used by a number of firms, including Hulu, MTV, and Myspace. Graham Cluley, senior technology consultant at the internet security firm Sophos, told BBC News that the source of the trouble was Adobe Flash itself, which he called "one of the weirdest programs on the planet".

"I think it's highly unlikely that these large companies have abused Flash cookies - which are different from browser cookies - with malicious intent," he said.

"I think it's much more likely that the vast majority of users are simply oblivious to the bizarre way in which Adobe allows them to configure the software." 


And a more recent article: 

http://www.nytimes.com/2010/09/21/technology/21cookie.html?_r=3&scp=1&sq=flash&s t=cse
  • steko Level 2 (270 points)
    You also leave traces in:

    /Users/you/Library/Caches/Adobe/Flash Player/AssetCache (I locked my AssetCache folder)


    I think something changed in Snow Leopard, as "dscacheutil -cachedump -entries Host" brings up nothing here.

    Klaus, some of your links are broken:



  • Klaus1 Level 8 (47,755 points)
    All three links are correct and work from here.
  • andyBall_uk Level 7 (20,490 points)
    Nooo - your links are broken, not the ones steko posted.

    ... if I can dump all these shared objects (must be many hundreds of them) with no harm done to anything else (?)

    Yes, no problem at all - they're cookie-like in that you might notice a Flash site doesn't remember some setting you chose, for example.
  • Klaus1 Level 8 (47,755 points)
    Oops, yes Steko is correct!

    (Because my post did not transfer properly to the forum, and left out spaces or line feeds!)
  • steko Level 2 (270 points)

    Klaus & Andy, I locked:

    "folder with cryptic name, unique for evey user" like "ABC8RXYZ" in: ~/Library/Preferences/Macromedia/Flash Player/#SharedObjects/


    "sys": ~/Library/Preferences/Macromedia/Flash Player/macromedia.com/support/flashplayer/sys/

    AFTER opening a MySpace page one time, as Myspace seems to be the only site, that needs to create/find a flash-cookie, to work (musicplayer).

    Causing no problems here & I don't have to delete them all the time.

    So those Myspace ones:





    stay there undeleted for a long time.

    Do you think these alone (& the unique cryptic named folder) already make one traceable?
  • pyry Level 1 (0 points)
    Thanks Klaus1 for a thorough answer that also addressed some other questions I have been pondering.
    My bet is that this whole security thing will explode within the next 5 years. Things like Wikileaks do also force us in this direction.