![]() | This article is rated C-class on Wikipedia's
content assessment scale. It is of interest to the following WikiProjects: | ||||||||||||||||||||||||||||||||||||||
|
I added the 'unreferenced'</a> tag to this article. This article (in my opinion) needs to be vetted for good and proper use of references. There also may be original research/NPOV issues, e.g. "To this day, there is little public awareness of ... LSOs" and the random list of LSO editing programs. Bowmanjj 21:17, 11 April 2007 (UTC)
On OS X, setting ~/Library/Preferences/Macromedia/Flash Player/#SharedObjects as a link to /dev/null appears to work fine. However I noticed that for a couple of websites Flash stopped working, notably theonion.com and grooveshark.com. Curious, I set #SharedObjects back to be a real directory and it worked again. Any ideas on this? Perhaps one should use /tmp or better, some other directory emptied on browser exit. You’ve also got to watch ~/Library/Preferences/Macromedia/FlashPlayer/macromedia.com/support/flashplayer/sys, the @#$%(:>:&@ thing puts them in there too. And why the hell is an external website required to manage a locally installed application? I can only think that it's because Flash plug-in is not a standalone app, but still, this whole idea stinks...
I find it odd that my section gets edited within 1 hour of publication in an area that has not seen much attention. If there are errors in my section I would be glad to redact, but the content is accurate and I have provided the references. For future readers.. my edits are listed below. At least they can be seen in the discussion.
In addition to the marketing uses of cookies and flash (for demographic targeting), LSOs play a key role in an area known as Client Device Identification (CDI). Given that LSOs are leveraged by banks and merchants for validation of identify it is worth describing their use within this section. The term CDI was coined by Avivah Litan of Gartner Group [1]. Within the flash based LSO form of CDI, either the domain or their 3rd party vendor (ex. RSA, Iovation, arcot ...) store LSOs and compare the customer/LSO combination to a known list. The primary reasons that LSOs are selected for this function is that they are not frequently deleted [2] [3]
In the case of 3rd party vendors, although (technically speaking) the LSO is not read across domains, tracking by the third party is performed across domains. The ability for an LSO to be read across domains poses both a security and privacy risk. The security risk exists if the "writer" of an LSO puts sensitive information within it. The additional privacy risk is that a third party has ability to track website navigation as well as transactions (ex. Purchase, open a card account, top up a gaming account). [4] . A number of vendors claim the ability to calculate a real time "risk score" based upon the previous existence of an LSO/Customer combination.
Vendors providing services to track LSO, Customers and IP Address included
Others are referenced in the 2009 Gartner report Magic Quadrant for Web Fraud Detection [6] —Preceding unsigned comment added by Xs4-guy ( talk • contribs) 19:46, 27 March 2009 (UTC)
I am a little unsure about the "Dojo JavaScript Toolkit" reference/link... This seems like a multi-purpose javascript tool which just happens to have .SOL editing added in. Also there is no mention of what platforms each tool runs on, or any tools for Linux or Mac.
Maybe the "Viewing and editing LSOs" section should describe what a .SOL file looks like, and what (if any) conversion is necessary to edit it, instead of listing tools. I mean, by the title this really isn't a tools section.
--
128.227.127.228 (
talk)
18:09, 26 November 2007 (UTC)
I have added a references section and a number of references. Raffen ( talk) 09:10, 5 December 2007 (UTC)
Raffen ( talk) 09:10, 5 December 2007 (UTC)
I feel the number of citations and references now justify removal of the 'unreferenced' tag. Raffen ( talk) 10:05, 5 December 2007 (UTC)
I don't know how others feel about this, and I may be talking rubbish. But to me, this section seems... slightly more scornful (possibly not the right word, but it's the only way I can describe it) than perhaps it should. I won't change it, as it may just be my imagination, but I think it's worth mentioning and, if necessary, tweaking. Randomoocookies ( talk) 11:15, 27 July 2008 (UTC)
This whole article reads with an extreme negative slant towards LSO's. Sure, they can be used for nefarious purposes, but they are just as innocuous, most of the time, as cookies. Pretty much all browsers' default cookie settings are to store them indefinitely without prompting, and Flash follows suit. You can disable LSO's if you want. Anyway, the article needs a heavy rewrite. 99.233.111.84 ( talk) 04:26, 1 August 2008 (UTC)
The privacy concerns section should be "slanted". Many merchants and banks select LSOs because they are not normally deleted. This is what makes them unique. Firefox's latest version, as well as chrome default to delete cookies on exit so I don't know what "most" means above. Few people know that the chip ID Intel disabled in the PIII was not disabled for computers sent to China. Privacy and tracking are serious subjects, people outside of the US have their lives at stake, depending on the anonymity of the internet. We need to be able to discuss it. XS4-Guy 20Mar2009 —Preceding unsigned comment added by Xs4-guy ( talk • contribs) 17:58, 27 March 2009 (UTC)
Wired has an article that supports the negative view on LSOs: [1] The article is also referenced on security expert Bruce Schneier's blog [2] I think this adds credibility to the privacy concerns. Raffen ( talk) 18:37, 26 August 2009 (UTC)
I have added reference to Bruce Schneier's article, and to UK privacy law outlining the legal ramifications for companies that place LSOs on a consumer's machine without their consent -- Xs4-guy ( talk) 21:32, 5 November 2009 (UTC)
{{
cite web}}
: Text "Flash Cookies" ignored (
help)
Completely deletes LSO's, manages them to your requirements. https://addons.mozilla.org/en-US/firefox/addon/6623 —Preceding unsigned comment added by 119.136.204.86 ( talk) 14:46, 26 February 2010 (UTC)
Starting 2007, Greg Yardley and Trevor Hobson have developed Objection [8] as an open-source tool to view and delete LSOs. —Preceding unsigned comment added by 76.227.70.194 ( talk) 03:58, 30 September 2010 (UTC)
.... along the lines of linking to dev/null. On a Mac this is relatively easy if the user is only familiar with using the GUI and can be done in the Get Info panel for each directory. I've only ever changed permissions on the command line in Linux - I know I've seen the file properties box pop up listing permissions, but not sure about changing them.
As soon as I found them and before I was able to discern what their purpose was, only knowing that seeing domains like bin.clearspring.com, quantcast.com, suitesmart.com, uclick.com, and pagead2.googlesyndication.com meant one thing and one thing only - my web browsing was being tracked - coupled with the fact that I only had become aware of Flash just shortly before this occurred and I thought it was an Adobe plugin (I had no idea about the Macromedia connection) I immediately emptied the contents of what were seemingly the most troublesome directories:
~/Library/Preferences/Macromedia/Flash Player/#SharedObjects/XXXXXXXX (I had 8 different sub-directories in #SharedObjects )
~/Library/Preferences/Macromedia/Flash Player/macromedia.com
into a disk image to look at later when I figured out what this stuff was.
I had had a similar issue with eSellerate's undisclosed, uninvited, and unwelcome licensing mechanism for a supposedly free product that would regenerate on re-boot after everytime I tried to delete it, and solved it by emptying its directory and changing the permissions. So I figured I'd just do the same here and simply changed the permissions on the now empty #SharedObjects directory and the macromedia.com directory to read only for Owner, Group, and Other.
Since then, that was a handful of years ago, the restricted permissions have never posed an issue - meaning I've never received any errors from any Flash being executed nor have I seen an adverse effect - with three exceptions:
But I only really use it to watch video. I don't play games. I don't cam with it.
I did a very non-scientific experiment a year ago and recently repeated it for part of a project I am working on. I set up a fresh, default Macromedia directory in the OS X Preferences directory and decided to test their silly lil cartoon of a privacy panel. For the purpose of testing, we used the panel to tell Flash Player to disallow third party access always, to always ask for microphone & cam permission, and we left the LSO size default at whatever it was at the time, 100kb for sites and to never ask again. We fired up MTV.com to watch "The Hills" and it wasn't but 30 seconds into the show before it started to sputter. Not only did it ask permission for more space, it had in fact already stored 120kb , running over the limit. And the video refused to budge - it just kept spitting out that same message. So we upped it to 140kb... sputtered again, asking for more space!!! And then we went to look in the directory, and there were LSOs from MTV's content distributors, 3rd party LSOs. Woah, something was broken because our settings remained unchanged according to the panel - it still displayed our choice to deny third party, as well as our 100kb limit and never ask again choice.
We didn't make any further adjustments on the panel. We went into the #SharedObjects and macromedia.com directories, deletex everything, changed permissions to read only, started up the exact same episode of "The Hills," and playback was flawless. No errors, no sputtering, no nothing.
It's encouraging to know something has changed at least because I recently replicated the experiment and everything behaved exactly as the settings describe and one would expect. It stuck to the 100kb file limit, it didn't ask for more space, and there was no 3rd party content. Improvement but not ideal.
When I reported my findings in an Adobe customer support forum - the forums where employees rarely post, its mostly other customers helping each other - an Adobe Product Manager bounced right onto the scene to defend the privacy panel and to lament how browser makers don't make the API available to Adobe to develop in browser controls [1] (HELLO, FX IS OPEN SOURCE!).
My Dog Is Bart ( talk) 07:44, 16 June 2010 (UTC)
References
Is there any information on the LSO file format that could be posted here? In particular, it seems that there are at least two different LSO file formats in use (an "old" and a "new" version, which seems to be related to ActionScript 2.0 vs ActionScript 3.0) -- it becomes especially relevant to the list of application support because many applications on the list can only open some .sol files and not others. Abeall ( talk) 22:54, 7 August 2010 (UTC)
File format is not so complex... just re it like the authors of each program. —Preceding unsigned comment added by 78.147.40.215 ( talk) 13:22, 26 September 2010 (UTC)
Does anyone have a feel for why there are 2 MS windows NT location sections. The data is exactly the same. — Preceding unsigned comment added by 67.248.181.72 ( talk) 01:49, 27 August 2011 (UTC)
The result of the move request was: Moved to Local shared object Mike Cline ( talk) 16:08, 24 December 2011 (UTC)
Local Shared Object →
Local shared object –
Per WP:MOSCAPS ("Wikipedia avoids unnecessary capitalization") and WP:TITLE, this is a generic, common term, not a propriety or commercial term, so the article title should be downcased. In addition, WP:MOSCAPS says that a compound item should not be upper-cased just because it is abbreviated with caps. Lowercase will match the formatting of related article titles. Tony (talk) 14:03, 17 December 2011 (UTC)
The section "Editors and toolkits" is just a table. It would be helpful to have at least a sentence explaining what the table is. For instance "The following table lists software with capabilities for editing, managing, or blocking local shared objects." Preferably a slightly more detailed sentence. I don't want to write it because I'm not expert in this area, so I don't have a good idea of the range of software included in the list, and how complete the list is. These are issues I think should be (briefly) addressed, though. MorphismOfDoom ( talk) 15:29, 5 December 2012 (UTC)
Hello fellow Wikipedians,
I have just modified one external link on Local shared object. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:
When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.
This message was posted before February 2018.
After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than
regular verification using the archive tool instructions below. Editors
have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the
RfC before doing mass systematic removals. This message is updated dynamically through the template {{
source check}}
(last update: 5 June 2024).
Cheers.— InternetArchiveBot ( Report bug) 02:38, 25 May 2017 (UTC)
Hello fellow Wikipedians,
I have just modified 3 external links on Local shared object. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:
When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.
This message was posted before February 2018.
After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than
regular verification using the archive tool instructions below. Editors
have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the
RfC before doing mass systematic removals. This message is updated dynamically through the template {{
source check}}
(last update: 5 June 2024).
Cheers.— InternetArchiveBot ( Report bug) 23:01, 4 January 2018 (UTC)
Since it's just been expanded again, it seems worth pointing out that Wikipedia is not an instruction manual, and absolutely none of this horrifically-formatted faff is even remotely encyclopedic or relevant.
File locations
The default storage location for local shared objects is operating system-dependent, and depends on the flash plugin being NPAPI or PPAPI.
NPAPI, ActiveX and standalone projector
On Microsoft Windows NT 5.x and 6.x, they are stored in: [1]
- %APPDATA%\Macromedia\Flash Player\#SharedObjects\
- %APPDATA%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\
On Mac OS X, they are stored in:
- ~/Library/Preferences/Macromedia/Flash Player/#SharedObjects/
- ~/Library/Preferences/Macromedia/Flash Player/macromedia.com/support/flashplayer/sys/
On Linux or Unix, they are stored in:
- ~/.macromedia/Flash_Player/#SharedObjects/
- ~/.macromedia/Flash_Player/macromedia.com/support/flashplayer/sys/
For Linux and Unix systems, if the open-source Gnash plugin is being used instead of the official Adobe Flash, they will instead be found at:
- ~/.gnash/SharedObjects/
PPAPI
When using Google Chrome the location for the Pepper Flash (PPAPI) storage is:
- Windows: %localappdata%\Google\Chrome\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects
- Mac OS X: ~/Library/Application Support/Google/Chrome/Default/Pepper Data/Shockwave Flash/WritableRoot/#SharedObjects/
- Linux: ~/.config/google-chrome/Default/Pepper Data/Shockwave Flash/WritableRoot/#SharedObjects/
In Microsoft Edge with Chromium, the location for the Pepper Flash (PPAPI) storage is:
- Windows: %localappdata%\Microsoft\Edge\User Data\Default\Pepper Data\Shockwave Flash\WritableRoot\#SharedObjects
- Mac OS X: ~/Library/Application Support/Microsoft/Edge/Default/Pepper Data/Shockwave Flash/WritableRoot/#SharedObjects/
Unless someone objects I'm just going to circular-file the entire section. -- FeRDNYC ( talk) 03:26, 2 September 2020 (UTC)
References
Support of Adobe Flash ended, see Adobe Flash Player EOL General Information Page. Does it mean LSO are no more used? Could they still be a security issue? Tnx,-- Riha ( talk) 07:11, 17 December 2021 (UTC)