[LINK] RFI: Intrusive Internet Mechanisms

rene rene.ln at libertus.net
Wed Dec 1 19:13:45 AEDT 2010


On Wed, 01 Dec 2010 18:28:38 +1100, Jan Whitaker wrote:

> At 02:31 PM 1/12/2010, Karl Auer wrote:
>> If you use Flash, you should also set the permissions on the
>> Macromedia home directory to forbid writing. I don't know how you
>> would do that in Windows, but in Linux it's
>>
>> sudo chown root:root /your/home/directory/.macromedia
>> sudo chmod go-rwx /your/home/directory/.macromedia
>>
> Here's the path I finally found after looking around all over the
> disk: C:\Documents and Settings\Jan Whitaker\Application
> Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys
> It wasn't in the other Documents and Settings subdirs nor in the
> Program Files.
>
> There is a settings file in there you can open with a text editor. I
> have no clue what it means, but its date is today, so it obviously
> updates itself at some stage frequently.
>
> Are you saying this folder should be set to read only?

I think that is the associated Windows implication of what Karl was saying 
about Linux. 

However, it appears to me that on Windows it does not work. 

Months ago, I set the ...\macromedia.com\support\flashplayer\sys\ directory 
to 'read only' (and it still says it's 'read only' in directory properties) 
but that makes no difference to the ability of Flash player to create/write 
files that I am under the impression contain Flash cookie stuff. With the 
/sys/ directory marked read only in Windows, what happens is that every 
site that runs Flash creates a sub-directory under /sys/ which consists of 
the site name and in the site-named sub-folder there is a file named 
settings.sol. I am under the impression that settings.sol file is the 
equivalent of a cookie (i.e. it's what's called a 'Flash cookie', and it 
may also be used for other purposes, although none seem 'necessary' given 
deleting the file makes no difference to whether or not Flash files on the 
given site will run next time one accesses the site). 

To date I've not been able to find a means of preventing the creation of 
*.sol files on Windows, nor automatically causing them to be deleted. 
Completely unsatisfactory/inconvenient as it is, intermittently I go into 
the /sys/ directory and delete all the sub-directories under it (which are 
site names). They'll re-appear if/when I visit a same site and let it run 
Flash, but I just hope that intermittently deleting these files reduces the 
potential for long term tracking etc. 

I also have things set in both Opera and my firewall that prevent sites 
from automatically running Flash, absent me saying OK I do really want this 
view this video, which pretty much eliminates the potential for 
unknown/untrusted sites to auto run Flash and set a cookie.

Irene
 








More information about the Link mailing list