To try the thousands of add-ons available here, download Mozilla Firefox, a fast, free way to surf the Web!Close
Welcome to Firefox Add-ons.
Choose from thousands of extra features and styles to make Firefox your own.Close
Remove or manage a new and uncommon kind of cookies, better known as LSO's.The BetterPrivacy safeguard offers various ways to handle Flash-cookies set by Google, YouTube, Ebay and others...
About this Add-on
- If you have problems or suggestions please do not post it here but send an email
- This add-on is guaranteed to work only with the official Firefox release branch, meaning nightly-versions or other beta releases are not explicitly supported (even including ESR-versions).
Better Privacy serves to protect against special longterm cookies, a new generation of 'Super-Cookie', which silently conquered the Internet. This new cookie generation offers unlimited user tracking to industry and market research. Concerning privacy Flash-cookies are most critical.
This add-on was made to make users aware of those hidden, never expiring objects and to offer an easier way to view and to manage them - since browsers are unable to do that for you.
Flash-cookies (Local Shared Objects, LSO) are pieces of information placed on your computer by a Flash plug-in. Those Super-Cookies are placed in central system folders. They are frequently used like standard browser cookies. Although their threat potential is much higher as of conventional cookies, only few users began to take notice of them.
BetterPrivacy allows to list and manage Flash-cookies, e.g. to remove those objects automatically on browser start, browser exit or by a configurable timer function while certain desired Flash cookies can be excluded from automatic deletion. So this extension becomes sort of "install and forget add-on". Usually automatic deletion is safe (no negative impact on your browsing), especially if the deletion timer is activated. The timer can delay automatic deletion for new or modified Flash-cookies which might be in use. It also allows to delete those objects immediately if desired. Users who wish to to manage all Flash-cookies manually can disable the automatic functions or exclude certain Flash-cookies from automatic deletion.
Some Flash-cookie (LSO) properties in short...
- they are never expiring - staying on your computer for an unlimited time.
- by default they offer a storage of 100 KB (compare: Usual cookies 4 KB).
- browsers are not fully aware of LSO's, They often cannot be displayed or managed by browsers.
- via Flash they can access and store highly specific personal and technical information (system, user name, files,...).
- ability to send the stored information to the appropriate server, without user's permission.
- Flash applications do not need to be visible
- there is no easy way to tell which Flash-cookie sites are tracking you.
- shared folders allow cross-browser tracking, LSO's work in every flash-enabled application
- the Flash company doesn't provide a user-friendly way to manage LSO's, In fact it's incredible cumbersome.
- many domains and tracking companies make extensive use of Flash-cookies.
This kind of cookies is not harmless.
------------------------- IMPORTANT -------------------------
IF YOU PERMIT DELETION OF LSO's,
THEN COOKIE-STORED INFORMATION LIKE
GAME SETTINGS OR LOGIN DATA (YAHOO SEAL)
MIGHT BE LOST! MAKE SURE THAT YOU EXCLUDED
IMPORTANT COOKIES FROM DELETION (SEE FAQ)
Frequently asked questions (FAQ):
Please scroll to the bottom of the page.
Recommended comprehensive Flash-cookie article (topic: UC Berkeley research report)
Wikipedia LSO information:
See what Google finds:
Other privacy add-ons strongly recommended:
1. Self-Destructing Cookies
2. Decentraleyes: There is a new tracking threat - no longer using any kind of cookies. Tracking companies invented a new and highly effective way to follow web users
NO SUPPORT POSSIBLE HERE!
If you have a problem, please send an email so that I can answer. Do not post your questions in reviews (instead see support email here).
Q: I notice that when I go to the Flash Player settings manager site I still get a list of visited pages.
A: In default configuration BetterPrivacy does *not* delete the Flash-Player-default cookie. Some users consider the default cookie as important since it keeps Flash-Player update settings as well as some camera or microphone settings. The default cookie also keeps a complete list of all visited LSO pages. However, the stored data associated with those visited pages will be deleted by BetterPrivacy though.
As long as the default cookie is kept, Flash-Player's settings-manager still shows a complete list of all visited pages, even if BetterPrivacy deleted all data storing objects. Go to BetterPrivacy's options and check 'Also delete Flash-Player default cookie' in order to remove the list of visited pages as well as the Flash-Player settings.
Q: Error-message: Flash application data folder not found!
A: As noted at the beginning, if you do not have a FLASH-plug-in installed, then you do NOT need BetterPrivacy! Only a Flash-plug-in can place LSO's on your disk. Otherwise make sure that your browser-Flash-plug-in is correctly installed and that it works.
Q: Error-message: BetterPrivacy is searching for your Flash-cookie directory. The search takes longer than expected.
A: In Firefox open BetterPrivacy (Menu->Tools->BetterPrivacy) and enter the correct path of your Flash data directory. Depending on your operating system this should be one of the following paths:
Windows: %APPDATA%\Macromedia\Flash Player\
Macintosh: ~/Library/Preferences/Macromedia/Flash Player/
Q: Flash has a built-in panel to define storage settings, why should I use an add-on?
Q: What about the 'Global Privacy Settings panel' located on a fairly hidden company page?
A: The usual Flash control panel only provides an option to set a storage limit on a per site basis. Thus you would need to define a new limit for every single Flash-site you visit. If you look at many different sites a day you easily end up in wasting your time by defining all those limits. Moreover there exist functional Flash embeds that are not visible - so you would not be aware that you missed to define a limit.
A: You can use it to globally deny storage of web site data - but as storage is disabled it might happen that a LSO powered site denies it's service too. Of course, with global settings you cannot make exceptions. Besides the global LSO there will be stored additional settings LSO's for every Flash site (so some tracking still remains possible). Also be aware that the global settings LSO does not get deleted. Note that the company could have made this global panel available from the right click menu but they didn't. All in all you see that the process for managing permissions is practically unusable.
Q: How to find out how many cookies currently are stored on my computer?
A: Go to BetterPrivacy's options (Firefox tools menu), LSO-manager tab. All currently stored LSOs, if any, are listed there. Note that some sites store their cookies instantly when loading, others not before they are closing.
Q: What might happen if I give permission to delete (some of) my LSOs?
A: It is pretty much the same thing as with usual cookies. In most cases nothing happens. However, to gain all conveniences some services might require you to be tracked. For example they could store some data (e.g. Flash game settings) together with the tracking data itself. They bundle some interesting feature along with tracking data to get you to keep the awful cookie. Read next topic on how to exclude special cookies from deletion.
Q: How to exclude certain LSOs from automatic deletion?
A: Go to BetterPrivacy's options (Firefox tools menu), LSO-manager tab, select the site/cookie folder you want to exclude and press 'Prevent automatic LSO deletion'. Note that you allow tracking with every excluded LSO. Important: Protection means those LSO's are excluded from BetterPrivacy's deletion but the owner web site still can delete them as well as any other programs you might have running!
Q: How to select more than one LSO at a time?
A: With BetterPrivacy you do not need to select multiple LSO's, BetterPrivacy provides a more user-friendly kind of selection: Just highlight those (usually few) LSO's you wish to exclude from deletion and press the "Prevent automatic LSO deletion" - button for each excluded LSO. Finally press the "Remove all" - button. You will be asked if you wish to delete every LSO or only those which are not excluded.
Q: What means <settings LSO>, <default LSO>, <local LSO>
A: A settings-LSO does not store any data defined by websites, but about those sites: It can store information which is defined by you - the computer user. Therefore each settings-LSO needs to store the website-URL in order to identify the appropriate pages. The user-defined information can be used to determine how the Flash-player should behave on a certain site (e.g. special site volume or camera settings or rules that describe how to handle LSO's on the site). Thus it usually is not necessary to delete this kind of LSO. The user-defined data is not accessible by websites. However, if someone has physical access to your computer (e.g. multi-user system) other locally present users could see which Flash-sites have been visited in the past. The default-LSO is a special settings-LSO storing global (default) settings-data, as well as Flash-player-update settings. This LSO also keeps a complete list of all visited Flash-sites. In BetterPrivacy it is excluded from automatic deletion by default, but you can change this behavior in the BetterPrivacy options. A local-LSO is not stored by a website but by Flash-software installed on your computer.
Q: Does BetterPrivacy block any sites or alter any settings of my Firefox installation?
A: No! BetterPrivacy never modifies web pages! The add-on does not even know that web sites exist. It just looks in the cookie folder on your hard disk at the end of a Firefox session. For sure, if you confirmed to delete some LSOs it might happen that some previously LSO-stored data, e.g. Flash game settings, are lost: It is as like as with usual cookies! To prevent such data loss, see above (How to exclude...). BetterPrivacy also stores some own preferences using a unique name space, just as every add-on does.
Q: Does every Flash application/video place a cookie on my hard disk?
A: No! There are many Flash applications which store nothing on your computer. Though BetterPrivacy will not affect them in any way.
Q: Is Firefox's 'Delete Private Data' function capable of deleting LSOs?
A: Yes, but only since Firefox version 5 and higher. To delete LSOs, Firefox currently uses the the settings for usual cookies. However, there still is no option to exclude certain LSOs from deletion or to see which LSOs have been stored.
Q: Why is it not possible to manage exclusions on a 'per site' basis like e.g. Adblock does?
A: Though it is installed as a plug-in, Flash still runs as an external application on your computer. So Flash does not permit to be intercepted on cookie storage and moreover it's cookies can be accessed only indirectly. Thus an add-on -like BetterPrivacy- can only get limited information, derived from cookies and their folder structure.
Q: Are there other ways to delete those LSOs, not using BetterPrivacy?
A: Yes, for sure! For example...
- You could write a short script to do this for you, eg. batch or vbs.
- Objection is an alternate Firefox extension capable of acting like BetterPrivacy.
- Flash itself provides an option to set a storage limit on a per site basis, but you would need to define a new limit for every Flash-site you visit.
-You might also use an external 3rd party application which you would need to install on your computer.
- Finally you can delete the LSO's manually by using a simple file manager. See Wikipedia article, which is mentioned above, for details.
- Add-ons like 'FlashBlock' do not block Flash-cookies because they only prevent Flash from being displayed but Flash is still loaded. Also FlashBlock and similar add-ons can be defeated by simple HTML code, see override-flashblock demo here: Override Flashblock demonstration
Q: Why does BetterPrivacy not delete the Asset-cache or Flash folder xyz?
A: BetterPrivacy only deletes privacy related data, that means data that helps to identify the user or computer. Fore sure, data of that kind must also be accessible by web sites. It is a common misunderstanding: The Asset-cache does not store such data.
Q: How to know what LSOs were generated during the session?
A: Open the LSO manager and click the modified column. Then all LSO's are sorted by creation date. You should see the most recent on top.
Q: BetterPrivacy fails to delete LSO's! Is this a bug?
A: No, probably not, there can be several reasons for this behavior, such as:
- In BetterPrivacy the Adobe settings.sol LSO is excluded from deletion by default. If you wish to change that behavior, open BetterPrivacy options and enable the setting 'Always delete the Flash-player default cookie'. Though the default LSO stores a list of visited Flash-Pages, it is not necessarily considered as a privacy threat. Web-pages generally have no access to that list. Sites can only see information of LSO's created and stored by same site.
Details: LSO's with name settings.sol are not created by web-pages but by the Flash application running on your local computer. The Flash application needs the settings.sol file to determine the valid origin of LSO's created and stored by web-pages. Settings.sol files also store the volume settings you have choosen for a particular web-page. Information other than that is not stored. Thus settings.sol files are no threat and in BetterPrivacy are excluded from deletion by default. However, users who share their computer with other persons, and both are using the same computer profile could be concerned about privacy. Using the same computer and account it is possible to visit the Adobe online Flash manager and to see what Flash-sites the other user recently visited. For this special situation of multi-user computer profiles it is possible to delete the settings.sol files too.
- Deleting a LSO does not mean that a Flash application cannot recreate the LSO at any time later or even immediately! Any loaded Flash application is able to recreate LSO's at any time, regardless of an existing Internet connection, regardless of the Flash application's visibility or cache status. Even while closing a web-page tab a LSO can be created. BetterPrivacy does not block LSO's (that's technically not possible in Firefox since plug-ins are independent applications installed directly on your OS) but this add-on uses the much smarter solution of delayed deletion. This allows LSO-dependent Flash applications to work properly without denying their service while any usable tracking capabilities still are prevented.
- Make sure that you did not accidentally exclude LSO's from deletion.
- If you quit Firefox while still having web-pages in tabs opened and one one of those pages is capable to store LSOs, it can happen that LSO's will not be deleted (even if BetterPrivacy is configured to delete all LSO's when quitting Firefox). This is caused by a technical limitation of the Mozilla browsers: When you quit e.g. Firefox, BetterPrivacy uses the latest possible chance to delete stored LSO's. However, at that time the web-pages can still be loaded and active, since Firefox sometimes first terminates it's add-ons before it closes all web-pages. Thus a web-page has a chance to store a LSO after add-ons already have been unloaded by Firefox. In other words, BetterPrivacy cannot detect LSO's that are stored at a later time as the beginning of Firefox shutdown. This Firefox behavior has been seen for FF version 3.x and certain browser configurations, however the bug might be fixed in future versions.
If this is a problem for you, choose one of the following solutions: Either activate the BetterPrivacy setting to delete LSO's at Firefox startup, or make sure that all web-pages (at least Flash-pages) have been closed before quitting Firefox or file a Firefox bug (e.g. add-ons terminated earlier than plug-ins and web-pages) at bugzilla.mozilla.org.
Q: BetterPrivacy deletes LSO's though I protected them! Is this a bug?
A: No, probably not, because even if LSO's have been excluded from automatic deletion in BetterPrivacy, they still can be deleted (this cannot be avoided by an add-on) by any other means at any time for any reason, such as:
- deletion by the Firefox 'Clear Recent History' menu function -or- deletion when quitting Firefox (if the Firefox option 'Clear history when Firefox closes' is activated). Firefox versions 5.0 and higher now are natively capable to remove LSOs. However this built-in native functionality still does not allow to exclude certain LSOs from deletion. The Firefox cookie manager also misses to list which LSOs have been stored, though Firefox does not distinguish LSO's from any usual cookies.
- deletion by the LSO owner which is the web-site which originally stored the LSO
- deletion by any other software or script installed on your system, e.g. any privacy software or another browser (MSIE, Chrome, etc) that is capable of deleting LSO's
- deletion by any other Firefox add-on capable of deleting LSO's
- manual deletion of a LSO with BetterPrivacy or a system file-manager
- possible deletion caused by information loss/corruption in case of a Firefox crash
- deletion if running Firefox with BetterPrivacy on another profile and with other settings
- Some pages delete and re-create LSO's in different folders on every page (re-)load. In this case please edit the protected folder list and define the parent folder as protected LSO-folder.
Q: Where do I get more information about LSO tracking and the involved companies?
A: Visit Privacychoice Blog --or-- Social Science Research Network