Adobe is violating my Privacy - Flash Player Settings Manager a fraud!

I think you may have missed what I said in parenthesis above:

(Yes, I did reset the settings after doing a cleaning and they still didn't work)

-UPDATE-

I decided to do some more investigating and what I found is disgusting. I'm using the FPSM in conjunction with BetterPrivacy and I've instructed BP, through its control panel, to allow the one Adobe LSO file to remain, since it houses the settings for FPSM. Although the FPSM says that the sites that I visited have attempted to install an LSO on my computer and it has been blocked, BP revealed that is was NOT blocked but that FPSM very sneakingly put it in a different folder than where it typically resides. Allow me to explain - If you were to delete LSO's manually, you would go to:

C:\Users\UserName\AppData\Roaming\Macromedia\Flash Player\#SharedObjects

...and there you would find the LSO's if you were to delete them manually. Well, Adobe knows that people would be looking there to clean them out so what do they do? They store them in yet a different folder!! One that people would not think to look in. Even though the FPSM says "Storage used: 0 bytes, Storage access: block", BP showed me that FPSM is now storing them at:

C:\Users\UserName\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#WebsiteName.com\settings.sol

...and it shows that it is indeed taking up space and it has been written to my hard drive!! Thank you BP for showing me that Adobe is really not blocking ANYTHING from being deposited onto my computer.

Adobe, you are disgraceful!

For those who don't fully understand why I am incensed. Adobe's FPSM gives me the option to "Block all sites from storing information on this computer", but that is not happening, now is it? Adobe is still allowing websites to store information to my computer as BetterPrivacy has completely outted Adobe on what they are trying to do by simply saving the LSO's to a different folder. DISGUSTING!!

Well, if you don't want Flash Player to save anything, then DON'T use Flash Player!!!!!!

Wow, what a surly response. Carl, do you work for Adobe? If so, I doubt that is how they would want you to handle or help customers.

Does anybody have any constructive input? any helpful information on this problem?

This is definitely a severe privacy violation that I'm certain many people don't know about. Many, undoubtedly, probably believe that the control panel for Flash player is doing its job and not allowing LSO to be stored on their machine when they click the 'block' options, but this is simply not happening.

Hi Justai,

I've forwarded your concerns along to one of our engineers that worked on the Settings Manager for their review.  However, I'd tried reproducing this by tweaking the settings similar to yours.  One thing I did, which I didn't see mentioned was turn down the global storage settings space to "none" (from the 100k default.)

After browsing around, I don't see any third party files in

C:\Users\UserName\AppData\Roaming\Macromedia\Flash Player\#SharedObjects

I suspect the second folder/file you referenced (#websitename.com\settings.sol) is just Flash Player's local record of your settings preferences.  For example, if I visit www.testwebcam.com I'm prompted by Flash Player if I want to use my webcam.  My choice is saved locally, and I suspect it's in the settings.sol file referenced above.  I do not believe this is site specific data (ie. testwebcam.com can't access this file.)  I'll verify this though and will let you know what I find.

Chris

Hello Justai,

The file that you describe in reply #3 above is not a copy of data stored by the website.  It is the settings file used by Flash Player to control the access that website has to the various system resources that Flash Player uses (camera/microphone/storage/peer networking).

Websites normally store their own private data in:

C:\Users\UserName\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\(domain.name)\somefilename.sol

You may see any number of variously named sol files here, arbitrary to the design of the website.  When Local Storage is set to "Block," these are the files that are disallowed. 

Access to the webcam and peer networking are handled separately from local storage, each using their own settings.  You need somewhere to store those various settings: namely, in settings.sol for that website.  These are found at:

C:\Users\UserName\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#WebsiteName.com\settings.sol

For a given website, there is only ever one file here, called settings.sol.  There is no data in there except for the settings used by Settings Manager itself.  The website does not have access to this file.  It is used solely by the copy of Flash Player installed on your system, to control whether the specified websites have access to Local Storage, Webcam and Microphone, and Peer-assisted Networking.

Justai,

Thanks for talking with me today.  Here's the website I mentioned for bug and feature reports:  bugbase.adobe.com.  I'd encourage you again to go ahead and add a new request for Flash Player to stop recording site addresses that you visit (even if only for internal Flash Player settings) if you want complete privacy enabled.  Once you've added the report, please post back with the URL so that others who are also effected can cast their votes and add comments.

Thanks,
Chris

Chris,

Thank you for taking the time to speak with me about my concerns regarding internet privacy and an apparent 'loophole' in how Adobe Flash Player is still logging and storing a person's browsing history when visiting and activating Flash-rich media websites. My hope is that Adobe will quickly respond to this bug and address it swiftly, to protect users' privacy. Per your recommendation, I will follow through with the bug report so that it is part of the Adobe bug database.

Again, thanks...

Justai

Chris,

After filling out the bug report and submitting it, I got this:

"Thank you for submitting a bug. Due to security concerns, this bug will not be externally viewable."

Does this mean that no one will be able to view the bug report so they can contribute to it?

Thanks for adding the bug!  I tweaked the bug report so it should be public now.  Anyone who is affected by this, please visit the bug and cast your vote!

Bug 3101016

Chris

Justai,

I just wanted to give you a heads up that we found a workaround that will stop those folders from being created.  If you set your browser to use private browsing (here are the instructions for Chrome, IE, and Firefox) Flash player will not create site specific folders for it's settings files.  We'll still keep your bug active and will consider it for future releases but I wanted to pass this along to you now in case you needed it immediately.

Thanks,

Chris

Hey T,

Thanks for the explanation, unfortunately, it still violates the privacy of internet users who need to use/are forced to use Flash content and Flash player. Actually, I was able to communicate with Chris Campbell about this issue and was able to show him some concrete examples of the violations in action and he did agree that there seems to be a bug at work here. The issue, simply put, is that Adobe already has its own LSO file that houses the settings that the user has defined but the Flash player is STILL allowing a footprint on your computer, in that secondary folder, that DOES violate a user's privacy by showing where you have been. As he mentioned, and I agree, the single Adobe LSO file that is there is all that is needed to stop Flash player from allowing ANY footprint from being saved to a computer from any website. A global "block all sites" is all that is required and not this mysterious LSO file from each website that still allows anyone to know and/or track your browsing history. He said he will be bringing this to developers' attention. In the meantime, I suggest using BetterPrivacy and have it delete ALL LSO files on a regular basis. I have mine set for every 15 minutes.