flashplugin-nonfree permanent cookies

Bug #283650 reported by Yannis Tsop on 2008-10-15
4
Affects Status Importance Assigned to Milestone
flashplugin-nonfree (Ubuntu)
Low
Unassigned

Bug Description

Binary package hint: flashplugin-nonfree

http://www.imasuper.com/66/technology/flash-cookies-the-silent-privacy-killer/

As you can read in this article flash cookies are permanent. I don't like this idea. Could there be a way to automaticaly

rm -rf .macromedia/Flash_Player

 on every boot or login??

Daniel T Chen (crimsun) wrote :

While the attack coverage is certainly high, your proposal of unconditionally (forcibly) removing ~/.macromedia/Flash_Player on each login is incorrect. Imagine this scenario on a fresh boot:

1) Log in via gnome-session;
2) Open Web browser, and load embedded Flash that uses cookies;
3) Switch to tty1
4) Switch to tty7

If the Flash applet has not completed loading between steps (2) and (3), you've just blown away the cookie(s).

Trivially, the "remove on logout" proposal is analogous.

However, as a brutish hack, one could use gnome-session to invoke such a script running upon session login that forcibly removes the cookies.

Changed in flashplugin-nonfree:
importance: Undecided → Low
Yannis Tsop (ogiannhs) wrote :

Maybe firefox (or any other browser) should remove those when it removes web cookies.

Changed in flashplugin-nonfree (Ubuntu):
status: New → Confirmed
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers