Browser Independent Cookies – Lets The Cat Out Of The Bag?

What is a Flash cookie? What is a Silverlight cookie? And what are Browser Independent Cookies? The third question (last one) is the answer to first two questions. Flash Cookies are small files that store a good amount of information about you. The same goes with Silverlight cookies. Are browser independent cookies bad? We’ll get to know if they are, after studying how they are used. What does a Flash cookie do? Let’s take a look at these special cookies, what they do, if they are bad and how to remove them, if need be.

Browser Independent Cookies

Browser Independent Cookies

Browser Cookies – What Do They Do

You already know that different websites store data – in the form of Cookies – on your computer. These cookies generally are to help to get quickly to the website next time you log in. Some are tracking cookies,and some others are third-party cookies – used when the website employs third-party elements such as Google search or Disqus commenting system.

Cookies are known to have a small life, and they expire after a few hours or days. The important types of cookies are the ones that store your login information so that you do not have to fill in the same information again and again if you are a regular visitor to any website. All others can and should be removed at regular intervals to keep your computer clutter free if not for privacy purpose.

They are regular HTML cookies designed to store information for a while and expire. When you keep on entering a website, fresh cookies are created. These cookies are small in size and do not pose much danger unless someone else uses your computer. Normally, the login cookies are set when you select “remember me” when logging into any website. It is entirely your wish whether or not you would want to allow login cookies – depending upon how you use/share your computer.

Browser Independent Cookies: What Is A Flash Cookie or Silverlight Cookie

Flash cookies and Silverlight cookies are independent of the browsers you use to access the Internet and hence are called browser independent cookie. So what does that mean?

A Flash cookie is a little bigger file compared to regular HTML cookies. Flash cookies (and sometime Silverlight cookies) are used to save information about your games, online movies etc. The original intent behind developing such cookies was to let you resume a movie on – say YouTube – from where you left watching it. Other cookies would store your game progress etc. That also stores some other data such as where did you leave watching the movie (time/seek progress), what resolution you were using, what was the volume level you set etc. so that you can simply go to the website and continue from where you left off – without having to set up all the sound, resolution etc. every time.

IMPORTANT: Unlike HTML or browser specific cookies, most Flash and Silverlight cookies do not have an expiry time. That translates to the fact that your data is stored almost for eternity: until you format your computer or remove them using one of the methods mentioned below.

Are Browser Independent Cookies Dangerous?

The basic trait of Flash and Silverlight cookies is that they are not related to any specific browser. That means, when you delete your browsing traces from the computer using a third-party app like CCleaner – the browser independent cookies are not removed.

As such, Flash and Silverlight cookies aka browser independent cookies, are not a problem but help you in speedier access to whatever they are related. For example, they help you watch an online movie where you left it or resume a game without losing your previous progress.

Thus, we can say that Flash cookies are not dangerous. They actually facilitate better user experience and that is why they are designed for. But, there is always a possibility of exploitation – for both HTML cookies and browser independent cookies. And in the latter case, the exploitation chances are more as they cannot be deleted easily.

Browser Independent Cookies Can Be Exploited For Marketing

This is happening. The browser independent cookies on your computer are used by third-party applications resident on the different websites to track your movement. These cookies give out what all social networks you use and how often. The third-party marketing companies follow you on the Internet by accessing these cookies.

Since your computer IP name is attached to these cookies, it is not a big problem for them to identify you uniquely when you visit a website. All they need to do is to run a search matching the name to the ones present in their database. Based on all that, a good profitable profile can be created to include your browsing preferences, your shopping and other online habits. A good, complete profile often is up for sale to different advertising companies including some of the major search companies.

How To Delete Browser Independent Cookies

Internet Explorer can remove Flash cookies provided certain conditions are met. Here is a post on how to delete Flash Cookies using IE. Adobe offers a small utility that downloads to your computer and removes local Flash cookies. Here is the post on how to use Adobe Cookie Manager.

To delete Silverlight Cookies, you can visit any webpage that contains a Silverlight application. Right-click on the Silverlight application, and choose Sliverlight from the drop-down menu. Next select the Application Storage tab. Delete all of the content in this box. These Silverlight Cookies are normally to be found in C:\Users\Username\AppData\LocalLow\Microsoft\Silverlight folder.

You can also delete these cookies manually. To do so, open File Explorer. Go to Users and then your User Profile. Open Application Data folder. You may have to make Hidden Files and Folders visible before you can view Application Data folder. Check for Macromedia folder in all the different profiles you find there – roaming, local etc. Within the sub folders of Macromedia, look for files with SOL extension. Delete all files with the extension to delete the Flash cookies.

This explains browser independent cookies and how to remove them. This also creates a scope for discussing if browser independent cookies are indeed dangerous and if yes, to what extent. I created a batch file to delete Flash cookies at every login. But do I really need to use it every time? Let me know your thoughts on this. Another question that arises here is that even if we use a proxy, would the websites be able to recognize the computer if they find the Flash cookies stored locally?


Posted by on , in Category Security with Tags
Arun Kumar is a Microsoft MVP alumnus, obsessed with technology, especially the Internet. He deals with the multimedia content needs of training and corporate houses. Follow him on Twitter @PowercutIN