Security → Adobe buys Omniture and we can kiss our privacy goodbye

"This news surprised most ... but the impact will be far greater than most people are reporting. Omniture (2o7.net) is the largest paid-analytics company (data miners) ... Adobe is the largest (besides it's other products) application (aka Flash) which allows websites to track users via "flash cookies" ...

Now you combine these two giants and ... say good-bye to your privacy. The biggest reason is the way "flash cookies" (local shared objects) are stored and the dubious actions that are allowed on your machine without your knowledge ...

Adobe, said the deal will help it "transform" e-commerce by combining its content creation tools with Omniture's online measurement and optimization technologies to help "increase the value Adobe delivers to customers."

"This is a game changer for Adobe and its customers," said Shantanu Narayen, chief executive of Adobe, in a statement. "We will enable advertisers, media companies and e-tailers to realize the full value of their digital assets."

»msmvps.com/blogs/hostsne ··· 116.aspx

This just strongly reinforces my decision to never use Flash Player and not allow it to be installed on my computers. If that breaks some websites so be it. I will complain loudly to the site that does this. Combining the already sizable security problems with Flash Player and the virus ridden ads it shows on many sites with this acquisition by Adobe and what that means for the privacy of users, I am appalled. Ominture has a very bad history for being sneaky and getting around folks who block most cookies by using third party aliases to set cookies on unsuspecting users computers. Now combined with Flash Player Adobe is set to rival Google in its data mining of users.

Thanks for the news.

However, I don't think it is quite such a disaster for online privacy:

* Can't you turn off the flash cookies in the Flash preferences dialog? I don't recall this exactly but I thought so. I guess Adobe could remove this option.

* Right now Gnash is a few versions behind Flash, but eventually there will be an open source player, and it will be possible to turn off spyware features like this.

* Put all those 2o7.net domains and patterns in a firewall rule or hosts file, so requests go to a black hole.

* If you need Flash, use Flashblock, that way you get the videos or things you want, and can skip the Flash ads or other unwanted Flash.

Simple solution...

»www.macromedia.com/suppo ··· r06.html

No thanks, not on my Linux box. As others have said, this situation is controllable.

»Adobe spends $1.8bn on Omniture

You can block Omniture partially via: MVPS HOSTS small sampling of what is actually blocked

•Edit:
Omniture partners with ComScore
»msmvps.com/blogs/hostsne ··· 468.aspx

Yep. Just simply do:

chmod 400 ~/.macromedia/Flash_Player/macromedia.com
 

and

chmod 400  ~/.macromedia/Flash_Player/#SharedObject
 

and say goodbye to Flash cookies forever. I am sure there is a similar way to change directory permissions on Win NT/XP/Vista/7 as well.

For those using FF, the Better Privacy add on removes flash cookies.

»[Extension] BetterPrivacy 1.44 is available

»netticat.ath.cx/BetterPr ··· vacy.htm

I don't see this as a huge problem as there are a number of ways to avoid flash cookies.

Not to mention that if 2o7's servers are already in your hosts file, then it doesn't matter much. A whitelisting approach to allowing flash (possible in every major browser--well, ok, not sure about Safari and Camino, but definitely in IE, Opera, and any Gecko browser that NoScript works with) also works.

All in all the net effect is minimal if any on most people who take even a few security precautions that they should've already taken anyway.

This is very bad.
Adobe spent 1.8 Billion Dollars for a company that makes money from tracking what people do online or tracking how they use products.

They will have to sell a lot of data to get their 1.8 billion dollars back.
Also from what I read this company just tracks usage and not personal info, but that fine line could easily be broken to get their 1.8 billion back.
Adobe should have sticked to creating good products instead of getting into data mining. They spent 1.8 billion for news that hurts their company image. I see many people dropping adobe software and blocking adobe.com because of this. Any company associated with invasive datamining is going to be blocked by every spyware program.

I wouldn't be surprised if Adobe bought it for an altogether different reason... I'm not worried.

quote:

---

I wouldn't be surprised if Adobe bought it for an altogether different reason... I'm not worried.

---

Me either.

To stop flash from saving cookies on your PC, use the Settings Manager.
»www.macromedia.com/suppo ··· ger.html

How to Delete Privacy-Invading Flash Cookies
»forums.adobe.com/thread/430722

When I had Flash Player, the settings did not stick. I am not talking about upgrading Flash Player and not realizing (Adobe doesn't tell you) that upgrading reverts settings to default so you have to change the settings again. I found that the settings reversed to default if I used Flash Player on IE. I have never installed a Flash Player plugin for Fx (I never wanted to pollute Fx in that way) so I don't know if that happens on Fx. Adobe gets around any attempts block data mining and now with their acquistion of Ominture the situation will just get worse and that will happen because too many users either don't care about privacy or refuse to believe they are actually losing/already lost theirs.

IE Spyad + CCleaner = Problem solved.

Yep,
Already have that installed along with flash block.

There is also an extension for Firefox "Ghostery" that shows you every identity on a web page that is tracking you and allows you to block them, either individually as you visit web sites, or go through their list in options and block them all at once before surfing. Omniture is on the list.
»www.ghostery.com/
»addons.mozilla.org/en-US ··· don/9609

Well Mele20 if you know how to set up CCleaner you can save those flash settings well cleaning out the Macromedia folders. CCleaner does a good job but can be tweaked to include both folders created by Flash.

I have yet to see flash settings not stick so you may want to check your security programs to figure out which one is screwing up the flash settings.

I think Adobe buying Omniture is a great move for Adobe.

Another thing, cookies are used to track information about a user, without them, websites can't differentiate. The web, after all, is stateless.

How does one expect a board like broadband reports to function without cookies? I'm really sorry, but it's quite impossible to program a system like this that keeps track of who is posting what without some kind of cookie.

So many of those site you may or may not use would simply not work as you would expect, if not for cookies.

Now, if you're a security consious person, then you can adjust your settings to your liking. If you don't, then it's not Adobe's fault, you did agree to their software license.

This page crashes IE8 each time I visit.

Some sites need those flash cookies, including some games to save data. An extension for Firefox know as better privacy can manage them quite effectively if you use Windows, Mac OS X, or Linux. So, it is pretty well cross-platform. I have heard CCleaner for Windows can be set to remove them, but I don't use Windows anymore. Thus, someone else might chime in about that. I think the Firefox extension is a good solution as it is very configurable. I used to not bother with these, but as Adobe has become more nosy, I have become more cautious.

At first I thought this was trivial because of the workarounds noted above (and blown up dramatically because Adobe is a MS rival and the news was on a MS "MVP" blog). However, on second thought I wonder whether Adobe may incorporate some of the tracking mechanisms into Flash and defeat some of the workarounds that have been possible up to now.
I took a look at Ghostery and it seems to be closed-source. That is *very suspicious*. Also the developer is on the board of a video-marketing-statistics company and other borderline conflicts of interest. I strongly recommend that readers use only open-source (preferably GPL) extensions for Firefox - it is the only thing that can keep software companies honest.
Regular (HTTP) cookies and Flash cookies are two different things. Any website that has logon, transactions, or saving of preferences needs to use HTTP cookies. But these are easy to control; all major browsers have features that let the user prevent any tracking via HTTP cookies.

On the other hand, I've never encountered a site that required Flash cookies for non-Flash functionality. In future you might need to submit to tracking tricks in Flash in order to view videos that are kept behind a Flash wall, or other things depending on Flash, but it will never be necessary in a technical sense for the things that HTTP cookies are needed for.

Edit: a few word changes for accuracy

Another way to keep these cookies from being saved across sessions is Sandboxie--sandbox the browser, set the sandbox to automatically delete contents when the program is closed, and they won't persist.

Having all ticked in web blocking and webblocking on, omniture is in there but am allowed to go to omniture pages.

I block at firewall level and do not use host list, though the firewall level list is almost as huge as some lists out there. My backup is software firewall list of blocked ip/domains and then adblock.

I also am not surprised as adobe has been into tracking and selling info for years.

They may be different, but the use and effect of turning them off is the same : your web page or flash application contained within the said web page may not work correctly without them.

Omniture was never about privacy or flash, anyway. It was used by a well known website to scrub tweets private information and send phony messages and spam to their friends behind a cloak of aliases. This website is notorious for spyware - which is why I have not trusted it for years.

There was a big announcement and a lot of bravado that was reported months ago about a partnership and all the thins Omniture could be used for. The announcement was promptly removed shortly after the news article appeared. The article was removed, too.

I do not recommend any social network that is anonymously scraped and used in this manner. .

Thanks! Proxo filters webbugs,etc.but probably misses some so I will try the extension.

Heck. ANOTHER extension that gives me "signing could not be verified -260" error and Fx refuses to install it. That means that I have open the file in WinRAR and remove the folder META-INF so it will then be a normal unsigned file and will install. The error arises because the author has made changes to the orginal signed file but didn't resign it.

Hmm...I read Ghostery's forum and what a shame. The extension is all or nothing as far as blocking. That means it is currently basically a worthless extension. This serious issue was brought up a MONTH ago on the forum and others have added that they too have this serious problem. The extension author has not bothered to reply after ONE MONTH.

I don't feel that all Fx extensions should be open source. I have no idea if any of mine are or not. But I won't install an extension with such a glaring problem as this extension apparently has and the author has shown no interest in even discussing the problem much less fixing it.

Ghostery has the option of selective blocking. There is a list of known tracking web bugs > under Options on the Blocking tab, you will see the blocking options. It isn't all or nothing.

So, then what am I am to make of this:
»getsatisfaction.com/ghos ··· ny_sites