Are Flash Privacy Vulnerabilities Important to the Average Online User?
Tuesday, June 08, 2010
[Editor's Note: I am pleased to feature another post by guest author R. Michelle Green, the Principal for her company, Client Solutions. She is a combination geek girl, personal organizer, and career coach. She has studied what makes some individuals embrace or avoid information technology. (She’s definitely one of the former.) Michelle helps others improve their use of technology in their personal or professional life. Here's her take on Flash cookies and privacy.]
I read this post about Flash cookies with the “Get right out of town!” look all over my face. Even just going to Adobe’s site and seeing the statement “always ask/deny access to my camera or microphone” was a trippy feeling. If you think too consciously about the dangers of the modern world, you’ll never get out of bed. Hey, driving may be dangerous but I’m not hanging up my keys. Instead, I want to be the best driver I can be. Online, that means being informed and prepared.
(Besides, just as entities like DOT and Consumer Reports will work to make my driving conditions better, I’m confident that George and people like him will work to make my online conditions better – Thanks George!)
Though I too fret about data gathering for behavioral marketing, I fear it is already too prevalent to escape. Besides, when used appropriately, Flash cookies are critical in enhancing the online experience at many sites. Unauthorized laptop camera use was way scarier to me than Google’s knowing that I like Joss Whedon.
So what did I need to know to be informed and prepared about the use of Flash cookies? Three questions came to mind:
- Do I need to protect myself now from unauthorized use?
- Will I know if I need to protect myself in the future?
- How do I protect myself?
To answer the first question, I needed to learn what websites might use my camera or microphone. I’m not an online or multiplayer gamer – maybe I’m “safe” already. I’ve used Skype and Oovoo, but I never stay logged in unless I’m making a call. The site sillywebcam.com would not load for me, but the Google cache image showed reams of games that will use Flash and your webcam in games. I first saw one when The Dark Knight came out – an ad campaign permitted you to send others a picture of yourself ‘trapped’ in Arkham Asylum. As far back as 2004, some very cool apps did nice things with webcams. You choose to participate in all these apps, however.
The open source download Adeona can turn your webcam on remotely. Essentially Lojack for your laptop, it does not give a third party access to your laptop as with some of its competitors. Again, you choose to download that program. Pennsylvania’s Lower Merion School District is in litigation for accessing 42 school laptops without informing the users. LANrev provided the school district’s laptops with the software. If your laptop is second hand, or purchased when you left your employer (like mine), you might have such software loaded and not know.
I was completely unsuccessful at identifying programs that use your webcam without your involvement. I find the absence of information noteworthy in today’s wired world. Does anyone else know of such programs?
The second question: how will I know if I need protection? Will the little green light always be on if my [laptop] camera is on? Anything can fail, but in principle, if the camera’s on the light’s on. It’s wise as a matter of course to review the programs running in the background on your computer. (If the light’s been on since you bought it, for example, you might think that’s a normal part of your laptop’s operation.) And, I have no immediate indicator that my [laptop] microphone is engaged…
That leaves the third question: what can I do to protect myself? I’ve gone to the Adobe site and set the Flash global settings to “always ask” if someone wants to use my camera. (Be sure to click each of the folder tabs to see the breadth of control Adobe offers you.) The "Always deny" setting doesn’t let me make a choice. I already use my browser options to delete cookies once I’ve closed the browser.
Maxa Cookie Manager is a paid tool that manages Flash cookies, but it works only on Windows (®). I needed something like flush.app to help me manage Flash cookies on my Mac. It lets me delete the ones I don’t want, and keep ones that are helpful. Flash programs in IE use a mechanism called ActiveX to run, with, you guessed it, additional privacy settings to manage. And if you’re like me and use multiple browsers, you have to manage all this within each browser.
I’m worn out just thinking about this.
My advice? Cover the [laptop] camera lens until you want to use it. Disable your access to the 'net until you want to be online. Shut down and close the laptop when you’re offline.
Ahh, the beauty of the low-tech hack.
© 2010. R. Michelle Green. Reprinted with permission.
I consider myself fairly tech savvy, and George's Flash article caught me very much the same way it did you.
Regarding low tech, I remember the High-tech Crimes Unit San Diego Sheriff's Deputy who, upon being asked about how to keep teens from misusing the built-in cameras in laptops and cell phones remarked,
"I find an icepick [on the camera] to work extremely well."
Posted by: Charles Jeter | Tuesday, June 08, 2010 at 08:09 PM
funny Charles!
An EFF article from several years ago also suggested turning off your cable modem after use so that you generate a new IP address each time you return to the net... what's sad is we have to consider such things, and can't just surf the net...
Posted by: R. Michelle Green | Sunday, June 13, 2010 at 02:48 PM
EFF is a great site. The hard part about the cablemodem tip is that... sometimes the provider simply assigns the old one back to the same box - I tested this last in 2006 however.
Sounds like a good 'top list' for privacy item though, as well as the great thing being that turning off your cablemodem (well, technically your router but most are combinations anyway) is that it clears malware which may be operating within the router Linux OS. After a solid reboot, the NVRAM just loads up the program which should be there, without any extra botnet garbage.
Posted by: Charles Jeter | Wednesday, June 16, 2010 at 06:08 PM
Charles, I'm going to try that right now! Didn't realize it had maintenance benefits as well! Thanks -- R. Michelle Green
Posted by: R. Michelle Green | Friday, June 18, 2010 at 11:55 AM