Table of Contents
A third-party cookie is a cookie that is set by or sent to a website different from the one you're currently viewing. Third-party cookies are often used to track your preferences or website usage across sites for market research and ad targeting. For example, a site you are visiting might use advertising from another website that creates a cookie to record the site you visited. Because many computer users are aware of browser cookies, some advertisers and direct marketers are using local shared objects to replace third-party cookies.
Because some users do not want third-party websites to store any type of cookie on their computer, a new storage setting was introduced in Macromedia® Flash® Player 8 that allows you to disable third-party websites from storing local shared objects. We recommend that you upgrade to the most recent version of Flash Player, now Adobe® Flash Player, to take advantage of new security features as they are introduced.
What are local shared objects?
Local shared objects (LSOs) are like browser cookies. A browser cookie is a small text file that can be stored on your computer by the websites you visit. The next time you visit that website, the website loads that cookie and its information, which may help the site provide a more customized experience for you. For example, you might have asked the site to remember your login name. That information is stored in the cookie and retrieved on your next visit to populate the login name field on the website.
Local shared objects were introduced in Flash Player 6, to allow websites and applications to remember things about a user between that user's visits. A local shared object, by itself, is just information tied to a particular website — it can't do anything to or with the data on your computer. A local shared object is exactly like a browser cookie, except that it can also store data that is more complex than simple text.
Shared objects cannot remember your e-mail address or other personal information unless you willingly provide such information, and responsible websites use this feature to provide a better user experience. Most sites also have privacy polices, which you can review to understand if and how the site uses your information.
What is third-party content?
Third-party content is content that is not actually located on the site you are currently viewing. When you visit a website, the address shown in the browser address bar is usually where most of the site's content is located. For example, in the fictional hotel website, www.[siteA].com, most of the website content comes from, or is located at, www.[siteA].com. Sometimes, websites combine content from different sources. For example, www.[siteA].com might display a reservation form that actually comes from a different address at reservations.[siteA].com. Or, an ad for a car rental deal might be displayed on the page, but is located on the site www.[siteB].com. The content from these two web addresses is called "third-party content"; in other words, we can say that reservations.[siteA].com and www.[siteB].com are third parties to www.[siteA].com.
Third-party content isn't located on the web address displayed in your browser's address bar. In this example, the ad from www.[siteB].com and the content from reservations.[siteA].com are considered third-party content.
How are third-party local shared objects commonly used?
Third-party content may try to store information on your computer for various reasons. For example, you may be willing to let reservations.[siteA].com store information on your computer, such as data about your hotel preferences, so that you can make a hotel reservation. However, you may not be willing to let third-party content store information on your computer in other situations. For example, the car rental company, www.[siteB].com, may use the banner ad on www.[siteA].com to track your website usage or to record your preferences. Whether you want to allow information to be shared with certain websites or third parties is up to you, and most browsers provide settings to disable this type of third-party storage or cookie.
Third-party cookies and third-party local shared objects are often used by advertisers to anonymously track the sites and ads you view for market research or to present more personalized ad experiences. To get an idea of how this might work, we will build on the previous example.
The website www.[siteB].com is actually an advertising agency that manages car ads. When you visit www.[siteB].com for the first time, you see an ad for a Car A SUV, and you decide to click on it to get more information. Because www.[siteB].com served the ad, the website can place a cookie or LSO on your computer that contains a unique identifier and records that you clicked on the Car A SUV ad.
Even though you are visiting Site A, Site B can write a local shared object on your computer because the Car A SUV ad is served by Site B. In this example, Site B stores that you have clicked on the Car A SUV ad.
Now you decide to browse to www.[siteC].com. This site has a different ad for a Car B SUV, also served by www.[siteB].com. If you are also interested in the Car B SUV, you might decide to click on this ad for more information. Again, www.[siteB].com records that information in the LSO on your computer.
Now you surf to Site C, which contains another ad served by Site B. When you click on the Car B SUV ad, Site B again records that information in the local shared object.
Then you visit www.[siteD].com, which also uses ads served by www.[siteB].com. This time, www.[siteB].com reads the information contained in the LSO and sees that you were previously interested in the Car A SUV and the Car B SUV ads. The www.[siteB].com site decides that you are in the market for an SUV and displays an ad for a Car C SUV.
When you visit Site D, which also contains ads served by Site B, Site B can read the information in the local shared object. Since you clicked on two SUV ads, Site B decides you are in the market for an SUV and shows you an ad for a Car C SUV.
As shown in the previous illustration, third-party LSOs can be used to track your behavior across sites that you visit. Although the third party doesn't know specifically who you are, for example, by name or address, you can be uniquely identified through a special ID stored in the cookie on your computer. Over time, it may be possible for the third party to learn more detailed information about you and your preferences as you surf websites associated with the third party, based on what websites you surf with that computer.
If you want to prevent this type of information from being shared with third parties, you can use the new setting in the Adobe Flash Player Settings Manager to manage how the player handles third-party content storage.
How do I use the Settings Manager to manage third-party content storage settings?
The Flash Player Settings Manager lets you manage privacy settings, storage settings, security settings, and automatic notification settings by clicking the tabs. Your first experience with Flash Player settings might have been while visiting a site with Flash content, when a pop-up menu asked you questions about privacy or storage space, or by right-clicking on content to see the Settings option in the context menu. Selecting the Help icon or clicking the Advanced button within the Settings dialog box in Flash Player opens a browser to the Settings Manager on Adobe.com, or you can access the Settings Manager directly.
The third-party content setting can be found in the Global Storage Settings panel in the Settings Manager. You can prevent all third parties from storing information on your computer by deselecting the "Allow third-party Flash content option." If you disable all third-party content storage, Flash Player will not allow information to be read or written by Flash content unless the address of the content matches the address displayed in your browser's address bar. Flash Player remembers your setting and blocks third-party content storage for all sites you visit.
Flash Player Global Storage Settings panel
To prevent existing Flash content from breaking, the blocking setting is selected by default. Because this is a feature that was introduced in Flash Player 8, developers who created content for previous versions may have relied on the third-party storage capabilities in designing their websites. Blocking third-party storage by default means that some existing content that you previously visited with older versions of Flash Player might stop working.
If you don't want to block all third-party content storage, or if you want to adjust your settings for individual websites you visit, you can manage the storage settings for specific websites by selecting the Website Storage Settings tab in the Settings Manager.
Flash Player Website Storage Settings panel
In this panel, you can change storage settings for a website or delete the website so that, if you visit it again, it uses the global settings selected in the Global Storage Settings tab instead of any individual settings you may have set. You can also delete all sites, which erases any information that may have already been stored on your computer.
Conclusion
Like browser cookies, Flash Player local shared objects are used to create great web experiences for users, but they might be misused by some advertisers and websites. By considering the privacy of Flash Player users, Adobe provides you with more control over the information you want to share with third-party websites so you can have an enjoyable experience while surfing the web. The amount of information you are willing to share with your favorite websites, Internet marketers, or advertisers is a personal decision, and you should set your browser and Flash Player settings accordingly.
Other resources
Adobe takes consumers' privacy seriously and is committed to protecting the security of individuals' personal information on the web. We are dedicated to helping you maintain a more secure browsing experience by providing and continuously improving Flash Player privacy controls.
