Updated: July 20, 2009
We use Flash content almost daily, whether we want it or not. There hardly goes a day by without a semi-friend sending us yet another semi-humorous sketch on Youtube. Flash is also used to display advertisements, create website banners and even as interactive applets. To be able to enjoy (or suffer) Flash content, we use software capable of playing it, aptly named Flash players.
The most popular Flash player is the Adobe Flash Player. It is probably the most installed piece of software in the world, with as many as 99% of all computers running one version or another. Nevertheless, despite such a huge install base, Adobe Flash Player is one of less familiar software tools. Oh yes, we all use it, transparently, just to watch video and animations, but did you know that you can actually configure the Flash Player? Here comes the revelation: You can configure the Flash Player settings to adjust the levels of privacy and personal identification you share with websites using Flash. Let's see how this can be done.
This is the name of the utility you're looking for. It is an interactive tool located on Adobe's websites that you can use to change your Flash Player configurations. The tool itself uses the Flash technology to work. To access the Flash Player Settings Manager, go to the official website.
Like the webpage says, the panel you see is not an image. It is the actual Settings Manager, embedded into the webpage. Just like the Youtube movie player, for instance. The Manager has six tabs, each governing a different aspect of privacy and security. The options are well documented, allowing you to better understand the implications of the configurations you choose.
This panel defines the global permissions for websites that want access to your camera and/or microphone. If you choose Always deny, no site will have access to these peripherals. If you choose Always ask, you'll be prompted when this occurs.
Personally, I recommend the more lenient option Always ask, because you might across a site that uses an interactive Flash utility to record sound and video. You might want to use the site, but it won't work as expected. Whichever option you choose, you will have to confirm:
Think of this setting as outbound firewall rules. You do not automatically block every outbound attempt, do you? That would cripple your usage. Instead, when an unknown application asks for outbound connection, you have the choice between allowing or denying the connection.
Your next step is to configure the so-called Flash cookies. You can define how much space you want to allocate to Flash content on your machine, from unlimited to none, including a checkbox Never Ask Again, which means the Player won't prompt you if a website asks to store a component beyond your allocated space.
Possible uses for Flash cookies include website regional or language settings, online shopping carts, game scores, etc. Denying these components might impair the functionality of the websites.
Personally, I've yet to come across sites that use Flash cookies exclusively. I use the options seen in the screenshot above without any problems. Third-party Flash content is identical to third-party cookies. Store common Flash components takes the roles of session cookies versus permanent cookies.
I recommend you play with these settings and see what comes up. You should probably begin with the least permissive options - None and Never Ask Again, Allow third-party and Store common unchecked - and then gradually allow content if you encounter broken functionality.
This configuration is a little confusing, as it talks about sites using an older system of security. I have read the entire explanation below the Settings Manager and I'm not really sure I fully understand what they intend, honestly.
Older systems of security mainly refer to content created before Flash version 8 and the possible interaction of Flash content stored offline with parent websites. The closest analogy to this is probably the use of Zones in Internet Explorer. When online, the content is just that - on the Internet. When you download it to your local machine, it supposedly becomes trusted.
The best solution is to select Always ask. This way, you will know if and when Flash content might want to do something interesting. This is applicable for interactive Flash content run inside the browser and not just files (.flv and .swf) that you play in this or that media player.
Personally, I've never encounter a situation where this setting came into play. Your safest bet is to configure the Player to prompt. This way, you neither compromise the security nor the functionality. Here's what it looks like when you get a prompt. The example refers to Armor Games, a great Flash gaming site, which I've listed in my Greatest sites and also more thoroughly reviewed in my Another superb collection of Linux games article.
This is a rather simple one. Would you like the Flash Player to periodically contact the official site and check for updates? It can be useful if you want your Player to be up to date, plus it has some security benefits.
This tab lists all the access privileges for all the sites you have already visited. This allows you to more fine-tune the privacy settings than the global parameter. For example, you may want to allow all websites, except a small blacklist - or the other way around, just permit a small whitelist. For each listed site (or all), you can configure the settings separately.
This panel allows you to configure the storage of Flash content on per site basis. The same rules apply as for Global Settings, except that here you micro-manage the configurations, if you want.
Here's an actual example:
And that's it.
It is important to note that Firefox and Opera (and other non-Internet Explorer) browsers use one version of the Flash Player, while Internet Explorer uses another (ActiveX). While identical in name and functionality, the two Players are separate pieces of software!
If you install only the ActiveX, you won't have the Flash Player in Firefox or Opera, and vice versa. Similarly, configuring settings for one Player won't affect the other. Thus is you use Flash in both Internet Explorer and non-Internet Explorer browsers, you will have to configure everything twice.
Whenever you install a new version of Flash Player, probably due to a security update or similar, the Settings Manager will annoyingly reset the configurations and you will have to run the Manager again.
I am not familiar of tools that can automate the configurations or of a way to use a template (in XML form, for instance) to download the settings and save them and then upload them later when needed. If anyone has a more elegant solution for mass-deploying settings across browsers on multiple computers, please let me know.
This is a bit offtopic, nevertheless I thought it appropriate to mention a few tools that you can use to better manage Flash content. We will have a separate tutorial on this subject, nevertheless, here's a short recipe for improved Flash Player management and security:
SpywareBlaster is a useful immunization utility for Windows, which can be used to blacklist websites. The program offers additional tools, including the Flash Killer. Activating the utility will block the Flash Player installation and disable it from running if installed. It's a global, one-for-all measure, nevertheless you can set it on/off any time you want.
Firefox has a nice extension called Flashblock that will automatically prevent Flash content from displaying (and playing) and will instead present you with a play-button Flash icon that you can then manually activate only for the content you want and need.
This can help speed the page load, reduce the visual clutter and minimize your interaction with Flash objects on websites, potentially offloading some of the privacy and security concerns you might have. Compared to Flash Killer, Flashblock is a more pragmatic solution, as it only blocks Flash temporarily and per object, allowing a refined, granular control of the content.
If you are really paranoid about Flash content residing on your machine, and I'm not talking about files you downloaded - I'm talking about cookies and other objects set by websites, there are several things you can do. First, you can use your file manager to browse the local filesystems. Windows, Linux and Mac use different storage locations.
The cookies and other objects (called Local Shared Objects - LSO) can be found under:
Please note that Application Data is a hidden directory, so you will have to have hidden directories visible. Now, an example, a Skype Flash object containing user interface (UI) preferences.
On Linux, the objects can be found in the hidden directory .macromedia inside your home directory. For instance:
By the way, the Settings Manager looks the same and works the same for Linux too:
On Mac, the objects can be found inside the user's home directory. I don't have a screenshot here, sorry.
Instead of going about through the directories, you may want to use a utility to manage the Flash content. Not surprisingly, Firefox also has an extension for this task, called Better Privacy.
This extension allows you to search for long-term "super-cookies" and delete them. It also has an ability to temporarily skip cookies and objects currently in use, to avoid impairing functionality.
Configuring the Flash Player is similar to managing cookies / firewall rules in a way. If you understand these two concepts, you will also understand how to work with Adobe Flash Player.
I hope this article has helped you in several ways. First, the very fact you know that the Flash Player settings can be configured, something that seems so trivial and yet it very little known to most people. Second, you have learned how to work with the Settings Manager - you now what know what each option means and how it impacts your Internet experience, but more importantly, your privacy. Lastly, I have also shown you how to manipulate the Flash content on all three major operating systems, including manual methods as well as a nifty Firefox extension that can do the job for you. We will have a separate tutorial on Flash security. For now, enjoy your new discoveries.