Resource Center > Privacy > How to delete Flash cookies, permacookies, and zombie cookies

How to delete Flash cookies, permacookies, and zombie cookies

 | Updated
by Staff Writer

halloween cookies

This post has been modified to reflect new information since its original publication.

When you think of cookies, you may think of a delicious dessert. However, in the tech world, a cookie is a small data file that websites store on your computer when you visit them. Websites communicate with cookies to track information about user activity. Without the use of cookies, many websites would not function at all or would not be user-friendly.

The use of cookies is particularly crucial for websites that require you to log in, such as social media sites, email clients, and sites that make use of online shopping carts. However, many other websites use cookies, including those that rely on banner advertisements to generate revenue.

What do cookies have to do with online privacy?

Data about users’ web activity is valuable to companies and other organizations that use the Internet to drive their businesses. Knowing about your interests, particularly past purchases, enables vendors to show you advertisements for products that you are likely to be interested in.

While receiving tailored search results and even targeted ads can be helpful to consumers, privacy can be a concern when it comes to the use of cookies. This is because you may not be aware of which websites are collecting data, what type of data they are collecting, or what they do with the data they collect.

All cookies aren’t created equal

There are numerous types of cookies, and some are more of a privacy concern than others. For example, authentication cookies tell websites with logins whether or not you are currently logged in. This is actually good for privacy because your personal information can only be accessed if you are logged in on that particular computer.

Has your personal information been exposed online? Remove my information

Similarly, session cookies, which are sometimes also called in-memory cookies or transient cookies, are only active while you are on a particular site. Generally speaking, your Web browser will delete a session cookie when you close the browser window. The data from session cookies is not generally a privacy concern since it is not stored long term.

However, there are other types of cookies that may pose a privacy concern, including Flash cookies, permacookies, and zombie cookies. As a result, you may want to delete instances of these cookies from your computer to prevent your online activity from being tracked. Additionally, you may want to change your browser or other computer settings so as to restrict the installation of these types of cookies without your knowledge. Here’s how.

About Flash cookies

Flash is an old Web technology developed by Adobe that is slowly being phased out. However, most browsers still support Flash, and the technology can be used to create a type of cookie. According to Adobe:

A local shared object, sometimes called a “Flash cookie,” is a data file that can be created on your computer by the sites you visit. Shared objects are most often used to enhance your web-browsing experience. For example, by allowing you to personalize the look of a website that you frequently visit. Shared objects, by themselves, can’t do anything to or with the data on your computer. More important, shared objects can never access or remember your e-mail address or other personal information unless you willingly provide such information.

How to delete Flash cookies

Unlike regular Web cookies, which can be disabled via your browser preferences, Flash cookies can only be accessed through the Adobe Flash Player Settings Manager.

From the Flash Player Settings Manager, you can change the storage limit of individual websites by selecting the website from the list and moving the slider bar to the left or right. By default, the storage limit is 100KB.

If you want to delete stored data for an individual website, highlight the website and click Delete. To delete all the data at once, choose Delete All Sites.

YouTube video on locally shared objects and Flash cookies:

How to prevent further Flash cookie tracking

To prevent or restrict flash cookie installation, visit the Global Storage Settings tab of the Adobe Flash Player Settings Manager. From there, you can control how much storage space websites can use to keep information by adjusting the slider to the left or right. To prohibit websites from storing any information at all, deselect the box that says “Allow third-party Flash content to store data on your computer.”

Be advised that if you uncheck this box, some websites that use Flash may not function correctly. That said, since Flash usage is increasingly rare in legitimate websites, most people will not notice a significant change in their Web browsing experience.

How to delete Flash cookies from your hard drive

If this is the first time you’ve adjusted your Flash Player storage settings, you probably already have Flash cookie information sitting on your hard drive somewhere. It’s a good idea to delete it entirely. Here is the file path for accessing the information:

  • Windows: C:\Documents and Settings\[username]\Application Data\Macromedia\Flash Player
  • Mac: /Users/[username]/Library/Preferences/Macromedia/Flash Player

Once you have found the files, you can delete them as you would any other file.


Has your personal information been exposed online? Remove my information

Unfortunately, marketers are forever inventing new ways to track your personal information. One instance that went too far in abusing user privacy came to light in 2014. AT&T and Verizon implemented a Relevant Advertising program that inserted unique identifier headers (UIDH), or “permacookies,” into customers’ Internet requests. Anyone using the AT&T or Verizon networks to access the Internet on their cell phones could have their activity tracked by anyone who was aware of the permacookies’ existence.

Despite the fact that customers could opt out of the Relevant Advertising program, the permacookies were still inserted into HTTP requests by customers using the cellular network to access the Internet. As a result of public outcry, however, AT&T stopped using the Relevant Advertising program.

Verizon did not, attempting to address the problem by means of an opt-out program that prevented the installation of permacookies. The FCC found these steps inadequate, however, and fined the company $1.35 million. Subsequently, Verizon was required to obtain customer permission prior to sharing any data. Additionally, the company had to provide its customers with information about its ad targeting practices.

Although the AT&T and Verizon permacookies issue has been resolved, it is important to remember that companies are forever trying to find new ways to track your personal information. You cannot count on companies to have your best interest in mind. This means staying abreast of technological developments that may put your privacy at risk.

About zombie cookies

Most third-party browser tracking cookies are fairly simple to remove; we’ll address the basics of persistent cookie removal later in this article. However, sometimes you may notice that cookies you have already deleted have been reinstalled despite setting your preferences to block cookies in the future. What’s going on?

Ready to protect your identity & secure your private information? Protect my identity

Zombie cookies, that’s what! Named for their ability to “rise from the dead,” Zombie cookies occur when third-party cookies are placed outside of your web browser’s designated cookie storage.

For example, third-party cookies and Flash cookies may work together to create zombie cookies. Because most users do not manage their Flash cookies, some websites install Flash cookies as well as regular third-party cookies. The Flash cookie will periodically check to make sure that the third-party cookie is installed. If the third-party cookie has been deleted, the Flash cookie will re-create it. Zombie cookies can also be created using alternative technologies, such as your browser’s local storage cache.

Unfortunately for your privacy, since cookie re-creation is not considered a fresh install, zombie cookies often bypass any restrictions you have placed on the installation of third-party cookies. Not only that, when zombie cookies are controlled by Flash player, they can track your activity across multiple browsers.

What this means is that even if you delete third-party cookies from your computer and change your settings to prevent their installation in the future, you may still have zombie cookies on your computer unless you take some precautions.

How to delete zombie cookies

Has your personal information been exposed online? Remove my information

In order to prevent zombie cookies, you need to first delete the cookie that is reinstalling the third-party cookies. In the case of Flash cookies, you can do this by following the instructions above.

There is also a free piece of software called CCleaner that can be used to delete unwanted files on Windows, Mac, or Android systems. Although this software is well reviewed, it is a third-party installation. If you decide to go this route, read the instructions carefully and make sure that you are installing and using the latest version, as this type of software is often updated to address security issues.

If you are using CCleaner, click Cleaner and select the Applications tab. Make sure you check “Adobe Flash Player” in the multimedia section before clicking “Analyze” and “Run Cleaner” to remove any Flash cookies. Once you have removed the Flash cookies, you can set your Flash player to decline the installation of third-party Flash cookies in the future.

Because Flash cookies can create zombie cookies in multiple browsers, once you have removed the offending Flash cookie you may want to remove any third-party cookies in all the browsers on your computer, even those you do not use frequently. You can also use CCleaner to remove other third-party cookies on your computer responsible for respawning zombie cookies.

About Persistent Cookies

Whereas session cookies expire when you close your web browser, persistent cookies have a set expiration date or are set to expire after a certain amount of time has elapsed. Sometimes persistent cookies are useful; for example, they may keep you logged in to your email account so that you do not have to enter your username and password every time you restart your computer.

Ready to protect your identity & secure your private information? Protect my identity

Other times, however, persistent cookies are used to track your behavior online in ways you may not appreciate. For example, a company may use persistent cookies in order to track how many times you view their advertisement across multiple websites, or to ensure that you see their advertisement on multiple websites.

This is because persistent cookies transmit your information to a server every time you access either the company’s website directly or indirectly (i.e., on the company’s website itself, or an advertisement on another website that links back to the company’s website). For this reason, they are sometimes referred to as tracking cookies or third-party cookies.

How to Block Persistent Cookies

If you decide you want to block third-party cookies from being installed on your computer, you have to change the settings in the browser you use to access the Internet. Here are the basics for four common browsers:

  • Firefox: Tools > Options > Privacy. Uncheck “Accept third-party cookies.”
  • Google Chrome: Settings > Advanced Settings > Privacy > Content Settings. Check “Block third-party cookies and site data.”
  • Internet Explorer 11: Tools > Internet Options > Privacy > Advanced. Check “Override automatic cookie handling, and then choose “Block” under “Third-party Cookies.”
  • Safari: Safari > Preferences > Privacy. Check “Block all cookies.”

Browsers also have other options available that enable you to customize your privacy settings. For example, browsing in private or incognito mode means that any cookies will be deleted when you close your browser.

It is important to note, however, that blocking all cookies and/or browsing in private or incognito mode may prevent some sites from working properly. Additionally, you may have to log in manually to some websites every time you access them, as opposed to having your username and password stored.

A final word on cookies

Remember, cookies are merely tools websites use and are not always nefarious. While there are privacy concerns with certain types of cookies, without them, the Internet as we know it would not exist. That being said, knowing how to find and delete cookies gives you more control over the information you share online.

If you are concerned about issues of online privacy, ReputationDefender can help. We’re happy to give you personalized advice, no strings attached.