These cookies won't crumble - and your ID could be at risk

No one likes tossing out cookies, but privacy gurus say clearing them off your hard drive is one of the best ways to protect your ID from falling into the hands of online thieves. But if Adobe Systems has anything to do about it, keeping your browser's cupboard free of cookie crumbs is going to remain a task that won't be easy for you to accomplish. And this has identity theft experts worried.

What it means to you
In addition to seeing a lot more ads relating to searches you performed and sites you visited, experts say Adobe Systems' "Flash cookies" (and traditional cookies, too) can leave consumers open to identity theft.

Cookies, the little bits of stored information embedded in web browsers that remember sites you visit, help advertisers target you for their latest marketing promotions. All that personalized attention makes surfers feel known and cared for, as ads claiming such things as "Local mom in (your city) made thousands doing this ..." show up while they're online.

Unfortunately, the cookies, particularly the Flash version, can also lead to your personal details being at risk for identity theft. "Flash cookies can store much more information than the standard cookie, are usually undetected, and can remain indefinitely on a hard drive," says Scott Stevenson, founder and CEO of Eliminate ID Theft, a credit-monitoring agency. And depending on where you're surfing the web, some of that information can be hacked into by identity thieves.

Where you are when surfing the web is important. George K. Tsantes, executive vice president and chief technology officer of Intersections Inc. says the most important question you need to ask regarding Flash, or any other type of cookie, is this: Does the cookie in question reside on a trusted computer?

"The rule of thumb is, if the computer you're using is controlled by you and you've taken necessary steps to protect the computer against malicious code then it's OK to store cookies for awhile," Tsantes says. "Awhile." Not forever.

But if you browse the web on a public computer or on your own computer using a public WiFi connection (if you happen to like working while visiting your favorite coffee shop or library), you should clear the cookies as soon as you're done surfing the web. "To further avoid being an identity theft victim," says Tsantes, "make sure you clear all cookies, close any open browsers and then reopen a new browser session [on a public computer or internet connection] before shopping or banking."

Cookies coming under fire
The Federal Trade Commission isn't happy with Flash's recipe for cookies. FTC Chairman Jon Leibowitz recently told Forbes magazine he's "contemplating rules that would penalize companies that track consumers without consent or adequate transparency." His theory: There's a reason we delete cookies.

Seems Congress agrees. Rep. Rick Boucher (D-VA) is currently working on a bill that would require companies to notify users about online cookies and ad targeting.

Clearing these crumbs
Traditional cookies are relatively easy to "clear" or delete. Simply select "clear recent history" or "delete cookies" on your internet browser's "Tools" menu, and the cookie crumbs are quickly cleaned up. Ah, if only everything in life were so easy.

Unfortunately, you can't clean up the "Flash cookie" as easily as you can its older brother. In fact, these kinds of cookies are not erased when savvy surfers clear their system's cache of cookies. It's no wonder marketers are salivating.

A recent study from the University of California, Berkeley concluded that eight companies use Flash cookies to remember the cookies consumers erased from 31 of the web's 100 most popular sites.

According to Andrew Brandt, a lead threat research analyst at Webroot, the makers of anti-virus protection programs, Flash cookies serve essentially the same purpose as browser cookies, "but can contain significantly more information than a browser cookie." He says the term is also misleading. "Adobe Flash doesn't actually call the data 'cookies' but 'web storage,'" Brandt told us. "The data can include things like the usage history of an Adobe Flash application."

While the government is searching for ways to keep Flash's cookies (and traditional ones, too) off your computer, there's plenty you can do to protect yourself. In addition to routinely clearing your cookies via the method mentioned above, here's how to outwit Flash:

• Open a Flash application (like a YouTube video)
• While the video is running, right click (Mac users can control-click)
• Click on the "advanced" button in the "privacy" tab to change your setting and crumble Flash's creepy cookies.

Brandt says users can also adjust the web storage settings for their Flash cookies by visiting Adobe's website setting page.

Scott Stevenson adds, "Another way to rid your system of Flash cookies is searching your hard for the files which contain the extension ".SOL". Those are Flash cookies are can be deleted."

Gina Roberts-Grey is a freelance journalist and regular contributor to WalletPop who, despite running several anti-spam, anti-malware and anti-virus programs, AND clearing her cookies regularly, was shocked to learn she had 1,084 Flash cookies stored on her six-month-old computer.