This is the last segment in the series. To begin with, I have a question for you…
What do you call a device that has a 1 gigahertz microprocessor, 512 megabytes of RAM, several gigabytes of solid state storage, runs programs, can be programmed, and can access the internet? Sound a bit like a Netbook, but computer is the answer I am looking for. Now add the ability to make phone calls on a CDMA or GSM network and you have a smart phone. The point is that your smart phone is a computer and many smart phones have the ability to run Adobe Flash. Flash is supported on Android version 2.2, Windows Mobile, and even on the iPhone 4. This means that it isn’t only your PC you need to be concerned with, but the spy is in your phone as well. The configuration options for mobile Flash are a lot more simplistic, but you need to go to https://settings.adobe.com/flashplayer/mobile/ on your mobile device. This is what it looks like on a Droid 2.
Obviously selecting never for local storage provides the most privacy, but also the least functionality. Selecting “Only from sites I visit” is probably the most reasonable choice presented. Whether or not you enable the cache is really up to you. These telephony equipped computers have a lot less space than a standard PC, but caching components may decrease data usage if you do not have an unlimited plan. I simply disable peer-assisted networking. I’m really not interested in having someone else use my bandwidth.
Unlike the highly granular configuration options that are possible with the mms.cfg file on a PC, Flash on the mobile platform offers very little choice in protecting your privacy. If you have Flash on your mobile device, I recommend you visit the settings manager periodically to make sure your choices have not been altered in an update. If you are traveling in an area where roaming charges might apply, before you leave, you might want to disable local storage entirely for Flash, but that is for cost savings, not privacy.
To sum up the series, Adobe Flash does enable a lot of quality video content on the web, however the price it comes with is privacy. Adobe isn’t going to tell you how, who, or when Flash is being used to track you, so it is up to you to take control. Perhaps you are fine with being tracked, some people are, but you can’t make the decision if you don’t know there is a decision. I hope this series has helped you understand some of the risks associated with Flash, and some of your options for controlling your privacy.
Director of Technical Education
Author ESET Research, We Live Security