Think you are protecting your privacy by pruning or deleting your web browser cookies? Chances are, you are sadly mistaken. According to a recent article on the Wired.com website, “more than half of the internet’s top websites use a little known capability of Adobe’s Flash plug-in to track users and store information about them.”

Flash is installed on something like 98% of the world’s personal computers. If you’ve ever viewed a web page, chances are you’ve encountered Flash in some form. Most videos are displayed with Flash, for example, as are the bulk of those animated ads you’ve trained yourself to ignore.

Problem is, Flash applications can store information on your computer in a widget called a Local Shared Object (LSO). Most of the time, the sort of stuff stored in an LSO is fairly benign, but this capability is also subject to abuse. The most egregious example of LSO abuse is something called “persistent cookies.” This was devised as a workaround to deal with the increasing number of people who, concerned with issues of online privacy, deleted their cookies regularly. A copy of the cookie data is stored in a Flash LSO. If the cookie has been deleted, it is restored using the LSO data.

This persistent cookie trick has been around for several years. When it was first proposed, the objections were so loud and fervent — even Adobe/Macromedia got huffy about it — it seemed the idea died an early death. I wrote it up for a small circle of friends, made some adjustments to prevent it and forgot about it. Evidently, bad things have been happening in the shadows since then and it is time to clean up my notes and post them online.

So, herewith are two straightforward ways to control Flash cookies with a minimum of hassle, as well as some information on when you should not remove Flash cookies…

Method #1:

Bring up the Flash Player Settings Manager web page.

On the second tab from the left, move the slider all the way to the left and place a checkmark next to “Never Ask Again.”

Next, go to the right-most tab and click the “Delete all sites” button.

This procedure starts you with a clean slate and tells Flash that, in the future, sites can create Local Shared Objects, but only with zero length. In other words, a site can create an LSO, but it can’t store anything in it. Pretty sneaky, eh? I’d suggest you periodically revisit the right-hand tab and clear out the accumulated zero-size LSOs.

Advantage: Simplicity. No LSO storage means no Flash cookies.

Disadvantage: Some web sites use Flash LSO storage in a useful way. For example, certain video and audio sites employ LSOs to retain player settings during your visit or to help smooth out streaming video. Also, a very few sites will simply not work if LSOs are disabled. If this is a concern and you are using Firefox as your web browser, consider using Method #2 instead.

Method #2:

The above Settings Manager tweak stomps Flash cookies with minimal hassle and works with any web browser. However, if you are a Firefox user, there’s an add-on giving you finer-grained control. It’s called Better Privacy and can be found at http://netticat.ath.cx/BetterPrivacy/BetterPrivacy.htm. The easiest way to use Better Privacy is to set it to delete all LSOs when you exit Firefox.

Once you’ve installed Better Privacy, go to the Firefox Tools menu and chose “BetterPrivacy”. You’ll get a window that looks something like this:

Click on the “Options & Help” tab. Enable “Delete Flash cookies on Firefox exit”. Optionally, disable (uncheck) “Always ask”. Personally, I always disable the “Always ask” option. Being asked what I wish to do with my Flash cookies every time I exit Firefox is a big nuisance.

If you encounter the rare site that actually requires LSO storage to work properly (I’ve only seen one so far), using the Better Privacy add-on permits the site to allocate some space without the LSO persisting beyond your current browser session. You get the best of both worlds. Web sites are happy because Flash behaves in the expected way; you’re happy because all the Flash trash gets tossed when you exit Firefox.

But wait, there’s more.

Keeping good Flash cookies

Sometimes, you may wish to protect a Flash cookie from deletion. For instance, Flash-based games like the popular Machinarium store game progress and status in an LSO. Unless you thrive on frustration, zapping it would be a Bad Thing. Happily, a small additional tweak to the above Method #2 can accommodate this.

Launch Firefox and chose “BetterPrivacy” from the Tools menu. You’ll get a list of the current Flash LSOs that looks something like this:

Select (click on) the LSO you want to preserve and click the “Prevent automatic LSO deletion” button. The LSO’s status will change from “Not protected” to “Protected Folder.”

Click the “OK” button and you’re done. When you exit Firefox, all Flash cookies will now be deleted, except the ones you’ve protected. Unwanted Flash data still gets sent to that big bit-bucket in the sky, but your hard-won game progress remains undisturbed.

For those of you who came in late, a “cookie” is a scrap of data that may be placed on your computer when you visit a web site. Web sites can only read and write their own cookies.

Used responsibly, cookies are very useful. For instance, most retail sites use cookies to keep track of the contents and status of your shopping cart.

Unfortunately, cookies are also subject to abuse. The most infamous examples are the so-called “tracking cookies.” Many web pages display advertising served up from third-party web sites. These third-party ad networks also deposit cookies on your computer. If you later visit another web site using ads from one of these outfits, they will read and update their cookies, in the process collecting information on what sites you’ve been visiting, what you looked at while you were there, the IP address you are using to access the Internet, the particulars of your web browser and a fair bit of information about your computing environment. The marketing droids say this is harmless and even beneficial because it enables them to provide advertising you are more likely to find useful based on your interests. Personally, I find it creepy that some anonymous outfit is building a profile of my browsing habits.

Some people deal with this by controlling what web sites are allowed to set cookies on their machines and under what circumstances. This gets tedious and often finicky. I prefer an easier approach.

Since its first release, Firefox has had an option to delete all cookies when you close the browser. Web sites can set any cookies they wish; everything works normally. When you exit Firefox, all the cookies disappear. Simple. Here’s how you do it in Firefox 3.5. Earlier versions are similar…

1. From the Firefox Tools menu, Choose “Options…”
2. Select the Privacy tab.
3. In the History section of the Privacy window, tell Firefox to “Use custom settings for history”, put checkmarks next to “Accept cookies from sites” and “Accept third-party cookies”, and select the option to keep cookies until “I close Firefox”. You should end up with a Privacy pane that looks something like this:
   
4. Click the “Show Cookies…” button and go delete all your existing cookies. You may be surprised at how many are stored on your computer.
5. Click the “OK” button to save your changes.

So, what’s the downside? Well, there are still a few web sites out there that store personalization information in cookies. Deleting your cookies every time you close out of Firefox will break these sites. However, this style of “portal” site went out of fashion quite some time ago. These days, most user-customized web sites store the personal settings on their servers and retrieve them when the user logs into the site.

For most people, the “toss your cookies” Firefox setting increases privacy with no significant effect on their web browsing experience.

Happily, there are solutions…

If you are using Office 2000, Office XP or Office 2003, download and install the “Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats.” It’s free for anyone to download and requires no validation nonsense. According to Microsoft, “by installing the Compatibility Pack in addition to Microsoft Office 2000, Office XP, or Office 2003, you will be able to open, edit, and save files using the file formats new to Word, Excel, and PowerPoint 2007.” Do pay attention to the write-up on the download page, though, including the part about grabbing the latest security updates.

If you are using OpenOffice, just upgrade to the latest release (version 3.1 at the time this was written). It costs nothing and the update process is not unduly burdensome. If you’re running a fairly recent version of OpenOffice, you’ll likely be offered updates automatically.

If you are using WordPerfect Office X4 or later, you should be more or less OK. For earlier versions, contact Corel for compatibility information.

And, finally, if you’re using a non-Microsoft office suite and are not running Windows Vista or later, you’ll need the new Office 2007 fonts. See the “How to get the Office 2007 fonts” post for details.

Beginning with Office 2007 and Windows Vista, Microsoft introduced six new TrueType fonts. They are: Calibri, Cambria, Candara, Consolas, Constantia and Corbel. If you don’t have these fonts and open a document that uses them, it may not display properly. If the document is an Adobe PDF, you may, under some circumstances, see an unintelligible series of dots, accompanied by a message that one or more fonts is missing.

Fortunately, you don’t have to upgrade to the latest version of Microsoft Office, or move to Vista or Windows 7, to get the new fonts.

If you are running Windows XP or Windows 2000, but not any Office 2007 components, the easiest solution is to download and install PowerPoint Viewer 2007. The download is free and requires no validation checks. Installing the PowerPoint Viewer installs the new fonts as well. Simple.

And by the way . . .

Technically, this is a license violation but, if you want just the fonts without the PowerPoint Viewer, there is a way to do this. Here’s the general procedure:

1. The PowerPointViewer.exe executable is actually an archive. Extract the contents to a new folder someplace convenient. 7-Zip and PeaZip can do this, as can the venerable, but non-free, WinZip.
2. Take a look at the files you’ve just extracted and you’ll see yet another archive named ppviewer.cab, which contains the font files. Extract its contents.
3. Use the Windows Control Panel “Fonts” applet to install the new fonts from wherever you placed the contents of ppviewer.cab. (Choose the “Install New Font…” option from the the “Fonts” applet’s File menu.) Make sure the “Copy fonts to Fonts folder” option is checked.

Running Linux? See this article.

At base, a file name has two parts: the actual name you assign to the file and its extension. Think of an extension as the part of the name that identifies the file’s type. For example, suppose you create a Word document named “Newsletter”. The name of the file on disk is “Newsletter.doc” (or maybe “Newsletter.docx” if you’re using Word 2007). The “.doc” (or “.docx”) part is the file’s extension. It tells Windows that the file is a Word document and that it should be opened with Microsoft Word and not some other program.

Unless you tell it not to, Windows hides the extensions for all recognized file types. So, if you look in your documents folder, you will see your Word document listed as “Newsletter”, not “Newsletter.doc”. Windows is trying to be “helpful,” here. The idea is that, if you saved your document as “Newsletter”, it is less confusing if it simply shows up as “Newsletter” on disk.

Now, there are a couple of problems with this.

Scammers sometimes take advantage of this extension-hiding feature to make infected email attachments look harmless — sort of. For instance, they might create an infected email attachment named “bargains.txt.exe”. The “.exe” part means that it is a program but, if Windows is hiding extensions, the name will appear as “bargains.txt”. The bad guys are hoping that some folks might be inattentive, think, “Hey, it’s just a harmless text file,” and open the attachment. Oops.

Also, you might occasionally want to be able to edit an entire file name, including the extension. For instance, I sometimes do this if I am dealing with an old or damaged file that I’m not quite ready to delete. Giving it a “.old” or “.bad” extension ensures it won’t be opened or run accidentally until it’s time to send it to that big bit-bucket in the sky.

Bottom line: Revealing file extensions doesn’t hurt anything, it increases your security slightly and it might come in handy some day.

Here’s how it’s done:

Windows XP and earlier

1. Open a folder. The “My Documents” folder is as good a choice as any. (I.e., click the Start button; click “My Documents”.)
2. Click the “Tools” menu and choose “Folder Options…”
3. Click on the “View” tab. In the “Advanced settings” section, clear the checkmark next to “Hide extensions for known file types”.
4. Click the “OK” button.

Windows Vista & Windows 7

1. Open a folder. The “Documents” folder is as good a choice as any. (I.e., click the Start button; click “Documents”.)
2. Press the “Alt” key (located on either side of the space bar). This will make the menus appear.
3. Click the “Tools” menu and choose “Folder Options…”
4. Click on the “View” tab. In the “Advanced settings” section, clear the checkmark next to “Hide extensions for known file types”.
5. Click the “OK” button.

That’s it. You’re done. Any time you open a file folder, you’ll be able to see complete file names instead of the user-remedial versions.

Update: This all assumes you are up-to-date, which means Windows XP Service Pack 3 (SP3). If you are still running Service Pack 2, Microsoft officially forgets you exist on July 10, 2010.

So, big deal. Who calls Microsoft support anyways?

Well, the real significance of this is that it portends a rapid erosion of XP support generally. Third-party hardware and software manufacturers will lose interest in supporting an operating system being prepped for that big bit bucket in the sky, especially if there’s a need to coordinate with Microsoft during product development.

It’s time to cut the cord. Unless you have a mission-critical need, buying a new system running Windows XP at this point is ill-advised.

A “disk manufacturer’s gigabyte” is not the same as a “computer geek’s gigabyte.” Generally, prefixes like kilo, mega and giga represent successive multiples of 1000. For example, “kilometer” means “1000 meters.” Similarly, mega indicates a million (1000 x 1000 = 1,000,000) and giga, a billion (1000 x 1000 x 1000 = 1,000,000,000). Computers, however, use binary arithmetic (base 2), so it is more convenient to use numbers that are powers of two. Thus, large computer-related quantities are usually expressed as multiples of 1024 (2¹⁰). This means that a kilobyte (KB) is understood to be 1024 bytes rather than 1000 bytes, a megabyte (MB) is 1,048,576 (1024 x 1024) bytes, and so forth.

Hard drive manufacturers had a choice in the early days: They could use either the conventional meanings for these prefixes or the specialized, computing variant. Not surprisingly, they chose the alternative that gave them the bigger numbers. This is why that 500GB hard drive is viewed as a 465GB drive by your computer. A good rule of thumb is to take the advertised drive capacity and subtract a little over 5 percent. For terabyte drives, subtract about 10 percent.

Mind you, the folks who make those drives aren’t really cheating. My 500GB hard drive holds 500,096,991,232 bytes, which is, in fact, a solid 500 gigabytes in the outside world. What can I say? Computer people don’t think like normal people.

For the idly curious and numerically obsessed, here’s a table of the prefixes and their associated multipliers:

By the way, non-geek terminology is used to describe most forms of mass storage, not just hard drives. For instance, the so-called “1.44MB” floppy is really a 1.38MB diskette and the “2GB” flash drive I carry around in my pocket actually stores 1.87GB.

After (mumble) years, we’ve decided to revive the old “Where the Rocks Are” series, known to the cognoscenti as “WhertRA.” The title is based on a dumb joke, which is explained in all its fascinating detail on the “About” page.

Short version: WhertRA is a collection of computer-related articles based on questions from real-world users. Every once in awhile, I get a burr under my saddle and write about stuff that I think people should be asking about.

As a consultant, I work mostly with small businesses and individuals, so expect an emphasis on basic, day-to-day problem solving. If you came here looking for specialized articles on enterprise computing or high-tech policy issues or some other big-picture topic, you’re in the wrong room; try down the hall. If you are, like most of us, just trying to get some work done with your computer, have a seat. The show’s about to begin.