Skip to Content
I read an interesting thing the other day – someone didn’t like pie. In fact they disliked it even more than cookies. I was totally surprised since I had never heard about it before. The more I looked into it, the more I discovered that this was mostly a US matter. People in (mainland) Europe didn’t seem to be much concerned about pie, if they even knew what it was all about anyway. And that was strange, since one would expect the US to be less concerned than Europe about such things. What is this all about?    Well, I’m going to talk about a so called new threat to privacy: PIE aka Persistent Identification Elements. According to some doom mongers this is far more dangerous than cookies. Where do these PIEs and the fear suddenly come from? In order to understand that one we need to take a close look at this {code:html}survey {code} by Jupiter Media. The conclusions are that 58% of web site visitors “cripple accurate web site measurement” by deleting and/or blocking cookies. 39% even do this on a regular (monthly) basis. That’s bad news for the marketing people and also for us web developers. Marketing people made the use of cookies nearly impossible by misusing this technology and thereby making a stateless environment a bit less stateless. As SAP developers we have the good fortune that we can use server side cookies and have the ability to make applications stateful. It’s more or less the same as with popups. With all these popup blockers it’s virtually impossible to use popups in a web application. And for what? The marketing people have now moved en masse towards DHTML techniques which bypass these blocking mechanisms.     *Flash Gordon             *The same thing is now happening with cookies. All professional marketers have found another technique to bypass the fear of, and the blocking/deleting of, cookies. It’s called Flash. According to Macromedia, Flash is installed by 500 million internet connected people, meaning 1 million professionals. Macromedia proves this with this NPD survey   (http://www.macromedia.com/software/player_census/flashplayer/) indicating that 97.3% of internet enabled PCs have Flash installed. Btw, these Worldwide Ubiquity statistics   (http://www.macromedia.com/software/player_census/flashplayer/version_penetration.html) are a very interesting read. The problem is that marketers have also seen these results with all its consequences. They discovered PIE, or the use of the Local Shared Object, which came available in Macromedia Flash MX. Shared objects were introduced in this version since working with “normal” cookies within Flash was a rather tedious thing to do. In fact, a shared object is pretty similar to a cookie. Indeed it’s nothing more than a string in a file with the extension .sol. This file can be found at +C:\Documents and Settings\[your user]\Application Data\Macromedia\Flash Player+. Mac OS X users can find this under+ /Users\[your user]\Library/Preferences/Macromedia/Flash Player+ and Linux fans will find it probably under +~/.macromedia+. It might reside in extra subdirectories like +#SharedObjects+. It depends a bit on the version that you’re working with.     Another similarity is the fact that one can read/write SO from their own domain. The difference is that since it’s initiated by an external application, that shared objects aren’t browser dependant like cookies. SOs made via e.g. MIE can easily be read within Firefox.    So what’s the big deal then? A guy called Tenenbaum from a marketing firm called United Virtualities announced in a {code:html}press release {code} “Browser-Based ‘Persistent Identification Element’ – Will Also Restore Erased Cookie” because “The erasing of cookies threatens many cookie dependent server-side applications from registration to targeting to traffic counting”.     According to this press release, these PIEs can:   ** count unique users accurately **   ** also recognize the visitor and restore any erased cookies. **     *The code   *The big question now is whether the UV claims are for real. In order to understand this we need to take a look at the code. It isn’t rocket science; even if you’ve never coded in ActionScrip within Flash, you’ll understand it since it resembles JavaScript a lot. The following code is typically put in the first frame of the movie you’re creating.   The fist thing we need to do is to create a shared object.   sdnuser = SharedObject.getLocal(“sdnuser_details”);   This is the basic form where each movie within the domain can access this shared object. It can be limited to one exclusive movie if desired.   From now on, we only need to define the variables within this object:   sdnuser.data.fname = “Eddy”; sdnuser.data.lname = “De Clercq”;   In order to write the info immediately we need to flush the memory with   +sdnuser.flush(); +   The reading is similar. You open the shared object the same way as you create it.   sdnuser = SharedObject.getLocal(“sdnuser_details”);   and you read the data   fname = sdnuser.data.fname; lname=sdnuser.data.lname;    I’ve made an example based on this code, which can be tried at my sdn test site   (http://sdn.idizaai.be/sdn_so.html). You can play around with it and investigate what’s happening in the above mentioned directories. Exit the page and/or browser, restart it and see what happens.     Here is the code.   In my starting frame:     sdnuser = SharedObject.getLocal(“sdnuser_details”); if (sdnuser.data.fname == undefined){ _root.gotoAndStop(“form”); } else { fname = sdnuser.data.fname; country = sdnuser.data.country; computer = sdnuser.data.computer; _root.gotoAndStop(“done”); }   The logic is simple. Read the shared object. If it exists, go to the frame where the data is shown.   That frame has only this code:    message = “Welcome to SDN ” + fname +” from “+ country;           *So what’s the big fuss all about? I honestly don’t know. My feeling is that it is nothing more than a storm in a tea cup. In the land of the blind, the one-eyed man is king. I think that United Virtualities created a terrifying story in order to sell their product and that this story was not double checked before some of the press published it. I could be wrong, but as long as there’s no proof to the contrary I consider it to be a hoax. There is no such thing as PIE aka undeletable cookie. You can substantiate it yourself by running the above mentioned demo at my site. Run it and delete the directory idizaai.be and rerun the demo. You’ll see that it’s all gone. My speculation is that VU “technique” is nothing more than setting both a cookie and an SO. If one deletes the cookies, there will still be the shared object to retrieve. But if you also delete the latter there is nothing to fear. If you don’t trust this, there will always be the control panel Macromedia made. Either you launch it by right clicking on the Flash movie or you can launch the Setting Manager   (http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html).    image
To report this post you need to login first.

2 Comments

You must be Logged on to comment or reply to a post.

Leave a Reply