INeedAttention.com

Rants on business, science, technology, society, politics, police, and justice, plus life hacks and tricks, since 2003.

INeedAttention.com header image 2

How to Disable Flash Cookies for Fun and Profit

October 14th, 2007 · 4 Comments

Background on Flash Cookies

Since its introduction in 1996, Adobe Flash has become a popular method for adding animation and interactivity to web pages; several software products, systems, and devices are able to create or display Flash. Flash is commonly used to create animation, advertisements, various web-page components, to integrate video into web pages, and more recently, to develop rich internet applications.

Flash Players from version 6 can store and retrieve persistent data without offering any visible signs to the user—in a manner similar to that of cookies. YouTube is one of the more popular Internet applications powered by Flash. Pandora internet radio is powered by flash; so is the recent McDonald’s Monopoly promotion‘s online game. All three sites use Flash cookies to different degrees. This is not much of a problem for YouTube, but this may indicate major problems with the McDonald’s Monopoly promotion.

Pandora requires users to register after a brief trial period. A flash cookie will is set on the user’s computer, indicating that the trial period has ended. Then, anytime the user returns, even if they clear their browser cookies, they will be prompted to register. However, clearing the Flash cookies and refreshing the page makes the Pandora player reappear anew. Thus, a user never truly needs to register and can enjoy the trial period in perpetuity. For Pandora, this isn’t much of a problem, since they essentially give their service away freely anyway.

However, the new McDonald’s Monopoly promotion uses Flash cookies in a more trusting way. The McDonald’s Monopoly promotion allows players to receive one free online play using the code “I6L6V4N4T2” (think “I’m Lovin’ It” with descending numbers in there). When a user enters the free code, they are asked to register before the code is played. After entering a name, phone number, and ZIP code, the free code is played. Attempting to play the free code again results in an error message. However, by clearing the Flash cookies and reloading the McDonald’s Monopoly page, the player can get a second free roll.


Disabling Flash Cookies

It is possible to clear the temporary files that Flash stores on your computer either through the Flash website, or by clearing the files manually. For Windows XP, the location is within each user’s Application Data directory, under Macromedia\Flash Player\#SharedObjects. For Mac OS X the location is in each users Library directory under Preferences/Macromedia/Flash Player/#SharedObjects. On Linux the location is in each users directory: ~/.macromedia/Flash_Player/#SharedObjects.

The easiest way to clear the Flash cookies for a particular site is as follows:

  • Load that site that uses Flash, such as the McDonald’s Monopoly site.
  • Right-click anywhere inside the Flash player.
  • Select “Settings…”.
  • Select the “Local Storage” tab by clicking the arrow and folder icon. You will see the dialog below:
    Flash cookie settings dialog
  • Move the slider all the way to the left (0 KB)
  • Click “Close”

For Pandora, reloading the site with Flash cookies disabled results in an error message advising you to re-enable your Flash cookies. Go through this process again, this time setting the slider to something other than 0 KB. The McDonald’s Monopoly site doesn’t appear to do this however, and will let you play even it cannot store that on your Flash player.


Potential for McFraud in Monopoly Promotion

This would seem to compromise the integrity of the promotion since one player could apparently acquire unlimited free plays. The process could potentially even be automated using something along the lines of a custom Firefox browser extension. The official rules would disqualify registration with fake information and registration by proxy. Also, the promotion requires a phone number and ZIP code. Presumably they would notice a number of entries to the same phone number.

This could be overcome using anonymous voicemail drop services like PrivatePhone, however the entrant would still need to provide a name and a ZIP code. It is unclear how, if, the ZIP code would be used to verify the validity of the entry. So, while you can apparently get unlimited free plays, you can’t claim the prize. This could still result in a “denial of service” to legitimate players if automated plays won prizes, taking them out of the prize pool even if they are not claimed. In my limited experimentation with this issue, it seemed I never rolled anything but a Connecticut Avenue, so it may not even be possible to win a prize with your free code. However in that case, it’s not much of a free roll so much as a tease.

Please comment if you find more on this subject.

Tags: Business · Computers · McDonalds · pwn3d! (Hacks and Tricks) · Skippy Stuff · Technology

4 responses so far ↓

  • 1 INeedAttention.com » McDonald’s Monopoly 2007 // Oct 14, 2007 at 4:06 pm

    […] The online version of the game may be vulnerable to giving out unlimited free game plays if a user clears their flash cookies. Click here to read more about how to clear Flash cookies to possibly play McDonald’s Monopoly free. […]

  • 2 INeedAttention.com » McDonalds Monopoly: Ba da ba ba ba, I’m Lovin’ It // Oct 14, 2007 at 4:07 pm

    […] The online version of the game may be vulnerable to giving out unlimited free game plays if a user clears their flash cookies. Click here to read more about how to clear Flash cookies to possibly play McDonald’s Monopoly free. […]

  • 3 Mike // Oct 16, 2007 at 7:37 pm

    Conn Ave IS the only thing you can roll w/ the free piece, it says so in the rules if you look close enough so its not so much a free play as a free specific piece of the board

  • 4 Nathan // Oct 22, 2007 at 1:32 pm

    Would you be able to use the same game pieces that you used before and have them work?

Leave a Comment