Flash Cookies (which are officially known as Local Shared Object storage) are similar in intent to better known HTTP Cookies. They are used to store information on a web user's computer so that from web browsing session to session the user's identity can be tracked.
As with ordinary cookies, Flash Cookies can be used for useful things (remembering who you are so you don't have to log in each time on web sites you commonly use) to annoying things (such as tracking your surfing habits to spy on you for commercial purposes by aggregating information from site-to-site).
Flash Cookies exist because regular HTTP cookies are limited in size; Flash Cookies are larger and provide more storage for applications written in Flash.
Unlike ordinary cookies, Flash Cookies are largely unknown to the surfing public and very hard to control. Here's a list of bad things about Flash Cookies.
1. Flash Cookies are hard to delete
All the major web browsers have control for regular HTTP cookies built in. In contrast, none of them provide control of Flash Cookies. That's a pity since we know that people delete their HTTP cookies very regularly. If you want to delete them then you need to visit this page on Adobe.com.
2. Flash Cookies are not kept private by browser 'private browsing' modes
Since Flash Cookies exist outside the browser (they are part of Flash, not the browser) they are not controlled by browser 'private' modes. Typically, in private modes any HTTP cookies set by web sites visited will be removed at the end of the browsing session. Not so, with Flash Cookies. The Flash system does not know about private browsing and will keep any cookies created during the private session.
This means that if, for example, you use the private mode to browse pornography even though your history and cookies will be protected, the Flash Cookies will give you away. Adobe announced last month that a new version of the Flash player would respect these modes.
3. Flash Cookies leak information from browser to browser
Flash Cookies are controlled by Flash, not by your browser. That means that if you have multiple browsers on your computer the Flash Cookies will be the same across all of them. If you browse a site that uses Flash Cookies in Internet Explorer and then open the site in Firefox you'll have the same Flash Cookies underneath.
4. Flash Cookies bring deleted HTTP Cookies back from the dead
Since Flash Cookies are so persistent (see #1), they are used by lots and lots of web sites. And one use it to recreate ordinary HTTP cookies. Suppose you visit my web site. I could set an HTTP cookie to track your visit and a Flash Cookie at the same time. If you subsequently clear the HTTP cookie my site could look in the Flash Cookie to find out the value of the HTTP cookie and reset it. Doing so makes cookie clearing in your browser useless.
5. Flash Cookies don't self-destruct
Ordinary HTTP cookies have an expiry date/time associated with them so that even if you don't delete them they'll get removed by your browser after a certain amount of time. And there are session cookies that persist just for one web browsing session. In contrast, Flash Cookies are eternal. Unless the Flash application itself decides to delete a cookie it's created, it will persist forever on your machine.
6. Flash Cookies are everywhere
Last year it was reported that 54% of the top 100 web sites are using Flash Cookies. My research says that that number continues to increase.
7. Flash Cookies circumvent 'third-party cookie' controls
Because Flash Cookies are beyond browser control they circumvent third-party HTTP cookie controls. Many browsers allow users to accept first-party cookies (cookies created by the site they are visiting; these can be useful for automatic login and remembering your preferences), but to refuse third-party cookies (which are used by things like Google Analytics or advertising agencies to track your web browsing habits).
This isn't possible with Flash Cookies: they are beyond the browser's control.