Remember the “browser wars” of a few years ago where it was IE vs the world? Well, now that it’s pretty much become clear that IE is losing ground to Firefox and others, there’s a new front on the browser war. This time the battle lines are being drawn over privacy.
Mozilla’s Firefox, Google’s Chrome, Microsoft’s Internet Explorer and Apple’s Safari are all competing to be known as the best at giving users control over how their personal information is treated online, along with things like handling “cookies,” to control how websites are able to use them to track users online activities.
How effective is the latest group of web browser privacy tools? A researcher at a security firm in San Francisco, iSec Partners, , did some trials to find out.
There was a paper published recently with the results. They found particular problems with Apple’s Safari browser. They also concluded that not even one of the “big four” browsers extend any privacy protections to Flash.
Apple’s Safari did worse than all the rest of the browsers in thier tests. Used in “private browsing mode” on a Mac running OS X, Safari was quirky at best according to researchers. It was found to be accessing some cookies previously stored on the test computer, but not others. On a machine running Windows XP, Safari’s private browsing mode wasn’t private at all! It freely accessed previously set cookies and didn’tt delete any of the new ones.
I guess it’s a good thing that relatively few people use Apple’s Safari on a Windows machine. Adobe’s Flash software on the other hand, is a much bigger issue, something like 99 percent of people surfing the web use the software. Flash’s problem is that it, drops its own cookies completely independent of a user’s browser settings.
Many websites such as Amazon.com, MySpace, Hulu.com, and many more all use these Flash cookies to record information about their users and the activies of their users..
The big problem with these flash cookies is that they can not easily be deleted by average users with the privacy settings in their browsers.
An Adobe rep came to the defense of their spying Flash Player and said that there is a separate process for deleting Flash cookies. Unfortunately, the only place I’ve ever seen is on this Adobe knowledge base article which can only be described as a arcane document that is only supposed to be there so Adobe can truthfully say that the information is out there.
If you wade through that document you can learn how to control how much data a site is allowed to store in a “Local Shared Object” (flash cookie). (did you know that this amount defaults to 100K?
Also, from what I can see, there isn’t any way to deny flash cookies on a per site basis like you can with text cookies nor is there a way for them to be automatically deleted at the end of the browser session.