In the new browser war, privacy is a crucial battleground.
Mozilla’s Firefox, Google’s Chrome, Microsoft’s Internet Explorer and Apple’s Safari all compete to give users the most control over their online identities and the best protection from Web sites that use “cookies,” those unique identifiers that can track users online.
So how effective are the newest batch of browser privacy tools? Kate McKinley, a researcher at iSec Partners, a San Francisco security firm, sought to find out.
In a paper published Tuesday, Ms. McKinley found particular problems with Safari and concluded that none of the four major browsers extends its privacy protections to Adobe’s immensely popular Flash plug-in, which is used to display Web animations and video.
Apple’s Safari fared the worst of the browsers in Ms. McKinley’s tests. When used in “private browsing mode” on a Macintosh running OS X, Safari was “quirky,” Ms. McKinley wrote, accessing some of the cookies previously stored on her computer, but not others. When used on a machine running Windows XP, Safari’s private browsing mode was not private at all -– it accessed previously set cookies and did not delete any new ones.
Of course, relatively few people use Apple’s Safari on a PC running Microsoft Windows. The problem with Adobe’s Flash software is a bigger issue, since 99 percent of Web surfers use the software, which drops its own separate cookies on people’s computers.
Sites such as MySpace, Hulu.com, CrateandBarrel.com and Amazon.com all use Flash cookies to record some kind of information about their users.
Ms. McKinley found that this information cannot be deleted by average users in the browser privacy settings, should they wish to do so. “Flash elevates the interest of developers over the interest of the end user,” she said.
Emmy Huang, group product manager for the Adobe Flash Player, noted in an e-mail that there is a separate process for deleting Flash cookies, which is described in this somewhat arcane document. She conceded that this may not be clear to most Internet users.
“It is accurate to say that the privacy settings people make with regards to their browser activities are not immediately reflected in Flash Player,” Ms. Huang wrote. “Still, privacy choices people make for their browsers aren’t more difficult to do in Flash Player, and deleting cookies recorded by Flash Player isn’t a more difficult process than deleting browser cookies. However, it is a different process and people may not know it is available.”
She added that Adobe is working with the browser makers on combining privacy settings for the browser and Flash to make it easier for users to manage their settings.
No comments:
Post a Comment