Flash & Safari Fail in Privacy Test

As Mozilla’s Firefox, Google’s Chrome, Microsoft’s Internet Explorer, and Apple’s Safari all compete against one another to try to see who can be the No. 1 Web browser, certainly privacy is a key factor that influences success. While many of us hope to never have to deal with the repercussions of a flawed browser and/or stolen information, there are no guarantees. As a result, we must all realize surfing the Web is a bit of a gamble, though often times it’s a very small one.

Apple Safari logoBeing informed of the latest threats and flaws is key to making an informed decision about which browser to use. Kate McKinley, a researcher at San Francisco security firm iSec Partners, recently took a closer look into the effectiveness of the newest batch of browser privacy tools. In her research, McKinley found particular problems with Safari, and also concluded that none of the four major browsers extends privacy protections to Adobe’s Flash plug-in.

In McKinley’s tests, Apple’s Safari fared the worst of the browsers: When surfing in “private browsing mode” on a Macintosh running OS X, Safari was, as she put it, “quirky” in that the browser accessed some of the cookies previously stored on her computer but not others. On a Windows XP machine, McKinley found Safari’s private browsing mode to be even worse—with no privacy at all. In fact, the browser accessed previously set cookies and did not delete any new ones in this scenario.

Adobe Flash Player logoAn even bigger issue comes to light when we consider Adobe’s Flash software, since 99% of Web surfers use the software. Flash drops its own separate cookies on people’s computers. Websites use Flash cookies to record information about its users. According to McKinley, this information cannot be deleted by the average user in the browser privacy settings. As a result, as McKinley puts it, “Flash elevates the interest of developers over the interest of the end user.”

Adobe provides information on how to delete Flash cookies on its Support page, but when the New York Times contacted Adobe, even Emmy Huang, group product manager for the Adobe Flash Player, conceded that people may not know that this separate process is available.  To the company’s defense, Huang also noted that Adobe is working with browser makers to combine privacy settings for the browser and Flash to make it easier for users to manage their settings.

Privacy and security will probably always be a cat and mouse game, but it’s important to know about the latest threats so that we can do what we can to protect ourselves.