iSec Partners recently tested Mozilla’s Firefox, Google’s Chrome, Microsoft’s Internet Explorer, and Apple’s Safari privacy and security. In particular, researcher Kate McKinley tested each browsers handling of cookies.
In their published paper [pdf], Ms. McKinley discovered several problems.
Ms. McKinley found particular problems with Safari and concluded that none of the four major browsers extends its privacy protections to Adobe’s immensely popular Flash plug-in, which is used to display Web animations and video.
Apple’s Safari fared the worst of the browsers in Ms. McKinley’s tests. When used in “private browsing mode” on a Macintosh running OS X, Safari was “quirky,” Ms. McKinley wrote, accessing some of the cookies previously stored on her computer, but not others. When used on a machine running Windows XP, Safari’s private browsing mode was not private at all -– it accessed previously set cookies and did not delete any new ones.
Sites such as MySpace, Hulu.com, CrateandBarrel.com and Amazon.com all use Flash cookies to record some kind of information about their users.
Ms. McKinley found that this information cannot be deleted by average users in the browser privacy settings, should they wish to do so. “Flash elevates the interest of developers over the interest of the end user,” she said.
You can delete flash cookies, however, the document [PC] [MAC] that explains it is difficult for the average user to understand, if they even know of it at all. A user could also try CCleaner, which works effectively at erasing flash cookies, while Flashblock (for Firefox) prevents any flash from loading.
And remember, always clear your private data when closing your browser.
Firefox
You can tell Firefox which bits to clear automatically each time you close your browser. Go to Tools > Options and then click on the Privacy Tab. Look at the settings listed under Private Data. You can then choose Always clear my private data when I close Firefox or Ask me before clearing private data.
Opera
Use this tutorial.
Google Chrome
You can use Chrome in incognito mode or Load Chrome and choose “Clear Browsing History” from the Tools menu. This will clear all your private data.
Internet Explorer
Click the Tools button in the Internet Explorer toolbar. Select Delete Browsing History… from the menu. Click Delete All…. (As an alternative, you can choose to delete Temporary Internet Files (the browser cache), Cookies, Form Data or Passwords selectively using their respective buttons.). Click Yes. Close all Internet Explorer windows.
Safari
Click on “Reset Safari” and a window will pop up. Then click on the items you wish to remove and click reset/ok.
