Adobe tackling 'Flash cookie' privacy issue
With changes coming to Flash and browsers, it'll be easier to control when Web sites can store information that can be used to track people's identity online.
Adobe Systems is offering assurances that it's adapting Flash Player to make it easier for people to protect their identities online.
Since time immemorial, browsers have been able to store small text files called cookies that Web sites have been able to use to track people's identity online--for example when Amazon wants to present product suggestions.
That's always raised hackles among those who'd rather not register their identities with any number of servers on the Internet, so for years people have been able to manage cookies, including rejecting them in the first place or deleting them at will.
The cookie, though, was only the beginning of a much larger trend toward storing data on a browser's computer. Nowadays, we have or soon will get standards for Application Cache, Local Storage, --and Adobe Systems' Flash Player.
Individually, these technologies are useful for various Web chores including identity tracking. Collectively, they make it possible for Web site operators to track identity in a more sophisticated fashion: unless people delete all forms of locally stored data, a Web server could reconstitute a regular cookie with, say, data stored using Flash or the other mechanisms. This idea is known as the "supercookie" for its relative tenaciousness and sometimes a "Flash cookie" for the involvement of Flash.
Browser makers are expanding their data-wiping abilities beyond just regular cookies, and at least in some browsers, some new storage technologies ask users' permission before storing data. Now Adobe's Emmy Huang published a blog pointing to progress in getting browsers to be able to control information stored by Flash through a new aspect of the browser plug-in application programming interface (API).
"Representatives from several key companies, including Adobe, Mozilla and Google have been working together to define a new browser API (NPAPI ClearSiteData) for clearing local data, which was approved for implementation on January 5, 2011," Huang said. "Any browser that implements the API will be able to clear local storage for any plug-in that also implements the API," Huang said.
Huang also pointed to support added to Flash Player 10.1 for private-browsing features of Internet Explorer, Safari, Firefox, and Chrome. With that support, Flash Player deletes locally stored information when a private-browsing session ends.
More changes are coming, she added:
We know the Flash Player Settings Manager could be easier to use, and we're working on a redesign coming in a future release of Flash Player, which will bring together feedback from our users and external privacy advocates. Focused on usability, this redesign will make it simpler for users to understand and manage their Flash Player settings and privacy preferences. In addition, we'll enable you to access the Flash Player Settings Manager directly from your computer's Control Panels or System Preferences on Windows, Mac and Linux, so that they're even easier to locate and use. We expect users will see these enhancements in the first half of the year and we look forward to getting feedback as we continue to improve the Flash Player Settings Manager.