Browser Privacy Test 133
lazyforker writes "A NYTimes blog post reports the results of security researcher Kate McKinley's tests of various browsers' (FireFox, Chrome, IE, Safari) privacy protection mechanisms. Specifically she tested their cookie handling. She also examined their handling of Flash's cookies. In summary: Safari on Mac OS X (in the 'private browsing' mode) is not so private ('quirky'). Safari on XP is not private at all. Flash behaves awfully everywhere."
Re:One word (Score:5, Insightful)
NoScript works too but I find it sort of annoying because it stops half the web from working.
Exactly why I love it. Half the web annoys me.
Re:Who is Kate McKinley? (Score:2, Insightful)
First links I tried, after reading the header of the paper, saying:
would be ... I don't know, maybe http://en.wikipedia.org/wiki/@stake [wikipedia.org] ;-) ?
Re:Who is Kate McKinley? (Score:4, Insightful)
That and the way the paper is written makes me suspicious as well.
Re:Flash (Score:4, Insightful)
Good heavens, someone is wrong on the Internet!
SWF is open, and we can glimpse the Flash Player's innards in Tamarin- but none of that even matters.
Pragmatically, is there a really important reason why you want the Flash Player to be entirely open? Would an open source Flash Player really be a better working piece of software than what we've got now?
Also, the Flash Player has support for screen readers and SEO indexing. Flash has support for lots of things that just aren't implemented in 90% of the SWFs you'll come across. A poorly scripted program says little about the platform it runs on. You wouldn't blame the Mozilla Foundation for bad websites, would you? That wouldn't make any sense.
I agree that Flash is not a standard, although wide adoption of SWF as a web standard is possibly a stronger motivation for Adobe to clean up the player than any competitive pressure that Silverlight may provide. And despite not being a standard, people will continue to use Flash to create web content, because it is a successful medium.
Just not the right medium for handling online banking. Wrong tool for that task. (Sorry Arcot.)
Re:Microsoft is Still Evil! Hurray! (Score:5, Insightful)
I like your logic: Aside from a single tile, Columbia's last mission went flawlessly.
Seriously, though: you've underlined the single greatest problem in computer security today - what we don't see can hurt us. I've written about this [imagicity.com] at greater length elsewhere, but to put it simply, privacy is the battleground of our decade.
The struggle to come to terms with privacy will manifest itself in the legal, moral and ethical arenas, but it arises now because of technology and the cavalier approach that the vast majority of people take to it.
The ramifications of our ability to transmit, access and synthesise vast amounts of data using technology are consistently underestimated by people because of the simple fact that, as far as they're concerned, they are sitting in the relative privacy of their own room with nothing but the computer screen as an intermediary.
On the consumer side of things, this creates what Schneier calls a Market for Lemons [imagicity.com] in which the substance of the product becomes less valuable than its appearance. As long as we have the illusion of security, we don't worry about the lack of real protection.
On the institutional side, we see countless petty abuses of people's privacy. There is nothing stopping a low-level employee from watching this data simply out of prurient interest. In fact, this kind of abuse happens almost every time comprehensive surveillance is conducted. In a famous example, low-level staffers in the US National Security Agency would regularly listen in [go.com] on romantic conversations between soldiers serving in Iraq and their wives at home. The practice became so common that some even created 'Greatest Hits' compilations of their favourites and shared them with other staffers.
They would never have done so had the people in question been in the room, but because the experience is intermediated by an impersonal computer screen, which can inflict no retribution on them, their worst instincts get the better of them.
When discussing software in the 21st Century, we cannot ever treat privacy as just one incidental aspect of a greater system. Privacy defines the system. Starting an argument by throwing it aside in the first subordinate clause gives little weight to any argument that follows.
Re:Flash (Score:2, Insightful)
Would an open source Flash Player really be a better working piece of software than what we've got now?
If it respected my 'zero animations' browser setting, yes it would be. If it had a working 'STOP' button, yes it would be. If it had simple, basic functionality of Flashblock, yes it would be.
Re:One word (Score:3, Insightful)
Re:One word (Score:3, Insightful)
More like 90%. it's actually less annoying to "Temporarily allow all of this page" when necessary than it is the other way around.
Re:Who is Kate McKinley? (Score:4, Insightful)
Well, yes, yes you could. Why on earth does the author of the paper have to be on Google or Wikipedia? All the information you need is in the paper itself including an explanation of the methodology and _the freaking damn code itself_!
Safari's privacy mode is for local privacy (Score:3, Insightful)