by Ryan Naraine
January 2nd, 2009 @ 11:53 am

Third party plug-ins like Adobe Flash do a poor job of cleaning traces of your browser sessions, rendering private-browsing features somewhat useless, according to a new study by researcher Katherine McKinley.

McKinley, a researcher at iSec Partners, created a tool for testing the functionality of clearing private data after a browser session and browsing in private mode and found that some browsers — most notably Apple’s Safari for Windows — do a poor job of wiping traces of a browser session. McKinley warns (.pdf):

Third party plug-ins like Adobe Flash, which is far more popular than any individual browser or platform, seem to undermine the data protection schemes offered by all common browsers, however. While browsers are introducing more features with privacy implications, such as persistent local storage, they have mostly integrated the management of this type of information into a single location.

When users want to ensure their privacy with respect to information stored via the browser standard methods, they can go to a single location to clear the data, use a separate browser, or use a working private browsing mode, if available. Plug-ins need to take extra steps to ensure the privacy of their users. The clear best practices in this area, as exemplified by Google’s Gears, prompts users before allowing a site to store data on their system, holds a per-browser data store, and integrates their management UI into the browser UI.