Sign up to our newsletter
The latest security news direct to your inbox
I didn’t expect a part 5, but here it is! Adobe has announced that they will be making some significant changes to Flash. In a blog post http://blogs.adobe.com/flashplatform/2011/01/on-improving-privacy-managing-local-storage-in-flash-player.html Adobe’s marketing machine really pours it on thick, but there appears to be some good news.
In the blog it is stat4ed that a future release of Flash will allow for local and easier control of Flash player settings. Currently you have to use the configuration file or go to the Flash Settings manager on the web. The new version is not here yet, but it has been overdue for a very long time. Also with Flash version 10.1 if you use the private browsing mode of Internet Explorer, Chrome, Firefox, or Safari, Flash will delete the LSOs when you close your browser.
A future version of Flash will also support a privacy standard that will appear in newer versions of web browsers and allow for much easier clearing of stored personal data. This is all good news, but I question if Adobe is really going to deliver. The tone of the blog shows that Adobe is still in denial.
Adobe’s Emmy Huan states in the blog that “For Flash Player, the default amount of disk storage space is minimal – the LSO is at most three-hundredths the size of a typical MP3.” While this may be true, an LSO can store massively more personal information that a traditional cookie and that is what is at issue.
In another statement about new version of flash Huan states “We expect users will see these enhancements in the first half of the year and we look forward to getting feedback as we continue to improve the Flash Player Settings Manager.” The truth is you cannot continue what you have not started. I would state that there has been no significant improvement in the Flash Settings Manager in a long time, if ever.
Adobe needs to fix updating for Flash as well. Checking for updates every 7 days is not enough and there should be an option to check for updates immediately.
2011 is shaping up to become the year that privacy comes out of its internet closet. With a looming threat of legislation in the US, Adobe, Google, Microsoft and other companies are beginning to pay a bit more attention to privacy and user choice.
Director of Technical Education
Cyber Threat Analysis Center – ESET LLC
Author ESET Research, ESET