Microsoft’s Internet Explorer team have added a new system, making it easier to delete Flash cookies, which threaten user privacy. Unfortunately there is a similar problem in Silverlight which seems to be taking a back seat.
Microsoft have been making a big deal of their new system in IE which lets the end user delete Local Shared Objects. Adobe’s Flash has been using these for years and they are a means for companies to track user’s web browsing habits. These are made worse by the fact that they don’t carry an expiration date and can be deleted only by visiting an online settings panel or by installing a third party application. Sadly, they can also be exploited by unscrupulous people to restore previously deleted tracking cookies.
IE can now delete these by using new developments in flash 10.3 which is in beta state right now, but scheduled for release very shortly. The NPAPI ClearSiteData API lets users delete files in the same way that they can erase HTTP cookies, byt using the clear history functionality built into the browsers menu. Firefox and Chrome also support this.
Andy Zeigler, the IE program manager said “This means that when you delete your cookies with Delete Browsing History, Flash Player will automatically clear your Flash cookies as well. We applaud the change. It resolves a longstanding privacy issue.”
While Kitguru has covered this before what many people aren’t aware of is that Silverlight, Microsoft’s ‘take’ on Flash uses an isolated storage system so developers can write, read and delete files inside a virtual file system. In the words of Microsoft Program Manager Justin Van Patten “Isolated storage can be used in the same way as cookies, to maintain state and simple application settings, but it can also be used to save large amounts of data locally on the client.”
In theory, and in the wrong hands, Silverlight could be storing data about end users with no real system in place to check or delete them. IE doesn’t have any tools to look or remove files in Silverlight’s virtual file system.
Microsoft are aware of this and a spokesperson said “Microsoft is considering adding this capability to Silverlight but we have nothing to share at this time. To delete Silverlight cookies, users should visit a webpage that contains a Silverlight Application. Right click on the Silverlight application, and choose ‘Silverlight’ from the drop-down menu. In the new dialogue box select the ‘Application Storage’ tab. Delete all of the content in this box at once or just from the selected site.” At least there is a workaround, even if it is messy.
KitGuru says: Adding removal of Silverlight data within the browser would be a much better system. Hopefully Microsoft add it in a future version.