What Sensitive Personal Data Is The Adobe Flash Player On Your Computer Sharing With Other Companies?
Monday, July 06, 2009
It seems that the Adobe Flash Player stores a lot more sensitive personal data about consumers than many people realize. A technology consultant (and former coworker of mine at Digitas LLc), Steve Brennan wrote:
"Check out the Flash Privacy and Settings "Control Panel" - only viewable on their website. A shocking amount of info is stored by the Flash player on your computer (also note those sites are not deleted when you clear your browser history). Check out the last tab in the interface. I don't like this one bit from a privacy perspective, I've never heard of this control panel before, feels like a sin of omission."
I hadn't heard about this either. I looked at the settings for my Flash player with IE. It is very important for consumers to set their Flash Privacy settings, since some of the settings allow sites to take over the microphone and/or camera on consumers' computers. Privacy settings let consumers specify whether you want applications from a particular Web site to have such access.
It seems that I have to access this Control Panel separately for each browser I have Flash player with. What a pain! This is so consumer-unfriendly because it requires consumers to be experts about the various technologies used on their computer. Steven also wrote:
"I really am shocked by how much info Flash appears to be holding onto, without informing the user or providing an easy way to clear it out. I want to dig deeper and see if it is also storing any info that were entered into flash forms."
I am shocked, too. The storage of personal data and the lack of notice by Adobe feel like an e-mugging to me. This is a data security hole when consumers switch computers. I'll bet that nobody clears out their Flash settings and stored data before they discard an old computer.
Besides the data privacy issues, the Flash development approach by many companies and digital agencies may contribute to the problem:
"One of the larger issues here IMHO is that Flash "programmers" are, by and large, not classically trained programmers and data privacy isn't on their radar. Many are more focused on getting it done and making it look good, which is fine as long as the user is protected. The flash authoring tools don't help on this front either they neither inform nor enforce any best practices with respect to data and privacy."
Adobe should be more vocal and transparent about notifying consumers about their Adobe Flash Player privacy and settings "Control Panel."
The CCleaner utility (registry and privacy cleaning tool) can delete the content left by the various websites. It won't however delete the websites themselves, nor change their privacy settings.
Posted by: Dr. InfoSec™ | Monday, July 06, 2009 at 12:19 PM
What are the recommended settings for the Control Panel to maximize privacy? Or does a user have to visit the Control Panel on a regular basis to clear all settings?
Posted by: Bill G | Monday, July 06, 2009 at 07:45 PM