Object Controls Comparison
Browsers receive and transmit content of many different types – everything from basic text and images to style sheets, scripts, local shared objects (“flash cookies”), and more.1 When the same objects appear repeatedly across different sites, they can be used to track Internet users. When content is requested from a website, the browser sends information, including the computer’s IP address and any cookies associated with the website. Some objects, such as DOM and local shared objects, also allow websites to store information locally even if cookies have been disabled. The comparison below describes browser controls around such objects, plus browser features that can be used to block entire websites from communicating with the browser. The ability for users to create lists of objects to block or allow is also addressed. Some object frameworks, such as Adobe Flash Player, are third party plug-ins. These third party controls are not addressed in this report.2
Object Controls3 | Chrome 6 Beta | Firefox 3.6 / 4.0 Beta 6 | Internet Explorer 8 / 9 Beta | Opera 10.6 | Safari 5 |
---|---|---|---|---|---|
Object types that can be blocked |
|
|
|
|
|
Objects blocked by default |
|
|
|
|
|
Users can create exceptions for specific object instances when that object type has been generally blocked/allowed | Yes | Yes, for images. | Yes, for content blocked using InPrivate Filtering. | Yes7 | No |
Object block settings are persistent | Yes | No | No | Yes | No |
Supports block lists | No8 | No | Yes | Yes | No |
Supports automatic updating of block lists | No | No | No | No | No |
Supports allow lists | No | No | Yes | Yes | No |
Supports automatic updating of allow lists | No | No | No | No | No |
Controls for DOM storage9 |
|
No11 |
|
|
No |
Provides a link to Adobe’s website Storage Settings panel to manage Flash local storage settings | Yes12 | No | No | No | No |
Controls for other local storage13 | No | No | No | No | No |
1 In this report, we refer to all these kinds of content as “objects.”
2 For information on managing Adobe Flash Player, see http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager.html.
3 This chart examines controls that allow users to block or enable objects other than traditional cookies. Browser controls for traditional cookies are explored above. Although third party extensions may exist that provide object controls, this report focuses only on core browser features.
4 Chrome includes DOM storage controls under the cookie control settings (Options-> Under the Hood-> Content Settings-> Cookies).
5 ActiveX controls are supported only by Internet Explorer, so other browsers do not need to block ActiveX.
6 Subdomains are not considered as separate unique domains and do not increase this count. In addition, the setting can be changed to block objects that have been received from a smaller or larger number of sites. The number of times something must be served or requested defaults to 10, but it can be changed to 3-30.
7 Opera provides a graphical interface that enables the user to select specific objects to allow/block on a page.
8 However, Chrome does support pattern based domain blocking.
9 DOM storage, like HTTP cookies, stores data locally. However, unlike cookies, DOM storage makes it easier for websites to access data shared across sites, and DOM storage supports larger data sets.
10 Chrome’s DOM storage settings are part of their cookie control settings.
11 Users can disable DOM storage in Firefox by modifying the configuration file using about:config.
12 Chrome is the only browser that packages Adobe’s Flash as part of the browser. However, Adobe’s Flash is widely used across all browsers.
13 This includes controls for components that store information locally, such as Adobe Flash and Microsoft Silverlight.