Accessibility
Jimson Xu

Jimson Xu

Adobe

Tom Nguyen

Tom Nguyen

Adobe

Created:
18 January 2010
Modified:
1 March 2010
User Level:
Intermediate, Advanced
Products:
Flash Player

Private browsing in Flash Player 10.1

For times when you want to keep the sites that you visit private, Adobe Flash Player 10.1 supports the private browsing mode found in many web browsers. Private browsing lets you browse the web without storing any history on your computer. Integrating with your web browser, Flash Player 10.1 will automatically clear stored data in accordance with your browser's private browsing settings.

The first two sections of this article are aimed at general users of Flash Player, describing what private browsing is, and which browsers currently support this feature and integrate with Flash Player.

The third section is aimed at advanced users and describes subtle changes introduced with private browsing in Flash Player 10.1. Finally, for developers, the last section of the article details technical changes to keep in mind regarding local storage (local shared objects) and private browsing support in Flash Player 10.1.

What is private browsing?

Web browsers typically remember sites that you have previously visited or the name and password used for favorite sites—a history of sites that you visit—to help you quickly retrace your steps online. For occasions when you do not want other people using the same computer to see your history, many browsers offer a "private browsing" mode. When you turn on private browsing, these browsers will not remember any history, allowing you to hide your activity from other users sharing the same machine and browser.

When you use private browsing mode (during a private browsing "session"), the web browser stores several types of information only temporarily. Once you end the session, the browser will delete that data, including the record of your visit in the browser's history, cookies, and cached image files. This keeps your browsing session private from other people that may use the same computer. This contrasts with normal browsing, where the browser remembers history that you can use even after you've restarted your browser.

With Flash Player 10.1 private browsing support, Flash Player will automatically clear any data it might store during a private browsing session, helping to keep your history private.

Note: With some content, private browsing may cause unexpected behavior because Flash Player clears data that the content expects to remember. Keep that in mind when using this privacy feature.

Browsers that support private browsing

At the time of this writing, the following browsers support private browsing:

  • Internet Explorer 8.0+
  • Mozilla Firefox 3.5+
  • Apple Safari 2.0+
  • Google Chrome 1.0+

(Source: Wikipedia, Private browsing)

All of these browsers support Flash Player 10.1 private browsing integration except for Safari. Flash Player private browsing support will be enabled with a future release of Safari. Note that the Flash Player behavior changes discussed in this article only apply to supported browsers.

For advanced users: Private browsing and Flash Player 10.1

Prior to Flash Player 10.1, the player behaved the same whether the browser was in private browsing or not. Browsers could clear browser data temporarily stored during a private browsing session, such as cookies and history, but they were unaware of the data stored in Flash Player local storage (also known as local shared objects or LSOs). To keep your information safe, information in Flash Player local storage is stored on a site-by-site basis—so that one website can never see information from another website. However, storing information on a site-by-site basis can leave a history of previously visited sites that have used local storage.

Starting with Flash Player 10.1, Flash Player actively supports the browser's private browsing mode, managing data in local storage so that it is consistent with private browsing. So when a private browsing session ends, Flash Player will automatically clear any corresponding data in local storage.

Additionally, Flash Player separates the local storage used in normal browsing from the local storage used during private browsing. So when you enter private browsing mode, sites that you previously visited will not be able to see information they saved on your computer during normal browsing. For example, if you saved your login and password in a web application powered by Flash during normal browsing, the site won't remember that information when you visit the site under private browsing, keeping your identity private.

Changes to Settings panel and Settings Manager functionality

Flash Player gives you control over your experience, enabling you to change settings through the Settings panel and the global Settings Manager. These will behave somewhat differently when you access them in private browsing mode.

Settings panel

The Settings panel lets you change settings for a specific piece of content running in Flash Player (also known as a SWF file) or the site where that content came from. For example, you might access the Settings panel to allow a website to use your camera or microphone. Open the Settings panel by right-clicking the SWF content and choosing "Settings..." from the context menu (note that the SWF file must have a size of at least 215 × 138 pixels to have space to display the panel). Figure 1 shows the context menu.

The

Figure 1. Flash Player context menu

Flash Player does not save any information—including settings—in private browsing mode, since this information might reveal sites that you visited while using private browsing. Accordingly, settings options will be hidden. Tabs that modify domain-specific settings such as privacy (camera and microphone access) and local storage will not be displayed. Since you cannot set domain-specific settings in private browsing mode, Flash Player will use default settings from the global Settings Manager.

Local storage and the Global Settings Manager

In private browsing mode, Flash Player will prevent content from requesting additional local storage, since Flash Player does not save any settings during private browsing mode. The default local storage limit of 100 KB still applies in private browsing. This storage is deleted when you end the private browsing session.

You can modify this limit using the global Settings Manager, under "Global Storage Settings" (see Figure 2). In Flash Player 10.1, open the Settings Manager by right-clicking a SWF file and choosing Global Settings from the context menu shown in Figure 1. The Settings Manager can also be accessed at adobe.com/go/settingsmanager.

Global Storage Settings Panel in Settings Manager

Figure 2. Global Storage Settings panel in the Settings Manager

The global Settings Manager controls settings that affect all content powered by Flash Player across all browsers on your machine. However, note that it only reflects domain settings from normal browsing mode and does not display information set or used during private browsing. Therefore, the Website Privacy Settings panel and the Website Storage Settings panel seen in the global Settings Manager do not apply to private browsing.

Camera and microphone

You can still use your camera and microphone in private browsing mode. By default, the global Settings Manager is set to always ask, so when you visit a site that uses camera and/or microphone, the camera and microphone dialog box will appear and request permission to access the camera and microphone. (If you never want to see this request, and thus always deny use of your camera and mic, you can set the global setting to always deny.)

For developers: Changes to Flash Player 10.1 local storage and settings in private browsing

The remainder of this article is aimed at developers creating content for Flash Player. Support for private browsing introduces changes that may impact developers using local storage (local shared objects, or LSOs). The following changes apply only when the browser is in private browsing mode.

Because users should be in control of how they want to view content, there is no way for developers to turn private browsing support on or off through ActionScript, and there is no ActionScript API to determine if private browsing mode is enabled.

Accordingly, if you are developing content that uses local storage, keep the following in mind:

Settings panel

Note the changes to the Settings panel behavior described earlier in the article. Also, note that the hidden Settings panel tabs cannot be shown using ActionScript through the showSettings() API. If Flash Player is in private browsing mode, and a hidden tab is requested via showSettings(), the default Video Display tab is shown instead.

Flash Player instances cannot change browsing modes

Browsers vary greatly in their implementation of private browsing. Some spawn an entirely new window in private browsing. Some close your current session and spawn a new private browsing session. And some switch modes in place. Flash Player strives to provide a consistent experience in all supported environments. To accomplish this, Flash Player adheres to the strictest policy, and an instance of Flash Player will maintain the same private browsing state throughout its lifetime.

Upon creation, a Flash Player instance initializes to the current browsing mode of the browser. If the browser is in private browsing mode when the Flash Player instance is created, then that particular instance will forever be in private browsing mode. Likewise, if the browser is in normal browsing mode when the Flash Player instance is created, then that particular instance will forever be in normal browsing mode (private browsing is turned off). Accordingly, toggling private browsing on or off without refreshing the page or closing the private browsing window will not impact Flash Player.

Restricted access to local storage data

Instead of saving local storage (local shared objects, or LSOs) on disk as it does during normal browsing, Flash Player stores LSOs in memory during private browsing. When you enter private browsing mode, this private browsing LSO store in memory is empty and you cannot access any existing LSOs on disk. This separates the temporary private browsing LSOs from your normal LSOs.

For example, suppose you're browsing normally (private browsing mode is off), you get to level 42 of a Flash-based game, and the game saves the level you're at in an LSO. Later, you enter private browsing mode and return to the game. Now that you're in private browsing mode, the game cannot read the value that was stored on disk during normal browsing. The game will behave as if you have never played it before, and will not remember your saved level.

In addition, any LSOs created during private browsing sessions cannot be accessed from normal browsing sessions. And as soon as the private browsing session ends, all private browsing LSOs are cleared.

Private browsing LSOs may not be accessible from different Flash Player instances

In private browsing, Flash Player guarantees that a single instance of Flash Player can access its own LSOs. However, because of the inconsistencies between browsers, the player cannot guarantee access to LSOs stored from other instances of Flash Player during a private browsing session. And in some browsers, reloading a page clears private browsing LSOs because a new instance of Flash Player is created.

Flash Player has always allowed users to clear their LSOs at any time, but private browsing support makes this scenario more common. Plan for different behavior around LSOs when users enable private browsing. Add failure handling logic that is prepared for cleared LSOs to resolve those cases properly.

Where to go from here

Private browsing is a useful tool for users who wish to exercise privacy on a shared computer or want to surf the web without storing any information about which sites or pages they have visited. Now with Flash Player 10.1, content that runs in Flash Player also supports private browsing and follows the same model, so that any data that is stored is cleared after the session ends. When using this privacy feature, keep in mind that content unprepared for private browsing may not behave as expected.

If you have problems or enhancement requests, please contact Adobe by filing a bug in our public Flash Player bug and issue management system. This is the best and fastest way to have the issue looked at by the Flash Player team. For more information, read Introducing the Flash Player bug and issue management system.

Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial 3.0 Unported License.

About the authors

Jimson Xu is an engineer on the Flash Player team at Adobe Systems. He graduated from Cal Poly San Luis Obispo where he obtained his BS in Computer Science. At Cal Poly, Jimson was part of the administrative council of the Cal Poly Linux Users Group. There he helped promote Linux awareness and provided Linux help to the campus.

Tom Nguyen is the product manager for Flash Player at Adobe Systems, where he is focused on video and developing rich platforms to help individuals and organizations reach more people with their great ideas. Prior to joining Adobe, Tom managed social media and innovation strategy projects at Reuters in the US and Europe. He was selected as an Emmy Award finalist for his work in interactive television, holds a BS in Computer Science from Stanford University, and is an MBA and MA in Education candidate at Stanford. Tom enjoys wilderness backpacking, unfamiliar foods, and the occasional vintage paper fair.