Adobe Flash Now Supports InPrivate Browsing


As a web browser, Internet Explorer is a platform for many kinds of add-ons (here are some great examples). IE users generally don’t distinguish between add-ons and Internet Explorer when it comes to performance, reliability, or privacy. They just use IE and expect it to work. That’s why the best add-ons do a good job of integrating with the IE user model, letting customers “just browse”.

Recently, Adobe announced that their latest version of Flash supports InPrivate Browsing. Version 10.1 of Flash will now respond to interfaces we built into IE8 when we first released it. When you browse to a site with Flash, it can store “Flash Cookies”, which are files created by Flash that websites can use to store data. Now, just like your IE history and cookies, these Flash objects will be deleted when you close your InPrivate Browsing window.

We’re really happy to see Flash adopt our InPrivate Browsing feature, and happy to see that they’ve also supported private browsing in Firefox and Chrome as well. Great job Flash team!

Andy Zeigler
Program Manager

Comments (32)

  1. Anonymous says:

    @Daniel – I made the comment about the pr0n videos.  I was being flippant really, because let’s face it, probably 90% of InPrivate use is for adult-related surfing and hiding from the spouse/partner etc.  You raise an extremely valid point I hadn’t considered though, and I’d love an explanation from MS (are you there, Eric?) as to why non-internet access is logged by IE’s history.  It just adds more and more strength to using Firefox/Opera/Chrome/Safari – hell, I’d take Lynx over IE – and why IE should either switch to Webkit and admit Trident is a lost cause, or get out of the browser business altogether.  Go DOJ! 🙂

    I’m using the beta of Opera 10.5 on Windows 7, and it’s so slick my computer slides off the desk.  100% on Acid 3 in just a couple of seconds.  Thumbnailed tabs.  Integrated email client.  True private browsing (for when I’m browsing privates).  Small footprint and I can get it on my Fedora box also.

    Eric Law – please respond to some of these points and give us the REAL line, not just the MS propaganda.

    Before I get flamed to hell and back by certain people (trolls) on here, I’m not a fan-boi of any camp.  I just want a good, reliable, useful, useable system.  I don’t care who provides what, so long as I can do what I need to do.

  2. Anonymous says:

    [rant]

    How ’bout you focus on fixing the actual rendering of the web-pages before you start messing around with random features that nobody actually cares about? – And I arrive at that statistic – nobody – by the fact that about the only people who would care about such features are more… advanced users. And seeing as the more advanced users usually know better than to use IE… well you get my drift.

    I’m sick of spending as much time creating IE workarounds as I did on the original, standard code! (And yes, I just spent most of my night trying to fix a CSS IE8 regression bug… only to find IT’S NOT POSSIBLE!)

    I don’t get it, really. Why are you guys even bothering to maintain IE? It’s not like it’s making you any money (or is it?). It has (and anybody who denies this needs a serious reality check) by far the worst rendering capabilities of all the major browsers… If there was a fair competition going, IE would have died out years ago.

    Why can’t you just give it a rest and release the death-grip you have over the internet? We’d be like a decade further in terms of internet technology if you had just let go after IE6 and started shipping Windows with Firefox/Opera/Safari. – Or better yet, just adopt one of the far superior OPEN SOURCE rendering engines. Hell, with you guys on board, any one of them would probably speed up in development enough to make up for the damage IE has caused in no time.

    And no… I am not a anti-Microsoft/Unix-fanboy/Mac-something/etc… I actually like the stuff Microsoft does right (even thinking about buying Win7 and getting into .Net development, actually). This damn browser is just… so annoying. I don’t even use the damn thing and it is still driving me mad!

    [/rant]

    … OK. I’ll leave it at that. Sorry if I sound a tad annoyed but, well, I am.

    O and, P.S.

    Cudoz to Adobe… How bout a couple of much needed performance fixes next? Or perhaps a little love for the Linux crowd? – Sorry, but until I can run a HD youtube video without worrying about my RAM overloading and blowing up in my face… I won’t be able to do much better than that.

  3. George Wurst says:

    Interesting, but are these Flash cookies still global?

  4. George Wurst says:

    What I meant in the previous question was: Are Flash cookies still shared between browsers if created in a IE tab which currently is in InPrivate mode?

  5. john says:

    After install flash 10.1, I got error when opening new tab:

    ******************

    Webpage error details

    User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)

    Timestamp: Fri, 12 Feb 2010 08:11:52 UTC

    Message: Element not found.

    Line: 144

    Char: 1

    Code: 0

    URI: res://ieframe.dll/tabswelcome.htm

    ******************

    Reset function in option doesn’t work, can anyone help?

  6. usearchme says:

    Its good that they are supporting this, I didnt realise they werent to be honest lol, the in prvate browseing is always handy if your in an internet cafe or something, thus avoiding leaving any passwords or usernames on any machines, I suppose if you need to log in via flash applications you can do the same now !

  7. spieleonline says:

    “Great job Flash team” …this should be the future!

  8. elBarto says:

    Finally! (er.. will have been finally or whatever appropriate tense given 10.1 is not yet released).

  9. K says:

    Given the evolving general consensus that IE and Flash are both dying slowly, this headline was funny to me because my first thought was how cute it was that IE and Flash were going out as partners…

    Then I read it. Flash cookies? Is this issue not addressed with other browsers’ private modes?

  10. Just me says:

    Great! Now my PornoTube viewing can be hidden too 😉

  11. Prum says:

    re: Adobe Flash Now Supports InPrivate Browsing

  12. Mitch 74 says:

    @K: IE 8 does InPrivate by deleting your session’s data (and I guess that since previous Flash versions didn’t allow IE to track what data it wrote to disk, Flash cookies couldn’t be erased).

    Firefox just doesn’t write _anything_ to disk when in private mode – as a matter of fact, it saves your regular session, closes it, start a new one in RAM only, and goes from here. It will use your cache in read mode only, and store whatever data it downloads in RAM – and purge that part when the private session ends (and with the RAM controller added in 3.0, which does scrubbing and defragmenting, I would say that said RAM gets quickly overwritten).

    One inconvenient in Firefox’s method is that it doesn’t allow you to mix ‘non-private’ and private tabs; one advantage is that the only way to recover data from a private browsing session, is from RAM. That’s quite private indeed.

    In IE, "private" data can be recovered with disk recovery utilities. This was rather decried during IE 8’s beta test, but not fixed. Let’s hope it’ll be better in IE 9.

  13. Daniel says:

    @Just me – don’t think that your video watching is entirely private.  If you watch any downloaded content from IE or any browser using Windows Media Player (even if IE8 isn’t even open!) you are actually exposing your viewing history to Internet Explorer.

    official bug disclosure details:

    http://webbugtrack.blogspot.com/2009/02/bug-519-ie8-inprivatewindows-media.html

    It highlights the bigger bug in Internet Explorer that attempting to tie IE to the underlying operating system (windows) has caused more problems than what it solved (getting out of the DOJ lawsuit).

    Brad Colbow (for SmashingMagazine) pointed out this flaw in his great IE6 comic – "The Life, Times (and Death?) of Internet Explorer 6"

    comic:

    http://media.smashingmagazine.com/cdn_smash/wp-content/uploads/2010/02/ie6_one.jpg

    Back on topic – IE suffers because it is tied to the Operating System.  When you open files in Windows IE keeps track of these "local" files as part of the history even though they have absolutely nothing to do with your web browsing history.

    I personally wouldn’t even consider using IE for any private browsing of any kind due to these flaws.

    Only when the private session data is stored in RAM and IE is de-coupled from the Operating System would I ever TRUST IE as a browser for Private Browsing.

  14. helfman says:

    So now that the new Windows phones have been announced and we can see from the screenshots that Internet Explorer was still used as the browser vs. Webkit, Gecko or Opera mobile can you indicate what is actually running under the hood?

    Is it using the core IE8 engine running in full standards mode? or is it using a build from the IE9 code stream?

    Please tell us that it isn’t using a code fork from IE5 or IE6! There is no way on earth I’m going to support a mobile IE less than 8.

    So, what’s the story?

  15. helfman says:

    I did find this from the presentation:

    "The browser that’s built in to new Windows Phone 7 Series devices is a much more advanced browser than any we’ve shipped on a phone before. It’s based on the desktop Internet Explorer code, so it’s highly compatible with tons and tons of Web pages, and it performs really well, as well."

    from almost half way down this transcript:

    http://www.microsoft.com/presspass/exec/steve/2010/02-15MWC.mspx

    However saying that it is more advanced than any browser that MS has shipped on a phone before doesn’t really say much when the existing IE browsers on phones are dead last in terms of quality, standards support and performance.

    Please make a ***crystal clear*** statement… exactly which version/fork of IE will the Windows Phone 7 series ship with?

    thanks

  16. windows team blog fail says:

    Well I was going to go on the Windows Team Blog (since the mobile one is dead now) and post a comment about the Windows Phone 7 release but the comments are just full of pingback’s from other Windows sites – big fail.

    Thus I’ll post my question here.

    ——–

    I do like that the Windows Phone puts "search" as a primary hardware key on the device however defaulting it to Bing seems like a major "ugh" moment in the attempt to promote MS services.

    Do I presume correctly that this "default" can be overridden so that better services can be used? e.g. Google has been king of search for a decade now for a reason – I don’t have any intentions of switching any time soon.  Therefore the question is can I change this in the settings somewhere or is it seriously hard-coded in the device? (read: Thanks but NO-SALE)

  17. Dave says:

    I’m still to be convinced on the UI for Windows Mobile 7 (Windows Phone sounds a bit too short sighted, surely MS would be happy if someone put it on a slate/pad too). I think it places looks over function and ease of use. However, I do think it’ll sell well but mostly to the younger demographic.

    Anyway, me, I’d just like to know more about the browser in WM7, as it’s supposedly based on the desktop browser then you’re the team to ask. I’d love to know the features that are available and the standards that are supported. Also will it be possible to replace the browser, Firefox mobile looks very promising.

    Most importantly though, can you confirm that any work on the mobile IE won’t be at the expense of the desktop IE, you’re doing a good job catching up with the competition that it’d be a shame if you’d get left behind.

    Many apple users feel that the desktop is getting neglected to focus on mobile platforms, please don’t fall into the same trap.

  18. yo quisiera crear un blog para una cooperativa como hago quisiera si se puede respuesta en español

  19. design-horloges says:

    Great work from Flash. By adding this feature it shows that the people form Flash also recognize the added value of the InPrivate mode.

  20. bradley says:

    So Windows Phone 7 (WP7) has been announced and the initial videos show "ok" performance and some touch-drag issues that will likely be figured out by launch date.  However there were many specifics left out of the discussion (several mentioned above).

    1.) What version of IE is it running

    2.) Can multiple apps run at once/save state similar to the iPhone

    3.) We’ve heard no flash in version 1… does that mean version 2 will have it?

    4.) Can the Bing button be overridden to use Google, Yahoo, or whatever

    5.) Ditto for maps integration

    6.) Copy & Paste supported?

    7.) Will it support Ogg Vorbis?Audio and Video?

    8.) Will game developers *have* to go through XBox Live? or can they develop outside that model?

    9.) Battery life? – previous winmobile devices have sucked power like a V8… presumably WP7 will only sip the fuel?

  21. game over says:

    With RIM announcing that they will start shipping BlackBerry’s with the WebKit browser technology they aquired from Touch Browser the game is over.

    Article:

    http://tnerd.com/2010/02/16/rim-announces-web-kit-browser-tries-to-keep-pace-with-the-competition/

    Anyone developing for the Mobile Web can’t afford not to be using Web Standards and taking advantage of HTML5 capabilities.

    Unfortunately MSFT’s silence on this blog indicates that they have **NOT** updated the Windows Phone 7 to include a pre-IE9 browser and thus they are still stuck in the IE6 land of incompatibility.

    Its amazing how the Mobile technology of browsers that aren’t tied to the OS is actually what ended up knocking IE of the desktop throne forever.

    Long live Web Standards! Sayonara IE!

  22. Bryan says:

    More comprehensive privacy is always welcome–although the in-memory mechanisms described above do sound like they’d be more secure. What about "Delete Browsing History"? Do you provide a means for add-ons to hook into that interface? And, if so, has Adobe done the work necessary to clear cookies when a user deletes temporary files? Thanks!

  23. ieblog says:

    @Bryan, this article: http://blogs.msdn.com/ieinternals/archive/2009/06/30/IE8-Privacy-APIs-for-Addons.aspx explains how to integrate an addon with the Delete Browsing history feature.

    As for the threats against forensic recovery of hard disks, it’s important to consider that the virtual memory architecture in modern operating systems means that pretty much any memory page can be swapped to disk at an arbitrary time, meaning that it’s not safe to assume that data cannot be recovered from memory, even if a browser’s addons elected not to persist data to disk directly. For such environments, secured hardware and full drive encryption (e.g. Bitlocker) is called for, depending on the adversary.

  24. hAl says:

    @helfman

    As WM 6.5 is equiped with IE Mobile 8.12 it seems likely that Windows Phone 7 will be shipped with IE Mobile 9.x.

    So expect a mobile version that resuses many elements from it’s desktop brother.

  25. victor says:

    @hAl – interesting.  The version # on WM6.5 then suggests that it is similar to desktop IE8 with a bit more.  This totally contradicts my testing which showed several deficiencies in the Mobile IE that would make it an applicable target browser.

    Wikipedia still reflects my testing that Mobile IE is just IE6 with some additional bits.

    http://en.wikipedia.org/wiki/Mobile_ie

    "Internet Explorer Mobile 6 was released as part of Windows Mobile 6.5."

    more importantly though is what will ship in Windows phone 7.  Will it be a respectable browser?

  26. Mitch 74 says:

    @ieblog: it’s true that virtual memory may still cause this data to be written to disk.

    However, for those very paranoid people, disabling virtual memory would solve the problem in Firefox’s case (no virtual memory = no writes to disk at all).

    Not with IE.

    That Windows makes managing your virtual memory a pain is one thing (disk thrashing when RAM is far from full, need to reboot the machine to disable/enable virtual memory…).

    But even for those of us that manage to do that, IE makes completely private browsing impossible: you merely need to crash IE’s processes to access that ‘private’ data (since IE isn’t there to delete these files anymore); if that doesn’t work, the only forensic tool needed is ‘undelete’.

    In the case of virtual RAM, you need to dump the file’s content and then look through it to see where the data you’re looking for is stored.

    Let’s take two examples: a savvy IE user in Windows, a Firefox user on GNU/Linux (or Mac).

    The safest scenario for W would be:

    – Disable swap.

    – Reboot.

    – Start InPrivate.

    – End InPrivate.

    – Re-enable swap.

    – Reboot.

    IE 8 still wrote data to disk. Also notice that this required two reboots (and a reboot might mean, rootkit infection taking place, and disk data dump, etc).

    The safest scenario for GNU/L would be:

    – Disable swap (say, ‘sudo swapoff -a’).

    – Start Private Browsing.

    – End Private Browsing.

    – Re-enable swap (say, ‘sudo swapon -a’).

    Firefox wrote NOTHING to disk. Also, this required zero reboot. The only way to copy what’s in Firefox’s Private Browsing session would be a can of nitrogen to freeze the computer’s RAM stick before Firefox ends the private browsing session, and dump the content of these RAM sticks in another machine.

    Please note that Firefox on Windows would do the same, but with two extra reboots (that’s a Windows limitation).

    It’s a bit more involved than an undelete tool. At the very least, it requires physical access to the machine.

  27. hAl says:

    @victor

    The IE Mobile version naming does not seems to represent a relation between the desktop and mobile browser code base.

  28. Harry Richter says:

    @Mitch 74

    …sometimes it really pays off to read the whole post!

    If you do that you will find that the safest Windows scenario is:

    – When you set up the machine you use for surfing, you enable BitLocker on the drive where your swap-file and your temporary internet files are located (Note: if you do not want the whole system partition to be encrypted you can move those files to a different partition and encrypt only that partition). You only have to do that once, and it takes about 5 minutes, so that should not be a problem.

    – start InPrivate browsing session

    – end InPrivate browsing session

    Now even if the IE process is forcibly killed, you’re still safe, because the fragments in the swap-file are still encrypted. Of course you might be a member of the "NSA has a backdoor to everything Club" and still believe you’re NOT safe, but in this case I can’t help you any further than to point you to a psychiatrist.

    The biggest advantage of this scenario is: you only need a "a savvy IE user in Windows" to setup your machine. Even the most stupid user is safe after.

    …and yes, I know there are versions of Windows out there, that do not have BitLocker. For those who are paranoid enough or who actually NEED InPrivate (because of the sites they visit, or because of the places they use the internet from) there are 3rd party tools out there who accomplish the same thing, or an "Anytime Upgrade" might be advisable.

    Cheers

    Harry

    P.S.: any spelling mistakes you might find need not be returned! ;-)))

  29. Jacky says:

    Interesting …now Porn viewing can be hidden:)

  30. Mitch 74 says:

    @Harry: as you said, BitLocker isn’t available on lower versions of Vista/7, only professional and higher. So it’s not an realistic option. You also can’t upgrade from home editions to pro, requiring you to fork over lots of cash for Ultimate in Anytime Upgrade – only to work around an IE limitation. If you’ve got Starter on a netbook, you’ll spend as much (or more) on the Anytime Upgrade as you spent on the device itself. That’s one expensive browser.

    Strike one.

    Encryption can be broken. Any rootkit could also catch the encryption key used to perform the write, and make breaking the encryption a non-event. No need for NSA paranoia.

    Strike two.

    Once you get Bitlocker (1) and disregard the failings of encryption (2), you need to repartition your hard disk drive and encrypt a part of it just for your swap file, AND go and tinker with the registry to force IE to save its data on that same partition.

    Either that, or you’ll move your entire Users directory to an encrypted partition.

    This will require some rather advanced technical competence to do, and as all operations that deal with a disk’s structure, is risky.

    Strike three.

    Encryption requires CPU power. If you’re using a netbook, your CPU will drain your battery faster since it’ll have more operations to perform. Atom doesn’t include Intel’s encryption instructions. If you’ve encrypted your swap and temp files (arguably the most volatile pieces of data a computer uses), your CPU will spend its time decoding and encoding data.

    Strike four, you’re out :p

    So, your solution is potentially expensive, surely a performance killer, not exactly as efficient, and sure as heck unwieldy to implement. But it is for sure the most private IE on Windows solution yet.

    Too bad it’s so complicated and expensive.

  31. Ian says:

    Lets be serious – if you want private browsing – you don’t want IE.  There are too many published flaws with IE’s privacy and security to take it seriously.

    Add now that you need to install the Google Frame Plugin to get pages to render properly in IE the confusion continues.  There are many that say that this extends the attack surface and even more (including myself) that feel this extends the security (you need to break the Google Chrome/WebKit security before you can even try to break the IE security).

    However either way you need to ask yourself… If the best way to use IE is to install another browser inside it – it doesn’t make IE look like a good browser at all.

    It still blows my mind that so many people haven’t switched from IE yet.

    PS PLEASE FIX YOUR CAPTCHA – ITS BROKEN!

  32. Ted says:

    Please let me right click on flash widgits and just regular png/jpegs to block them via in private filtering.

    Blocking both the image and the collapsing the surrounding box would greatly help for html pages that set the surrounding box size for an image.  IE 8 keeps that dead space on the visible web page.

Skip to main content