OUseful.Info, the blog…

Trying to find useful things to do with emerging technologies in open education

Why Private Browsing Isn’t…

One of the features of the latest crop of browsers is a ‘private browsing’ mode (aka the porn mode) in which cookies and URL histories form a browsing session are discarded at the end of the session, leaving ‘no trace’.


Whilst watching the BBC iPlayer last night, I got fed up with the programme stalling (too many open apps, etc etc) so I decided to move to another browser. On going to the appropriate progamme page, I had the option to “Resume” the programme at the point I had just stopped watching it in the other browser.

A quick tweet asking how this might work was met with the response that iPlayer was probably making use of “Stored Objects, Flash’s equivalent of cookies”, as confirmed (I think?!) by @dansumption.

That is: when you visit a website, most browsers are capable of storing a small amount of data (known as a cookie) specified by the website. This might include a unique identifier that allows the website to recognise you when you visit the site again using the same browser, for example, or store personalisation information for you. Third party cookies allow adservers to recognise who you are when you wander across different websites, too. (A brief into to cookies can be found on the OpenLearn site: What are cookies?.)

If you don’t want a website to be able to recognise you if you revisit it, you can either block the cookies it wants to set, or delete the cookies it has set in a previous session. Private browsing handles this for you automatically.

Another thing that browsers do is maintain a history of websites that you have visited. Once again, private browsing steps in here to prevent the browser from remembering what sites you have visited during a private browsing session. And finally, private browsing doesn’t keep track of any searches you might have made in the private browsing session using the browser’s built in search box.

Whilst there are still traces all over the place of the sites you have visited, from the firewall log on your computer or your broadband router box to your ISP, if you were browsing within a private browsing session, you might expect that at least your computer would remain ‘free of evidence’ about what you had been searching for, or which sites you had visited (along with removing any tell tale cookies they may otherwise have left behind).

Well, as the BBC iPlayer cross-browser ‘Resume programme’ facility, suggests: no.

Many sites that use Flash, (BBC iPlayer included) make use of Flash Stored objects which sit outside the control (for now at least, and as I understand it) a browser’s private history mode. I’m guessing it also sits outside the scope of a browser’s ‘clear cookies’ and ‘clear history’ actions?

If you’re intrigued about what flash ‘cookies’ you might have set on your computer, you can inspect them (and delete them) using this Adobe tool: Flash Player: Website Storage Settings panel

Anyway, if you run info skills courses, it’s maybe to one to remember…

PS we may not need Flash for much longer anyway, as Mike Ellis suggested when I pointed him to this rather wonderful site demoing the power of CSS in a modern browser: Text ShadowCSS effect;-)

PPS see also When Delete Doesn’t

Written by Tony Hirst

July 15, 2009 at 12:52 pm

Posted in Infoskills

21 Responses

Subscribe to comments with RSS.

  1. […] Why Private Browsing Isn’t… « OUseful.Info, the blog… […]

  2. […] Why Private Browsing Isn’t… « OUseful.Info, the blog… […]

  3. […] Why Private Browsing Isn’t… « OUseful.Info, the blog… […]

  4. […] Why Private Browsing Isn’t… « OUseful.Info, the blog… […]

  5. […] Why Private Browsing Isn’t… « OUseful.Info, the blog… […]

  6. In Firefox, use the “Better Privacy” addon to remove Flash cookies.


    July 15, 2009 at 3:25 pm

    • @David, i am having difficulty in deleting Flash Cookies and caches. Where can I download this “Better Privacy” addon? I am using Internet Explorer, not Firefox. Your response would be much appreciated. Thanks!


      November 17, 2009 at 6:52 am

  7. Or consider using Gnash. It gives you control over what Flash is doing on your system. Of course it isn’t completely compatible, but I’m assuming anyone who reads this values privacy more than bouncing pictures.


    July 15, 2009 at 5:27 pm

  8. Yeah… currently, it seems there’s no good API to let Flash know when cookies are cleared so that it can do the same thing with its own local storage. Top Minds are working on the problem.

    Given that it’s an API/communication problem, I don’t think Gnash has a better story here. Sure, they will have a UI to clear these cookies, but so does the Adobe Flash player. If Gnash can automatically clear them when the Firefox cookies are cleared, I’d be most impressed…


    July 15, 2009 at 9:37 pm

  9. […] A Technical Blog ouseful.wordpress.co […]

  10. Ditto Gervase… there’s work being done on the Adobe Flash Player team to integrate with privacy choices made in the browser UI. I don’t yet know which browsers are opening such APIs for a single unified privacy API, but where they’re available, the Player team wants to take advantage of them.

    (The video might also have recognized you across browsers by the IP address.)


    John Dowdell

    December 23, 2009 at 9:02 pm

  11. I’d like to know how to find out what has been looked at on my home computer because my kids are using the in private browsing…..I can’t afford software and i try to keep track of things but the in privat browsing is making my job harder


    January 16, 2010 at 5:21 pm

  12. […] lo que finalmente podrás estar tranquilo por esos LSOs (Local Shared Objects) o cookies Flash que aún guardaban evidencias, incluso ya no serán necesarios complementos para Firefox como […]

  13. […] lo que finalmente podrás estar tranquilo por esos LSOs (Local Shared Objects) o cookies Flash que aún guardaban evidencias, incluso ya no serán necesarios complementos para Firefox como […]

  14. […] lo que finalmente podrás estar tranquilo por esos LSOs (Local Shared Objects) o cookies Flash que aún guardaban evidencias, incluso ya no serán necesarios complementos para Firefox como […]

  15. “Flash Cookies” are technically called “Local Shared Objects” and stored in a separate place than the Browser cookies. Its managed by the flash player. you dont need to have special tool to clear the flash cookies.

    01. Right click on any flash movie on a web page, you will get the flash context menu.
    02. Click on the “Settings”
    03. Click on the “folder” icon on teh bottom of the menu.
    04. you will get “local storage” panel, its set to 100K by default. If you set it to 0, all the cookies will be cleared.


    February 3, 2010 at 9:10 pm

  16. […] also written a few posts about privacy on this blog (e.g. Why Private Browsing Isn’t… and serendipitously earlier that day Just Because You Don’t Give Your Personal Data to Google […]

  17. There’s a utility called Kill Flash Cookies (KFC) which does exactly that:


    Adrian Short

    May 17, 2010 at 3:01 pm

  18. […] (if) the desktop iPlayer client also picks up BBC log in details? (Hmm, could it do this through a Flash cookie I […]

  19. @cezille, in order for you to download the better privacy addon, you need to install first Firefox. Because you cannot have it when you are using Internet Explorer. Hope it helps.


    April 13, 2011 at 6:25 pm

  20. I had McaAfee client installed on my work laptop and i used to go ‘Private’ when i used to look for jobs etc. Like you said, all the browsing is captured by all such clients!

    Rebecca Wilde

    July 4, 2012 at 4:00 pm

Comments are closed.


Get every new post delivered to your Inbox.

Join 1,416 other followers

%d bloggers like this: