Why Private Browsing Isn’t…

One of the features of the latest crop of browsers is a ‘private browsing’ mode (aka the porn mode) in which cookies and URL histories form a browsing session are discarded at the end of the session, leaving ‘no trace’.


Whilst watching the BBC iPlayer last night, I got fed up with the programme stalling (too many open apps, etc etc) so I decided to move to another browser. On going to the appropriate progamme page, I had the option to “Resume” the programme at the point I had just stopped watching it in the other browser.

A quick tweet asking how this might work was met with the response that iPlayer was probably making use of “Stored Objects, Flash’s equivalent of cookies”, as confirmed (I think?!) by @dansumption.

That is: when you visit a website, most browsers are capable of storing a small amount of data (known as a cookie) specified by the website. This might include a unique identifier that allows the website to recognise you when you visit the site again using the same browser, for example, or store personalisation information for you. Third party cookies allow adservers to recognise who you are when you wander across different websites, too. (A brief into to cookies can be found on the OpenLearn site: What are cookies?.)

If you don’t want a website to be able to recognise you if you revisit it, you can either block the cookies it wants to set, or delete the cookies it has set in a previous session. Private browsing handles this for you automatically.

Another thing that browsers do is maintain a history of websites that you have visited. Once again, private browsing steps in here to prevent the browser from remembering what sites you have visited during a private browsing session. And finally, private browsing doesn’t keep track of any searches you might have made in the private browsing session using the browser’s built in search box.

Whilst there are still traces all over the place of the sites you have visited, from the firewall log on your computer or your broadband router box to your ISP, if you were browsing within a private browsing session, you might expect that at least your computer would remain ‘free of evidence’ about what you had been searching for, or which sites you had visited (along with removing any tell tale cookies they may otherwise have left behind).

Well, as the BBC iPlayer cross-browser ‘Resume programme’ facility, suggests: no.

Many sites that use Flash, (BBC iPlayer included) make use of Flash Stored objects which sit outside the control (for now at least, and as I understand it) a browser’s private history mode. I’m guessing it also sits outside the scope of a browser’s ‘clear cookies’ and ‘clear history’ actions?

If you’re intrigued about what flash ‘cookies’ you might have set on your computer, you can inspect them (and delete them) using this Adobe tool: Flash Player: Website Storage Settings panel

Anyway, if you run info skills courses, it’s maybe to one to remember…

PS we may not need Flash for much longer anyway, as Mike Ellis suggested when I pointed him to this rather wonderful site demoing the power of CSS in a modern browser: Text ShadowCSS effect;-)

PPS see also When Delete Doesn’t

Author: Tony Hirst

I'm a Senior Lecturer at The Open University, with an interest in #opendata policy and practice, as well as general web tinkering...

21 thoughts on “Why Private Browsing Isn’t…”

    1. @David, i am having difficulty in deleting Flash Cookies and caches. Where can I download this “Better Privacy” addon? I am using Internet Explorer, not Firefox. Your response would be much appreciated. Thanks!

  1. Or consider using Gnash. It gives you control over what Flash is doing on your system. Of course it isn’t completely compatible, but I’m assuming anyone who reads this values privacy more than bouncing pictures.

  2. Yeah… currently, it seems there’s no good API to let Flash know when cookies are cleared so that it can do the same thing with its own local storage. Top Minds are working on the problem.

    Given that it’s an API/communication problem, I don’t think Gnash has a better story here. Sure, they will have a UI to clear these cookies, but so does the Adobe Flash player. If Gnash can automatically clear them when the Firefox cookies are cleared, I’d be most impressed…

  3. Ditto Gervase… there’s work being done on the Adobe Flash Player team to integrate with privacy choices made in the browser UI. I don’t yet know which browsers are opening such APIs for a single unified privacy API, but where they’re available, the Player team wants to take advantage of them.

    (The video might also have recognized you across browsers by the IP address.)


  4. I’d like to know how to find out what has been looked at on my home computer because my kids are using the in private browsing…..I can’t afford software and i try to keep track of things but the in privat browsing is making my job harder

  5. “Flash Cookies” are technically called “Local Shared Objects” and stored in a separate place than the Browser cookies. Its managed by the flash player. you dont need to have special tool to clear the flash cookies.

    01. Right click on any flash movie on a web page, you will get the flash context menu.
    02. Click on the “Settings”
    03. Click on the “folder” icon on teh bottom of the menu.
    04. you will get “local storage” panel, its set to 100K by default. If you set it to 0, all the cookies will be cleared.

  6. @cezille, in order for you to download the better privacy addon, you need to install first Firefox. Because you cannot have it when you are using Internet Explorer. Hope it helps.

  7. I had McaAfee client installed on my work laptop and i used to go ‘Private’ when i used to look for jobs etc. Like you said, all the browsing is captured by all such clients!

Comments are closed.

%d bloggers like this: