Adobe has announced that its Flash Player 10.1 will include a private browsing mode, which will automatically clear Flash cookies (also called “local shared objects, LSOs”), which are separate from the HTTP cookies most people know about. HTTP and Flash cookies collect data about and can track users’ Internet searches and sites visited.
Normal browsing mode in Web browsers allows for the logging of HTTP and Flash cookies, browsing history, download history, and more. Even after you close your browser and end the session, the data remains, unless you manually clear your data log. In private browsing mode, the logging of user data is stored temporarily. Once you close your browser, the data will be automatically deleted, including HTTP cookies, browsing history, download history, etc. It was thought that this process also deleted Flash cookies.
However, in August, researchers at the University of California-Berkeley released a report revealing that Adobe Flash cookies can “respawn” or “re-create” regular cookies that people have cleared from their browsers. This meant that, even if a person used private browsing mode or manually cleared their HTTP cookies and browsing history, this did not affect Flash cookies, which were stored in a separate location from regular HTTP cookies. So the Flash cookies remained, and they had the ability to re-create the HTTP cookie and other data that consumers thought had been deleted.
The revelation led to a public outcry about the surreptitious tracking, with privacy advocates calling the Flash cookie respawning deceptive. Now, Adobe has announced changes to these Flash cookies in its upcoming Flash Player 10.1 (which is currently in beta-testing):
Integrating with your web browser, Flash Player 10.1 will automatically clear stored data in accordance with your browser’s private browsing settings. […]
Prior to Flash Player 10.1, the player behaved the same whether the browser was in private browsing or not. Browsers could clear browser data temporarily stored during a private browsing session, such as cookies and history, but they were unaware of the data stored in Flash Player local storage (also known as local shared objects or LSOs). To keep your information safe, information in Flash Player local storage is stored on a site-by-site basis—so that one website can never see information from another website. However, storing information on a site-by-site basis can leave a history of previously visited sites that have used local storage.
Starting with Flash Player 10.1, Flash Player actively supports the browser’s private browsing mode, managing data in local storage so that it is consistent with private browsing. So when a private browsing session ends, Flash Player will automatically clear any corresponding data in local storage.
Additionally, Flash Player separates the local storage used in normal browsing from the local storage used during private browsing. So when you enter private browsing mode, sites that you previously visited will not be able to see information they saved on your computer during normal browsing. For example, if you saved your login and password in a web application powered by Flash during normal browsing, the site won’t remember that information when you visit the site under private browsing, keeping your identity private.