Adobe Flash Now Supports InPrivate Browsing
As a web browser, Internet Explorer is a platform for many kinds of add-ons (here are some great examples). IE users generally don’t distinguish between add-ons and Internet Explorer when it comes to performance, reliability, or privacy. They just use IE and expect it to work. That’s why the best add-ons do a good job of integrating with the IE user model, letting customers “just browse”.
Recently, Adobe announced that their latest version of Flash supports InPrivate Browsing. Version 10.1 of Flash will now respond to interfaces we built into IE8 when we first released it. When you browse to a site with Flash, it can store “Flash Cookies”, which are files created by Flash that websites can use to store data. Now, just like your IE history and cookies, these Flash objects will be deleted when you close your InPrivate Browsing window.
We’re really happy to see Flash adopt our InPrivate Browsing feature, and happy to see that they’ve also supported private browsing in Firefox and Chrome as well. Great job Flash team!
Andy Zeigler
Program Manager
Comments
Anonymous
January 01, 2003
The comment has been removedAnonymous
January 01, 2003
The comment has been removedAnonymous
February 11, 2010
The comment has been removedAnonymous
February 11, 2010
The comment has been removedAnonymous
February 11, 2010
The comment has been removedAnonymous
February 11, 2010
The comment has been removedAnonymous
February 11, 2010
The comment has been removedAnonymous
February 11, 2010
Finally! (er.. will have been finally or whatever appropriate tense given 10.1 is not yet released).Anonymous
February 12, 2010
The comment has been removedAnonymous
February 12, 2010
The comment has been removedAnonymous
February 13, 2010
The comment has been removedAnonymous
February 14, 2010
The comment has been removedAnonymous
February 15, 2010
@Just me - don't think that your video watching is entirely private. If you watch any downloaded content from IE or any browser using Windows Media Player (even if IE8 isn't even open!) you are actually exposing your viewing history to Internet Explorer. official bug disclosure details: http://webbugtrack.blogspot.com/2009/02/bug-519-ie8-inprivatewindows-media.html It highlights the bigger bug in Internet Explorer that attempting to tie IE to the underlying operating system (windows) has caused more problems than what it solved (getting out of the DOJ lawsuit). Brad Colbow (for SmashingMagazine) pointed out this flaw in his great IE6 comic - "The Life, Times (and Death?) of Internet Explorer 6" comic: http://media.smashingmagazine.com/cdn_smash/wp-content/uploads/2010/02/ie6_one.jpg Back on topic - IE suffers because it is tied to the Operating System. When you open files in Windows IE keeps track of these "local" files as part of the history even though they have absolutely nothing to do with your web browsing history. I personally wouldn't even consider using IE for any private browsing of any kind due to these flaws. Only when the private session data is stored in RAM and IE is de-coupled from the Operating System would I ever TRUST IE as a browser for Private Browsing.Anonymous
February 15, 2010
So now that the new Windows phones have been announced and we can see from the screenshots that Internet Explorer was still used as the browser vs. Webkit, Gecko or Opera mobile can you indicate what is actually running under the hood? Is it using the core IE8 engine running in full standards mode? or is it using a build from the IE9 code stream? Please tell us that it isn't using a code fork from IE5 or IE6! There is no way on earth I'm going to support a mobile IE less than 8. So, what's the story?Anonymous
February 15, 2010
I did find this from the presentation: "The browser that's built in to new Windows Phone 7 Series devices is a much more advanced browser than any we've shipped on a phone before. It's based on the desktop Internet Explorer code, so it's highly compatible with tons and tons of Web pages, and it performs really well, as well." from almost half way down this transcript: http://www.microsoft.com/presspass/exec/steve/2010/02-15MWC.mspx However saying that it is more advanced than any browser that MS has shipped on a phone before doesn't really say much when the existing IE browsers on phones are dead last in terms of quality, standards support and performance. Please make a crystal clear statement... exactly which version/fork of IE will the Windows Phone 7 series ship with? thanksAnonymous
February 15, 2010
Well I was going to go on the Windows Team Blog (since the mobile one is dead now) and post a comment about the Windows Phone 7 release but the comments are just full of pingback's from other Windows sites - big fail. Thus I'll post my question here.
I do like that the Windows Phone puts "search" as a primary hardware key on the device however defaulting it to Bing seems like a major "ugh" moment in the attempt to promote MS services. Do I presume correctly that this "default" can be overridden so that better services can be used? e.g. Google has been king of search for a decade now for a reason - I don't have any intentions of switching any time soon. Therefore the question is can I change this in the settings somewhere or is it seriously hard-coded in the device? (read: Thanks but NO-SALE)
Anonymous
February 15, 2010
I'm still to be convinced on the UI for Windows Mobile 7 (Windows Phone sounds a bit too short sighted, surely MS would be happy if someone put it on a slate/pad too). I think it places looks over function and ease of use. However, I do think it'll sell well but mostly to the younger demographic. Anyway, me, I'd just like to know more about the browser in WM7, as it's supposedly based on the desktop browser then you're the team to ask. I'd love to know the features that are available and the standards that are supported. Also will it be possible to replace the browser, Firefox mobile looks very promising. Most importantly though, can you confirm that any work on the mobile IE won't be at the expense of the desktop IE, you're doing a good job catching up with the competition that it'd be a shame if you'd get left behind. Many apple users feel that the desktop is getting neglected to focus on mobile platforms, please don't fall into the same trap.Anonymous
February 16, 2010
yo quisiera crear un blog para una cooperativa como hago quisiera si se puede respuesta en españolAnonymous
February 16, 2010
The comment has been removedAnonymous
February 16, 2010
The comment has been removedAnonymous
February 16, 2010
With RIM announcing that they will start shipping BlackBerry's with the WebKit browser technology they aquired from Touch Browser the game is over. Article: http://tnerd.com/2010/02/16/rim-announces-web-kit-browser-tries-to-keep-pace-with-the-competition/ Anyone developing for the Mobile Web can't afford not to be using Web Standards and taking advantage of HTML5 capabilities. Unfortunately MSFT's silence on this blog indicates that they have NOT updated the Windows Phone 7 to include a pre-IE9 browser and thus they are still stuck in the IE6 land of incompatibility. Its amazing how the Mobile technology of browsers that aren't tied to the OS is actually what ended up knocking IE of the desktop throne forever. Long live Web Standards! Sayonara IE!Anonymous
February 17, 2010
More comprehensive privacy is always welcome--although the in-memory mechanisms described above do sound like they'd be more secure. What about "Delete Browsing History"? Do you provide a means for add-ons to hook into that interface? And, if so, has Adobe done the work necessary to clear cookies when a user deletes temporary files? Thanks!Anonymous
February 17, 2010
@Bryan, this article: http://blogs.msdn.com/ieinternals/archive/2009/06/30/IE8-Privacy-APIs-for-Addons.aspx explains how to integrate an addon with the Delete Browsing history feature. As for the threats against forensic recovery of hard disks, it's important to consider that the virtual memory architecture in modern operating systems means that pretty much any memory page can be swapped to disk at an arbitrary time, meaning that it's not safe to assume that data cannot be recovered from memory, even if a browser's addons elected not to persist data to disk directly. For such environments, secured hardware and full drive encryption (e.g. Bitlocker) is called for, depending on the adversary.Anonymous
February 17, 2010
@helfman As WM 6.5 is equiped with IE Mobile 8.12 it seems likely that Windows Phone 7 will be shipped with IE Mobile 9.x. So expect a mobile version that resuses many elements from it's desktop brother.Anonymous
February 18, 2010
@hAl - interesting. The version # on WM6.5 then suggests that it is similar to desktop IE8 with a bit more. This totally contradicts my testing which showed several deficiencies in the Mobile IE that would make it an applicable target browser. Wikipedia still reflects my testing that Mobile IE is just IE6 with some additional bits. http://en.wikipedia.org/wiki/Mobile_ie "Internet Explorer Mobile 6 was released as part of Windows Mobile 6.5." more importantly though is what will ship in Windows phone 7. Will it be a respectable browser?Anonymous
February 18, 2010
@ieblog: it's true that virtual memory may still cause this data to be written to disk. However, for those very paranoid people, disabling virtual memory would solve the problem in Firefox's case (no virtual memory = no writes to disk at all). Not with IE. That Windows makes managing your virtual memory a pain is one thing (disk thrashing when RAM is far from full, need to reboot the machine to disable/enable virtual memory...). But even for those of us that manage to do that, IE makes completely private browsing impossible: you merely need to crash IE's processes to access that 'private' data (since IE isn't there to delete these files anymore); if that doesn't work, the only forensic tool needed is 'undelete'. In the case of virtual RAM, you need to dump the file's content and then look through it to see where the data you're looking for is stored. Let's take two examples: a savvy IE user in Windows, a Firefox user on GNU/Linux (or Mac). The safest scenario for W would be:
- Disable swap.
- Reboot.
- Start InPrivate.
- End InPrivate.
- Re-enable swap.
- Reboot. IE 8 still wrote data to disk. Also notice that this required two reboots (and a reboot might mean, rootkit infection taking place, and disk data dump, etc). The safest scenario for GNU/L would be:
- Disable swap (say, 'sudo swapoff -a').
- Start Private Browsing.
- End Private Browsing.
- Re-enable swap (say, 'sudo swapon -a'). Firefox wrote NOTHING to disk. Also, this required zero reboot. The only way to copy what's in Firefox's Private Browsing session would be a can of nitrogen to freeze the computer's RAM stick before Firefox ends the private browsing session, and dump the content of these RAM sticks in another machine. Please note that Firefox on Windows would do the same, but with two extra reboots (that's a Windows limitation). It's a bit more involved than an undelete tool. At the very least, it requires physical access to the machine.
Anonymous
February 18, 2010
@victor The IE Mobile version naming does not seems to represent a relation between the desktop and mobile browser code base.Anonymous
February 19, 2010
@Mitch 74 ...sometimes it really pays off to read the whole post! If you do that you will find that the safest Windows scenario is:
- When you set up the machine you use for surfing, you enable BitLocker on the drive where your swap-file and your temporary internet files are located (Note: if you do not want the whole system partition to be encrypted you can move those files to a different partition and encrypt only that partition). You only have to do that once, and it takes about 5 minutes, so that should not be a problem.
- start InPrivate browsing session
- end InPrivate browsing session Now even if the IE process is forcibly killed, you're still safe, because the fragments in the swap-file are still encrypted. Of course you might be a member of the "NSA has a backdoor to everything Club" and still believe you're NOT safe, but in this case I can't help you any further than to point you to a psychiatrist. The biggest advantage of this scenario is: you only need a "a savvy IE user in Windows" to setup your machine. Even the most stupid user is safe after. ...and yes, I know there are versions of Windows out there, that do not have BitLocker. For those who are paranoid enough or who actually NEED InPrivate (because of the sites they visit, or because of the places they use the internet from) there are 3rd party tools out there who accomplish the same thing, or an "Anytime Upgrade" might be advisable. Cheers Harry P.S.: any spelling mistakes you might find need not be returned! ;-)))
Anonymous
February 20, 2010
The comment has been removedAnonymous
February 20, 2010
@Harry: as you said, BitLocker isn't available on lower versions of Vista/7, only professional and higher. So it's not an realistic option. You also can't upgrade from home editions to pro, requiring you to fork over lots of cash for Ultimate in Anytime Upgrade - only to work around an IE limitation. If you've got Starter on a netbook, you'll spend as much (or more) on the Anytime Upgrade as you spent on the device itself. That's one expensive browser. Strike one. Encryption can be broken. Any rootkit could also catch the encryption key used to perform the write, and make breaking the encryption a non-event. No need for NSA paranoia. Strike two. Once you get Bitlocker (1) and disregard the failings of encryption (2), you need to repartition your hard disk drive and encrypt a part of it just for your swap file, AND go and tinker with the registry to force IE to save its data on that same partition. Either that, or you'll move your entire Users directory to an encrypted partition. This will require some rather advanced technical competence to do, and as all operations that deal with a disk's structure, is risky. Strike three. Encryption requires CPU power. If you're using a netbook, your CPU will drain your battery faster since it'll have more operations to perform. Atom doesn't include Intel's encryption instructions. If you've encrypted your swap and temp files (arguably the most volatile pieces of data a computer uses), your CPU will spend its time decoding and encoding data. Strike four, you're out :p So, your solution is potentially expensive, surely a performance killer, not exactly as efficient, and sure as heck unwieldy to implement. But it is for sure the most private IE on Windows solution yet. Too bad it's so complicated and expensive.Anonymous
February 21, 2010
Lets be serious - if you want private browsing - you don't want IE. There are too many published flaws with IE's privacy and security to take it seriously. Add now that you need to install the Google Frame Plugin to get pages to render properly in IE the confusion continues. There are many that say that this extends the attack surface and even more (including myself) that feel this extends the security (you need to break the Google Chrome/WebKit security before you can even try to break the IE security). However either way you need to ask yourself... If the best way to use IE is to install another browser inside it - it doesn't make IE look like a good browser at all. It still blows my mind that so many people haven't switched from IE yet. PS PLEASE FIX YOUR CAPTCHA - ITS BROKEN!Anonymous
February 22, 2010
The comment has been removed