Adobe Flash Player delivers some of the most compelling, interactive experiences on the web. The team works hard to add new features and push Flash Player capabilities so designers and developers can make the richest content available. We’re also committed to continuously improving Flash Player in less conspicuous areas, such as privacy. Privacy is a hot topic, and there are good reasons it’s on many people’s minds, so we wanted to share some of the work we’re doing to help you protect your privacy.
Some of the Flash Player team’s privacy efforts are happening around a feature of Flash Player called “local storage” (often called local shared objects or LSOs, and sometimes incorrectly referred to as “Flash cookies”). Local storage is required functionality to provide the quality web experience you expect from today’s rich Internet applications (RIAs). It is used by a number of Web technologies, including Flash Player and similar plugin technologies, as well as browsers that support HTML5.
Why is local storage helpful for web apps? Using local storage means information doesn’t need to be stored on a website’s servers. Instead, small amounts of information are stored locally, on the user’s computer. For Flash Player, the default amount of disk storage space is minimal – the LSO is at most three-hundredths the size of a typical MP3. Local storage can be used to allow you to save your website or app login details, site history, or form information so that you can avoid retyping data the next time you visit. Local storage allows you to store work in progress from a photo editor or productivity app, for example. Local storage is also the feature that helps your computer or device remember that you like the volume turned down when you watch videos of your favorite TV show on YouTube, or a video website can show you your most recently viewed playlist without requiring a user account or login. This kind of helpful productivity data is saved on your computer, and Flash Player protects this information so that only the exact website that saved that information can access it.
Since local storage allows sites and apps to remember information, there are concerns about the use of local storage to store tracking information – or of greater concern, to restore tracking information to a browser cookie that a user has intentionally deleted. This use of local data storage has raised questions about privacy. So we’re continually working to make sure that users have better control over the local data stored by applications running in Flash Player.
Most recently, we’ve been collaborating with browser vendors to integrate LSO management with the browser UI. The first capability, one that we believe will have the greatest immediate impact, is to allow users to clear LSOs (and any local storage, such as that of HTML5 and other plugin technologies) from the browser settings interface—similar to how users can clear their browser cookies today. Representatives from several key companies, including Adobe, Mozilla and Google have been working together to define a new browser API (NPAPI ClearSiteData) for clearing local data, which was approved for implementation on January 5, 2011. Any browser that implements the API will be able to clear local storage for any plugin that also implements the API.
Keep your eye on the Google Chrome dev channel to see this feature show up in the coming weeks.
We expect other vendors to be rolling out support for this capability in the near future, and we will continue to work on additional capabilities to improve user privacy in partnership with browser vendors.
The ability to clear local storage from the browser extends the work we did in Flash Player 10.1, which launched with a new private browsing feature integrated with the private browsing mode in major browsers, including Google Chrome, Mozilla’s Firefox, Microsoft’s Internet Explorer, and Apple’s Safari. When you are in a private browsing mode session in your browser, Flash Player will automatically delete any local storage that was written by websites during that browser session once the browser is closed. This ensures that Flash Player can’t be used to store any history or other information from your private session. In striving to ensure a great user experience, we’ve made this seamless and automatic for the user.
Finally, you will soon see improvements to the Flash Player Settings Manager. Since local storage functionality was first introduced, users have been able to fully control their local storage settings using the online version of the Flash Player Settings Manager. By right-clicking on any content that is written for Flash Player, and selecting “Global Settings…” (or by visiting the Flash Player Settings Manager directly), you can customize which sites, if any, are allowed to use local storage. You can even turn local storage off entirely, if you don’t feel you need the functionality for things such as saving game data or your preferences on websites. If you’d like to turn it off just click on “Global Storage Settings panel,” drag the storage amount slider to “None” and select “Never Ask Again.”
Still, we know the Flash Player Settings Manager could be easier to use, and we’re working on a redesign coming in a future release of Flash Player, which will bring together feedback from our users and external privacy advocates. Focused on usability, this redesign will make it simpler for users to understand and manage their Flash Player settings and privacy preferences. In addition, we’ll enable you to access the Flash Player Settings Manager directly from your computer’s Control Panels or System Preferences on Windows, Mac and Linux, so that they’re even easier to locate and use. We expect users will see these enhancements in the first half of the year and we look forward to getting feedback as we continue to improve the Flash Player Settings Manager.
These local storage improvements will give you better control over the information stored on your computer and are part of our ongoing efforts to help you manage your privacy.
Group Product Manager, Flash Player