Private browsing modes leak data
- Published
The private browsing modes on modern browsers leak information about where people have visited, suggests a study.
Available in many browsers, the private modes are not supposed to log information about sites visited.
However, the study found that in many cases the privacy mode was compromised by additions to the browser or extra security on websites.
Many extras that people add to browsers can "completely undermine" the anonymity of private browsing.
Computer scientist Dan Boneh from Stanford University led the study of private browsing modes on the Firefox, Internet Explorer, Chrome and Safari browsers.
The researchers tested when people used private browsing modes by employing adverts that log the state of the machine on which the ad is being displayed.
It found that private browsing was most popular when people visited adult sites.
Private browsing modes typically work by erasing the information logged when any site is visited.
These logs include small text files known as cookies, entries on a history file and data put in the browser's cache.
However the study found that other ways in which a browser logs data were often left undisturbed at the end of a private browsing session.
This occurred, for example, if the site being visited used security systems such as those which protect data sent back and forth during web purchases.
Add-ons or plug-ins for browsers, particularly those that help with searching, also readily log information that the private browsing mode was supposed to delete, found the study.
The researchers concluded that, in some cases, these weaknesses were able to "completely defeat the benefits of private mode".
The paper will be presented at the Usenix Security conference which is being held in Washington, DC from 11-13 August.
- Published3 August 2010