Slashdot Mirror

← Back to Stories (view on slashdot.org)

Browser Private Modes Not So Private After All

Posted by CmdrTaco on from the don't-look-at-my-prvates dept.

CWmike writes "Browsing in 'private mode" isn't as private as users think, reports Gregg Keizer. 'There are some traces left behind [by all browsers] that could reveal some of the sites that you've been to,' said researcher Collin Jackson. He, along with three colleagues, will present their findings on Tuesday at the Usenix Security Symposium in DC. IE, Firefox and Safari, for instance, leave traces of SSL encryption keys even when run in private mode, while IE and Safari on Windows preserve self-signed SSL certificates in a 'vault' file that could be read by others to track the browser's path. Firefox also retains evidence of some certificates. Private mode has also been billed as a way for users to hide themselves from the prying eyes of sites that try to track habits and histories. Jackson said most users see that as the biggest attraction to private mode. 'Some browsers do a better job of protecting you from other types of scenarios, such as Web site tracking,' Jackson said. 'Safari is very much more willing to reveal you to Web sites than the others.'"

20 of 198 comments (clear)

  1. Safari has extremely lax security? by Anonymous Coward · · Score: 2, Funny

    Shocker! Say it ain't so!

    How many more of these until Browser jokes around here end with "Safari!" instead of "Internet Explorer!"? At least IE takes security seriously nowadays...

    (You'll never find a vulnerability in my Mosaic! Ha ha! Security through obsolescence!)

  2. It's good enough.. by HerculesMO · · Score: 4, Funny

    I mean, as long as your wife/girlfriend can't track your porno sites with ease you're fine.

    If your wife/girlfriend is a CS major with cryptology in her repertoire though... might want to find a different 'hobby'.

    --
    The price is always right if someone else is paying.
    1. Re:It's good enough.. by Anonymous Coward · · Score: 5, Funny

      If your wife/girlfriend is a CS major with cryptology in her repertoire though... might want to find a different 'hobby'.

      If I had a wife/girlfriend with a CS major in cryptology in her repertoire I wouldn't need a hobby.

    2. Re:It's good enough.. by stagg · · Score: 4, Funny

      I mean, as long as your wife/girlfriend can't track your porno sites with ease you're fine.

      If your wife/girlfriend is a CS major with cryptology in her repertoire though... might want to find a different 'hobby'.

      Then it's back to an old suitcase under the work bench in the garage.

    3. Re:It's good enough.. by ciaohound · · Score: 5, Funny

      Your wife is a CS major with cryptology in her repertoire. She just hasn't told you because you'd blow her cover.

      --
      Oh, yeah, it's not easy to pad these out to 120 characters.
    4. Re:It's good enough.. by HerculesMO · · Score: 2, Funny

      I see you're planning ahead.

      --
      The price is always right if someone else is paying.
    5. Re:It's good enough.. by Red+Flayer · · Score: 4, Funny

      Very convenient, as the duct tape and the rope is on the workbench. Just make sure the suitcase is big enough, things never fold as neatly as one might think.

      What? Why is everyone looking at me like that?

      --
      "Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
  3. Re:Biggest Attraction by swanzilla · · Score: 3, Funny

    "Jackson said most users see that as the biggest attraction to private mode."

    Nonsense. The biggest attraction of private mode is that hotteennymphosexkittens.com doesn't show up in the suggestions when someone borrows your computer to check Hotmail.

    If you want real privacy you shouldn't be trusting a web browser privacy mode.

    Youtube might be more relevantly incriminating than Hotmail.

    --
    0 = 1 + e^(Alt something)
  4. My wife is not a security researcher by DJCouchyCouch · · Score: 2, Funny

    So private mode is good enough for me!

  5. Re:Don't forget about flash by kelarius · · Score: 3, Funny

    As a test I went to a couple of sites of ill repute and watched a couple of free videos, then cleared my Firefox cache. Afterwards, I searched my computer for .flv and .mp4 files and couldnt find anything, so to the casual search most of you should be safe with your

    --
    Personally I'd rather have my idiots at home glued to the TV than out doing idiotic things
  6. Re:Biggest Attraction by Surt · · Score: 5, Funny

    I cannot believe how lazy the porn people are. It has been like a whole minute and that site is STILL not up.

    --
    "Who is the Journal of Quantum Physics going to believe?" --Stephen Hawking
  7. Re:This is going to be an unpopular sentiment but. by Hope+Thelps · · Score: 3, Funny

    But...who are we hiding from?

    Nice try but you're not going to find out that easily.

    --
    To summarise the summary of the summary: people are a problem. ~ h2g2
  8. Re:Clean on close by maxwell+demon · · Score: 5, Funny

    But the FBI/CIA/NSA have ways of reading even zeroed drives! (so I hear) Will we ever be safe??

    That's why I one them instead. I've never heard that they can read a oned drive. :-)

    --
    The Tao of math: The numbers you can count are not the real numbers.
  9. Re:Flash cookies remain too by Anonymous Coward · · Score: 5, Funny

    I run a virtual machine on a live CD, then restore the snapshot, reboot the machine, snap the CD in half, attach a high powered electromagnet to the tower, then burn down the building.

  10. Re:Flash cookies remain too by oldspewey · · Score: 3, Funny

    What? No TrueCrypt?

    --
    If libertarians are so opposed to effective government, why don't they all move to Somalia?
  11. Re:Flash cookies remain too by travisco_nabisco · · Score: 3, Funny

    Why are you looking at his /dev/null? That is as hard core as it gets.

  12. Re:The problem with first posts by buchner.johannes · · Score: 4, Funny

    We fight our fear of an empty internet?

    --
    NB: The message above might reflect my opinion right now, but not necessarily tomorrow or next year.
  13. Re:Flash cookies remain too by paiute · · Score: 3, Funny

    I use Lynx.

    and a really vivid imagination.

    --
    If Slashdot were chemistry it would look like this:Cadaverine
  14. Re:Flash cookies remain too by Anonymous Coward · · Score: 1, Funny

    Jason Bourne, is that you?

  15. Re:Flash cookies remain too by ikkonoishi · · Score: 2, Funny

    I telnet into the servers, and type out the headers by hand.