Slashdot Mirror

← Back to Stories (view on slashdot.org)

Browser Private Modes Not So Private After All

Posted by CmdrTaco on from the don't-look-at-my-prvates dept.

CWmike writes "Browsing in 'private mode" isn't as private as users think, reports Gregg Keizer. 'There are some traces left behind [by all browsers] that could reveal some of the sites that you've been to,' said researcher Collin Jackson. He, along with three colleagues, will present their findings on Tuesday at the Usenix Security Symposium in DC. IE, Firefox and Safari, for instance, leave traces of SSL encryption keys even when run in private mode, while IE and Safari on Windows preserve self-signed SSL certificates in a 'vault' file that could be read by others to track the browser's path. Firefox also retains evidence of some certificates. Private mode has also been billed as a way for users to hide themselves from the prying eyes of sites that try to track habits and histories. Jackson said most users see that as the biggest attraction to private mode. 'Some browsers do a better job of protecting you from other types of scenarios, such as Web site tracking,' Jackson said. 'Safari is very much more willing to reveal you to Web sites than the others.'"

10 of 198 comments (clear)

  1. The problem with first posts by Anonymous Coward · · Score: 2, Insightful

    You stumble on the page and see (0 Comments) followed by this huge white space. Looking at it, how can you not write something in it? Multiply this mentality across every other visitor who experiences a blank page and it's no wonder you have so many 'first posts' half way down the page.

  2. Flash cookies remain too by e065c8515d206cb0e190 · · Score: 3, Insightful

    As there is a flash animation on every other site, looking at your flash cash pretty much reveals what you've "anonymously" browsed recently...

    1. Re:Flash cookies remain too by oldspewey · · Score: 2, Insightful

      How about running a LiveCD distro and then physically rebooting the machine after each browsing session?

      --
      If libertarians are so opposed to effective government, why don't they all move to Somalia?
    2. Re:Flash cookies remain too by Bratmon · · Score: 3, Insightful

      You still have logs at the sites you visited. Better get them too, just in case.

  3. Biggest Attraction by ceoyoyo · · Score: 5, Insightful

    "Jackson said most users see that as the biggest attraction to private mode."

    Nonsense. The biggest attraction of private mode is that hotteennymphosexkittens.com doesn't show up in the suggestions when someone borrows your computer to check Hotmail.

    If you want real privacy you shouldn't be trusting a web browser privacy mode.

    1. Re:Biggest Attraction by countertrolling · · Score: 2, Insightful

      If you want real privacy, boot from a liveCD or USB stick

      --
      For justice, we must go to Don Corleone
  4. This is going to be an unpopular sentiment but... by stagg · · Score: 2, Insightful

    Virtual machines? Flash disks? I never use the same computer twice! But...who are we hiding from? I support efforts to maintain privacy, and I admire it as a thought experiment, but what's the scenario we're defending against here? All of this sounds like extreme overkill if you're hiding porn from your mom. If you're trying to hide from advertisers, governments, etc, then I think that your bigger worry is not your home machine, but everything out there in our marvelously complicated ecosystem of an internet.

  5. Re:You need all of your files on a ramdisk by justin12345 · · Score: 4, Insightful

    Yeah a ram disk or virtual machine is defintely way more secure, as well as using proxies or TOR to disguise your IP address (confusing Geo-location databases), forged browser signatures, and a few other things I can't think of right now. Assuming you are committing acts of international espionage, working undercover for the NSA, or simply know that MLB is after you, you should definitely be taking those precautions.

    The thing is, my understanding is that "privacy mode" is really just for not having your porn links show up in your browser history, should your S/O or Mom not approve of you viewing such material. It also saves you potential embarrassment when you open up a new tab in Safari or Chrome and it gives you a grid of thumbnails of recently viewed sites. I think Gregg Keizer grossly overestimates what people expect when they click the "private" button. They aren't clicking it to view sites that require SSL certificates, they are clicking it to view sites who's title tag is "Slut fucked by guy" or "Sexy trinity anal part1" and shows up in the browser history as such. Most just use the privacy mode so their S/O or Mom doesn't stumble across those links while looking up that article they read yesterday about "How to plan the perfect wedding" or "Is internet addiction destroying your family?".

    --
    Cool art gallery, if you're into that sort of thing.
  6. Re:Opera by morari · · Score: 4, Insightful

    Private mode has also been billed as a way for users to hide themselves from the prying eyes of sites that try to track habits and histories. Jackson said most users see that as the biggest attraction to private mode.

    I thought hiding your porn habits from the wife or employer was the biggest attraction?

    --
    "He who can destroy a thing, controls a thing." --Paul Atreides, Dune
  7. Re:You need all of your files on a ramdisk by vux984 · · Score: 2, Insightful

    I agree. Its the best alternative if you need total security. Boot off a live CD from a diskless machine. (or at least set the hard drives as read-only).

    But its a hassle to boot off a live CD.

    My VM method realizes nearly all of the benefits of a live CD with a lot more convenience, since you can run it in antoher window along with everything else you are doing. Its more than secure enough for my purposes (keeps the kids from stumbling into it, and acts as a firewall for malware coming through the browser).