Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Edge's Private Browsing Mode Isn't Actually Private (betanews.com)

Posted by timothy on from the keep-it-to-ourselves-alright? dept.

JustAnotherOldGuy writes: The forensic examination of most web browsers has proven that they don't have a provision for storing the details of privately browsed web sessions. However, in the case of Microsoft Edge, the private browsing isn't as private as it seems. Previous investigations of the browser have resulted in revealing that websites visited in private mode are also stored in the browser's WebCache file. The Container_n table stores web history, and a field named 'Flag' with a value of '8' shows that website was visited in private mode. An investigator can easily spot the difference and use this evidence against a person. The not-so-private browsing featured by Edge makes its very purpose seem to fail, and you can't help but ask how such a fundamental aspect of private browsing could be so fantastically borked. It beggars belief.

11 of 159 comments (clear)

  1. Re:First Post? by blavallee · · Score: 5, Insightful

    I would say, it's just not a surprise anyone here. An antonym of privacy or security is Microsoft.

  2. Well, they didn't lie... by The+Atog+Lord · · Score: 5, Funny

    So, InPrivate is to Private as InVisible is to Visible.

  3. Re:First Post? by I'm+not+evil.+See · · Score: 5, Funny

    The rest of us have been here also, all along, but just in "Private Mode". There are actually 1203 "first posts" before yours. Look harder. :-)

  4. Re:From the people who brought us 10 by GrahamCox · · Score: 5, Informative

    Wrong. I don't know about Google, but I do know about Safari. When it's in private mode, all of the data that is normally saved to disk for any purpose is stored in encrypted memory, so within a private session, you get the benefit of caching, go forward/back, etc. But once you close the private window, all that encrypted memory is erased and released. Apps using the NSURLSession APIs can do exactly the same thing.

  5. Re:Indifference by Anonymous Coward · · Score: 5, Insightful

    I've concluded in the past couple of years that large parts of Microsoft as an organization have stopped being able to coherently sell to the end user market, and whatever people in the management that would have in the past noticed this sort of thing and taken steps to correct it have left or moved on to other roles.

    It smells more to me like they've made a concerted decision that the end user is no longer the target market. The end user is now the product. Microsoft's "business partners" are advertisers and law enforcement agencies, that's where the revenue is coming from.

    The Edge behavior described in this article is very hard to explain away as laziness or incompetence. Intentional decisions were made during all phases of design and development to continue storing the user's history even when in private browsing mode. That isn't clueless management or devs taking the easy way out. That's purposely turning the end user's computer into a tool to be used against him.

    Microsoft is now actively hostile to the end user and folks would do well to remember it.

  6. Re:Private mode and forensics by vux984 · · Score: 5, Informative

    Even so, if you put the safety on on your gun, that doesn't make the weapon truly and completely safe and nobody is suggesting it does.

    But can you imagine if putting the safety on merely lowered the muzzle velocity by 5%?

    Or a door lock that simply turned a red LED on some dashboard somewhere labelled locked, and nothing else.

    There is not, and never will be, a truly "private" browsing experience, regardless of browser.

    But some browsers actually do a little more than next to NOTHING to remove the session history from the local PC.

  7. Re:I'm shocked by rtb61 · · Score: 5, Insightful

    It is not really all that funny. Not only is it not private it is marked as pretended to be so on analysis they can find out exactly what you wanted to keep private. That looks really, really bad, not only a failure of privacy but seemingly purposeful gathering of data for extortion purposes, obviously not run of the mill people but selected individuals via the scatter gun method, hide the invasiveness by targeting everyone so that the specific targets are unaware. Then there is how long they will keep the data for ie target every potential politician in high school and university so that decades down the track they can be extorted in compliance or destroyed. It is one thing to screw up privacy, it is quite another to specifically mark data as private and keep it.

    --
    Chaos - everything, everywhere, everywhen
  8. Re:Private mode and forensics by jason777 · · Score: 5, Funny

    Thats why I do my really serious browsing in a new VM that is read-only. After, I delete the vm. Then light the computer on fire.

  9. Re:First Post? by hairyfeet · · Score: 5, Informative

    Considering how much spying is baked into Windows 10 frankly the thought that anything done in that OS is "private" is beyond belief.

    --
    ACs don't waste your time replying, your posts are never seen by me.
  10. You've blown it Microsoft by DrXym · · Score: 5, Funny

    How am I meant to browse for gifts and flowers for my wife (WHICH IS ALL ANYONE EVER DOES WITH PRIVATE BROWSING) if its not actually private? Oh and in case the wife does find traces of activity, yes cumgarglingsluts.com is a site that sells flowers and gifts. Way to ruin the surprise Edge.

  11. Re:First Post? by Anonymous Coward · · Score: 5, Insightful

    They invented unsafe OS with user processes running in kernel mode.
    They invented the mail-transported virus, when outlook auto-executed attachments received by email
    They invented web vulnerabilities with activeX (Execute code found on web pages - no need to look for buffer overflows when this sort of thing is designed in.)

    So indeed, no surprise from microsoft here.