Do We Need A Better Private Browsing Mode?

Network World's Alan Zeichi recently argued "We need a better Private Browsing mode." Slashdot reader Miche67 writes: As this writer says, Chrome's Incognito Mode "doesn't offer strong protection at all." [Incognito mode "only prevents Chrome from saving your site visit activity. It won't stop other sources from seeing your browsing activity."] And Firefox's Private Browsing with Tracking Protection -- while stronger than Chrome -- is an all-or-nothing option. "You can't turn it off for sites you trust, but have it otherwise enabled by default."
The submission ends, "Every single link to non-trusted websites should open, by default, in a Private/Incognito window. C'mon, browser makers, get this done." This raises two questions. How do Slashdot's readers browse? And do you think we need a better private mode for web browsing?

No, we need to stop doing illicit things online

If you don't want people to know you're watching porn online, don't watch porn online. If you don't want people to know you're accessing illicit content online, don't access illicit content online. Don't have anything to hide and you won't have any problems. The paranoia is from perverts, criminals, and other losers who feel the need to access illicit things online that they don't want others to know about. Modify your own behavior and you'll have no problems with needing to keep secrets.

Re:No, we need to stop doing illicit things online

If you don't want people to know you're watching porn online, don't watch porn online. If you don't want people to know you're accessing illicit content online, don't access illicit content online. Don't have anything to hide and you won't have any problems. The paranoia is from perverts, criminals, and other losers who feel the need to access illicit things online that they don't want others to know about. Modify your own behavior and you'll have no problems with needing to keep secrets.

If I weren't also an anonymous coward I would mod this +1 Funny.

I salute you for your masterful satire!

Re:No, we need to stop doing illicit things online

[BitterOak]

This may be good advice in a relatively free country where people are allowed to criticize their government as well as investigate bad behavior by those in power, but in many countries in the world people don't have those freedoms which we take for granted. People living in oppressive regimes may need to rely more on technological means to protect their rights to organize and to criticize their government. An essential part of a participatory democracy is that people can be critical of their government, and if we want more countries to follow that model, people need to be free to exchange ideas without fear of reprisal.

Re:No, we need to stop doing illicit things online

So refreshing to see such purity on Slashdot. I entirely agree. Nothing but porn and illicit content ever warrant privacy.

Re:No, we need to stop doing illicit things online

[fustakrakich]

Just don't use your real name anywhere on the internet.

Re:No, we need to stop doing illicit things online

If you don't want anyone watching your bare genitals, stop excreting! Otherwise, stop concealing them. In a free and open society, clothes are merely for keeping warm. Nudity is transparency. Privacy is crime.

Re:No, we need to stop doing illicit things online

If you don't want people to know you're watching porn online, don't watch porn online. If you don't want people to know you're accessing illicit content online, don't access illicit content online. Don't have anything to hide and you won't have any problems. The paranoia is from perverts, criminals, and other losers who feel the need to access illicit things online that they don't want others to know about. Modify your own behavior and you'll have no problems with needing to keep secrets.

Have you had your head stuck in the sand for the past several years? Our and other countries' spooks hoover up our online activity. We know they do. We have documentation confirming that they do it beyond the bounds of legality. Do you need to have an actual man-in-black at your elbow 24x7 before you'll fully grasp that?

What you're doing today may be perfectly legitimate and innocent, but given what we've observed from history, something innocuous today may be turned into something perverted or sufficiently embarrassing a decade from now that you'll wish it would have been done securely. It's not paranoia when you know that all of your activity is being recorded for future perusal and reinterpretation.

Re:No, we need to stop doing illicit things online

Shitting in public is illicit. Shitting in private is not. Therefore we are all illicit without privacy.

Re:No, we need to stop doing illicit things online

Said every police state tyrant fuck ever.

Re:No, we need to stop doing illicit things online

What about LinkedIn or job boards? Maybe you meant don't use your real name for anything political.

Re:No, we need to stop doing illicit things online

[KiloByte]

What's that "free country" you're talking about? While in countries other than North Korea, Russia, China, Saudi Arabia you can often get away with criticizing the government on superficial matters, there isn't a single country that won't punish you for revealing news that truly hurts those in power.

Case in point: Assange -- Sweden tries to pass as a free country. Or, show me those "free countries" supporting Snowden; Ecuador and Russia stepped up because of a grudge against USA rather than of good will.

Re:No, we need to stop doing illicit things online

and if we want more countries to follow that model, people need to be free to exchange ideas without fear of reprisal.

The best way to achieve that is by example. It's how capitalism ultimately defeated communism. Today no successful and prosperous country seriously practices communism as envisioned by Marx. The Chinese are communist in name only, the North Koreans are universally panned and the rest basically flirt with various forms of democratic socialism and more or less permit private business activity to occur, whether officially or unofficially. In effect, the world has conceded the point to capitalism. If you want democracy to prevail in a similar way, you must also work towards long term successful examples that prove the point. The appeal of a technological solution enthralls impatient liberals everywhere, but if the world's problems could be easily solved with apps they would have all been solved by now. We should be wary of the technological utopia peddled by the likes of Mark Zuckerberg and his fellow travelers in Silicon Valley. The real world is much dirtier and nastier than they seem prepared to admit.

Re:No, we need to stop doing illicit things online

Protip: Get rid of all your online accounts, except for one: Facebook. Do everything from your facebook account

Re:No, we need to stop doing illicit things online

[fustakrakich]

Nope, nobody on the internet gets my name. I'm "John Smith". I only give personal info in person.

Re:No, we need to stop doing illicit things online

If you don't want people to know you're watching porn online, don't watch porn online. If you don't want people to know you're accessing illicit content online, don't access illicit content online. Don't have anything to hide and you won't have any problems. The paranoia is from perverts, criminals, and other losers who feel the need to access illicit things online that they don't want others to know about. Modify your own behavior and you'll have no problems with needing to keep secrets.

Can't quite tell if serious or satirical. I certainly hope it's the latter.

Re:No, we need to stop doing illicit things online

[Alumoi]

Oppressive regimes? That's funyy, last I looked, US and UK were champions when trying to track every user accessing the net.

Re:No, we need to stop doing illicit things online

It's hypocrites all the way down!

Re:No, we need to stop doing illicit things online

this is the biggest whoosh i've seen.

or maybe that's just what this AC wants me to think.

Re:No, we need to stop doing illicit things online

I see your point, but I don't believe that's really fair. I complained to Chrome Dev about the fact that even in Incognito Mode that your download history is still preserved -- their response was dismissive. I see it as one of many flaws with "Incognito" mode -- I think most user's expectations of any "private browsing" mode is that when the window exits, any and all traces of their activity is gone. Period.

  If you're going to make something private, then do the work that's needed to make it private. It's not hard, it's tedious and requires attention to detail.

Re:No, we need to stop doing illicit things online

[PatientZero]

Just don't use your real name anywhere on the internet.

You mean like when you sign up for internet service using your physical address? Yes, I'm sure that's going to stop the state government—which probably runs the ISP—from learning who you are. Even if you limit posting your critiques to libraries or other public places, they can use the browsing history to narrow down where to watch for you.

Re:No, we need to stop doing illicit things online

I like you.

Re:No, we need to stop doing illicit things online

[Fjandr]

You forget that someone controls the cameras, where they're installed, where they're aimed, and who watches them. There will never be zero privacy as you envision, because those who control the cameras will never allow the invasion of their own privacy. Eventually, the post of camera controller will be filled with the worst criminal elements, because that's where it's now safe to be a criminal.

Guys - I got this one

How do Slashdot's readers browse?

Sat in our parents basements in our underwear.

And do you think we need a better private mode for web browsing?

Yes, my parents get suspicious when I lock the door.

i use tor

Common everybody knows that the private browsing mode is just a porn mode that hides your history from other users of your Computer, nothing more.

I just use Tor if i want real privacy.

Re:i use tor

[maorb]

I've used private browsing mode to allow my friend to check his email without making me log out of my own email (from the same service of course). From my perspective, it just lets me open a "guest" mode browser that doesn't have all my URL autocompletes, usernames, passwords, etc automatically filling in. It's not to be confused with a security feature when used like that of course, all someone has to do to get back into my side of things is open a new windows, but it's still convenient.

Re:i use tor

[mlts]

With browser fingerprinting (check it out on EFF's Panopticlick), it really doesn't matter if you use Tor or not.

What I do if I want a stateless session is vagrant up a virtual machine, have it provisioned with a web browser, usual ad blocker software, my bookmarks as a clicky HTML file locally, and use that. When done, destroy the VM. This way, any changes or stuff saved to the VM are toast, and there will always be a different fingerprint every session.

As for protecting my IP, I just use a VPN service. For me a simple proxy is good enough so that ad companies and behavior tracking sites are blocked/stymied.

Re:i use tor

That's exactly what I do too (using a Windows XP VM). But I have a nagging feeling I'm missing something wrt fingerprinting, especially wrt Google cookies since practically every site uses GA.

Too paranoid?

Re:i use tor

[AmiMoJo]

Have you actually tried browser fingerprinting with the TOR Browser? If you set it up right (I recommend Tails) it doesn't work. It can't separate you from many, many other TOR Browser users.

Go try it right now, with the Trails live CD. They fixed this years ago.

Re:i use tor

[lambsonic]

Fingerprinting is defeated. Randomly rotate common values. Non-unique signal with noise. Using a VM is actually a more unique signal, and would easily let you be identified with known techniques involving a small fingerprint with an IP netmask. Better hope you aren't the only one doing deploying that VM-browser combination on your VPN service. Just because you are resetting your state doesn't mean you don't have state. It actually makes your profile more stateful in the long run.

Re: i use tor

So pretty much 2 reasons.

Re:i use tor

It would be even better if that was all upstreamed and all TOR Browser users looked like all Firefox users, regardless of the versions they run. One way to get started on that, which I cannot believe isn't the default, is to remove specifics from them beyond the program. I mean things like OS, architecture, version numbers, and anything else I forgot. If browsers are not the same across platforms, then that is a bug that should be fixed, not something to be advertised to the server.

Re:i use tor

[Erioll]

That would actually break other things. Things like the header that you suggest are already encrypted on any "https" website, and thus TOR doesn't know what that is, and can't manipulate it. So the only way for that to work would be to ban https on TOR, which would be stupid, which they wouldn't do.

Re:i use tor

What? No! Rewriting the browser to use a specific User-Agent header wouldn't have to touch any part of the network code, let alone the TOR proxy code or onion routing.

Why are we still scared of cookies?

[apathyruiner]

99.99% of my browsing I don't care if hosts know that I've been there before, or that I've been to a "partner" site. I rather like that my browser keeps a history of visited sites. Incognito is good if you want to keep your dirty habits secret from someone who might get their hands on your data. There is no such thing as truly private browsing. Yeah, yeah, VPN for your torrents, Great Firewall, etc, but there are holes in the security well past anything a typical user can influence.

Re:Why are we still scared of cookies?

Dude, if you can't at least acknowledge that Big Brother May Someday Use My Data Against Me, then at least acknowledge that tracking is a little creepy.

Re:Why are we still scared of cookies?

[maorb]

Tracking isn't creepy at all Robert /s

Re:Why are we still scared of cookies?

[TheRaven64]

There are cookies and cookies. If I go to foo.com and I get a cookie that is only readable by foo.com and is used to maintain state across visits, then that's fine. If that page on foo.com includes an i-frame that encodes the foo.com URL and contains something from bar.com that sets a cookie, and so do the next hundred sites that I visit, then I do care. I don't have any business relationship with the owners of bar.com and I don't want them to be tracking everything that I do online.

This is something that a browser could easily fix, for example by providing a separate cookie jar for each domain. If bar.com leaves a cookie while I'm looking at a page on foo.com, then it goes in the foo.com cookie jar. If I go to baz.com and it also wants to let track bar.com track me then the cookie goes in baz.com's cookie jar. Randomise things like font and plugin reporting, so that it's very hard to tie the two bar.com cookies together.

Of course, the developers of Chrome will never do something like this because their business model relies on being able to track people.

Re:Why are we still scared of cookies?

[Merk42]

What about 3rd parties that might be on a variety of URLs, such as disqus and social media?

Re: Why are we still scared of cookies?

Whitelist

Re:Why are we still scared of cookies?

[TheRaven64]

Explicit user opt-in to having their cookies shared across sites. And a visual notification of all of the third-party domains that are tracking you.

Re:Why are we still scared of cookies?

[allo]

especially disqus is a bad example. If you allow 3rd party cookies, disqus can track what news sites and blogs you're reading without any problem.

Re:Why are we still scared of cookies?

[Merk42]

That was my point. Not everything a website uses comes from the same domain (even excluding ads), so that initial idea has issues.
TheRaven64 did comment on that situation though.

Tor

There's always tor browser. It's what I use.

VPN maybe?

[cyberzephyr]

What about VPN's?

Re:VPN maybe?

Who are you protecting yourself from? For me, a VPN is good enough, as it stops geolocation tracking, and ISP shenanigans (a few years back, some of the big ISPs would actually attach/inject a unique ID onto each HTTP header being sent up.) A VPN stops that hanky-panky cold, although in theory, they could do it... but if it were found out, it is a lot easier to jump VPN providers than last-mile ISPs.

Re:VPN maybe?

[cyberzephyr]

Who are you protecting yourself from? For me, a VPN is good enough, as it stops geolocation tracking, and ISP shenanigans (a few years back, some of the big ISPs would actually attach/inject a unique ID onto each HTTP header being sent up.) A VPN stops that hanky-panky cold, although in theory, they could do it... but if it were found out, it is a lot easier to jump VPN providers than last-mile ISPs.

I'm not hiding from anyone. I just like my privacy and all of what you just said. I don't think anyone could argue your point.

Re:VPN maybe?

[arth1]

A VPN combined with an anonymizing and caching proxy.

This, ironically, makes http more secure than https if you consider the server operator the potential bad guy. The proxy server can cache the data and not be forced to disclose that someone else is asking for the content. This is one of the reasons I oppose switching everything over to https. Enforcing https makes it easier, not harder, for web site operators to track you, which is why Google wants it so badly. It helps thwart listening in, but in my experience, that's not the major problem today.

Re:VPN maybe?

[cyberzephyr]

I never thought of it that way.

Let's revise that quote

[brwski]

Rather than, ""Every single link to non-trusted websites should open, by default, in a Private/Incognito window," it should read, ""Every single link should open, by default, in a Private/Incognito window." In fact, there should be no way for a website to determine where else you've been. Sandbox everything; it's the only way to force advertisers and tracking companies to do things differently.

Re:Let's revise that quote

[mark-t]

Better yet, the default behavior should be a configurable option in browser preferences. Make it an end-user choice.

Re:Let's revise that quote

If you do that, the website owners will simply retaliate by requiring you to explicitly accept cookies each time you visit. And it's no use saying "well I'll go elsewhere then", because they'll all do it.

If you push them too far, they'll push back.

Re:Let's revise that quote

I second the "sandbox" proposal. For me sandboxing means using several browsers and incognito mode for all critical apps.
E.g., I try to keep email separate from browsing and certain web applications so they don't sniff each others cookies. (Does that make sense?)
- One browser for gmail and other google applications in incognito mode (Chrome).
- A second browser for surfing stuff I want to find back in normal mode. (Firefox)
- A third browser for online banking, also incognito mode (OS specific browser, depending on my machine)
- Tor browser for stuff I think it's no one's business which IP address I have.
Ideally one should use Tails OS or Qubes but this is what I can do in paranoid mode on a Debian installation. The whole thing is useless of course if you use all kinds of apps on a mobile phone, I guess.

Re:Let's revise that quote

I just use two browsers : Firefox Developer Edition and Firefox. Looks like I could create a new Firefox profile for webmail. Firefox makes that easy enough, just have a different lay out (e.g. no search nar) in the "special" browser, a background picture in the menu/tool bars, lasty Firefox task bar icons for open windows are blue with the Developer Edition, regular orange and light blue otherwise.

Re:Let's revise that quote

[allo]

try:
chromium --user-data-dir=$HOME/mysecondprofile
firefox -P secondprofile # user --ProfileManager to create one

or app modes:
epiphany --application-mode
midori --app

I live in Private mode

And yes an improved private mode would be a good thing.

We dont need a better private mode--

[wierd_w]

We need a better social dynamic where the forces of greed and graft aren't out to secure everyone's dirty laundry for big profit. (you know. Extortion, blackmail, protection rackets, basically what the NSA is out for, along with the basic "Oh, you like porno with big giant dicks in it? We offer a wide assortment of novelty giant dildos for you to buy! Isn't that GREAT!?" that seems to have infested the internet lately.)

I may be a greybeard by today's standards, but I remember when the internet was more about community, sharing news and jokes, and intellectual pursuits. Eternal September was the death of the internet. What we have now is a superhighway of advertisements directed into your eyeballs, and automated grabber arms reaching for your banking information.

Re:We dont need a better private mode--

[Voyager529]

Eternal September was the death of the internet. What we have now is a superhighway of advertisements directed into your eyeballs, and automated grabber arms reaching for your banking information.

In a somewhat-amusing irony, Usenet is much more usable now and has basically-no spam anymore.

Re:We dont need a better private mode--

[CaseCrash]

Eternal September was the death of the internet.

I too enjoyed telneting into text worlds and using archie to pull scholarly papers. (That is not sarcasm btw).

But the Eternal September is what brought us all the kickass internet stuff we have now. Without the influx of users it would be basically useless.

Re:We dont need a better private mode--

But the Eternal September is what brought us all the kickass internet stuff we have now. Without the influx of users it would be basically useless.

What kickass stuff exactly? Facebook? eBay? ...?
What of those do we need, and didn't exist in one form or another before?

Re:We dont need a better private mode--

[mlts]

I would disagree for the most part. The only real gain we have had would be plain English search engines like Google.

Twitter? That's what IRC is for.
Someone's wall? That is what a .plan file is for and finger.
A blog? Web page.
Local stuff? NNTP groups.
Stuff worldwide? More NNTP groups.
Pr0n? alt.sex.cthulhu

Social networks don't give much other than being one place with a consistant UI. Even worse, unlike USENET where even if someone is a total asshole, their voice is read until people stuff them in the killfile, private social networks have free reign to allow or stifle discussions as they see fit, to the point of trying to affect elections.

Oh, can't forget ads. Before Eternal September, websites had no problem existing without requiring full page, Flash ads which often served up malvertising. Now, so many site owners wring their hands when someone security-minded uses an ad blocker (other than Trojans, malvertising is the #1 source of infections, so it is a matter of security not freeloading.)

tl;dr, there really have not been that many advances since Eternal September that have been actual groundbreaking items. Search engines and analytics coupled with Big Data is the only thing. Everything else is just reinventing the wheel to treat subscribers as the product.

Re:We dont need a better private mode--

[AmiMoJo]

Twitter? That's what IRC is for.
Someone's wall? That is what a .plan file is for and finger.
A blog? Web page.

I don't think you really understand what those things are for...

Twitter: Permanent (or at least lifetime of the account) and searchable, where as IRC is at best loggable somewhere.

Wall (facebook?): Searchable and networkable, where as .plan and finger don't create any social links unless you include a list of other addresses you know.

Blog: Easier to use than a web page, you can throw in images with a click or two and comments/spam are handled for you. As much as blogs are derided they did a lot to democratize the web and allow ordinary people to publish on it.

Re:We dont need a better private mode--

Spam-free??? Can you give an example? Last time I checked (it *has* been a while) misc.rural, comp.lang.pascal.borland and others were a cesspool of spam.

Re:We dont need a better private mode--

[Voyager529]

Spam-free??? Can you give an example? Last time I checked (it *has* been a while) misc.rural, comp.lang.pascal.borland and others were a cesspool of spam.

The first thing to note is that a lot of spam is quite old. It's not at all uncommon for unused groups to have a lot of spam listed from ten years ago, if you're using a provider that has 2,500 days retention or something like that. Imagine how much spam your inbox would have if you scrolled for ten years and neither deleted anything nor had much in the way of filtering at that time. I'm not saying it doesn't still happen, but 'sort by date' is your friend.

That said, comp.misc has lots of active users, as does alt.comp.os.windows-10 and alt.windows7.general. If you're of the non-Microsoft persuasion, alt.os.linux.ubuntu is pretty active, as is alt.os.linux.debian, comp.unix.bsd.freebsd.misc, and comp.mobile.android. I'll concede that none of the Pascal groups I looked through seemed to be anywhere I'd like to actually invest my time. On the non-computer related front, rec.arts.drwho.moderated gets reasonably active during the broadcast season, and misc.legal.moderated has some really interesting discussion regarding case laws and has a number of actual-lawyers who participate.

Yes, virtually every topic one would potentially look at on Usenet has a metric ton more activity on a comparable vBulletin forum somewhere. Much as the 'Eternal September' is still referenced here and there, the masses seemed to have left Usenet and camp out on Facebook and Twitter, leaving a much smaller group of technically inclined people an experience reminiscent of the early days once again.
Eternal September provides free text-based NNTP access, with most paid providers providing block accounts for which even the smallest block will likely provide years of message board activity.

It's More Complicated Than That

[bheerssen]

Better private mode browsing would be a great help, but there's more to that when protecting your identity online. For one thing, private mode browsing is meant to protect your history on your local machine, not across the internet. Secondly, unless you are willing to browse without the aid of javascript and cookies, there's no way to stop web site operators from tracking you. Sure, you can stop cross site scripting, but you can't stop one website from sharing your cookie data with another website, or any other data they can garner.

So do you want to be truly anonymous? Use the Tor Browser, never use javascript, turn off cookies, and enjoy your sterile internet.

Or, you can accept a certain amount of risk and enjoy a rich, vibrant internet experience.

(I don't mean to disparage the Tor browser, it's a great product and I use it for some things.)

Re:It's More Complicated Than That

If I'm just browsing (as in reading articles and not exposing any personally identifiable info), then VPNing into Witopia or other proxy gives great anonymity without loss of functionality. Even forum logons are no problem using proxied emails and a simple fake Disqus and Facebook account.

After your IP is taken care of then adjust the browser...ad blocker on (ublock origin), disable third-party cookies, auto-delete cookies on exit and...boom, Bob's your uncle.

No need to disable javascript or use ghostery or anything else. Just doing those simple things screws the advertising tracking and allows you to "enjoy a rich, vibrant internet experience".

Just wanted to chime in since it sounded like you were posting from the viewpoint of an online marketing company or other ad agency.

I'm Covered

[Voyager529]

NoScript with only first party scripts allowed by default, and a handful of CDNs whitelisted. CCleaner Pro cleans up all of my browser activity every time I close it. Untangle denies connections to ad servers and trackers at the firewall level.

Am I still being tracked? Probably...but the information obtained is much less juicy. I haven't seen an ad 'follow me' around the internet in quite some time.

Re:I'm Covered

You know Firefox has a built-in option to clean your data when you close it, right ? Why CCleaner ?

Re:I'm Covered

[Voyager529]

I bought the CCleaner suite really for the SpaceMonger application; CCleaner was just a very useful bonus. The real reason I use it, though, is because it covers all of my browsers. I'll have Firefox, Chromium, Opera, and Internet Explorer all open at the same time; I don't get caught up in browser religion. Thus, CCleaner covers all bases, and I don't have to think about it.

This Article is Ignorant

[The+Raven]

Chrome Incognito and FireFox's Private Browsing are functionally identical. The caveat that the author highlights is how the Internet works. Of course sites have a record of your visit... they have to, to feed you the page! The disclaimer is to make sure that people know Incognito mode is like wearing an Anonymous mask, not like being invisible. And if you go up to an ATM dressed like V, but get money out of your credit card, then obviously the bank knows who visited the ATM despite the mask.

This basic ignorance of how cookies work is pervasive.

Private browsing opens your browser in a blank-slate mode. Generally, no plugins, no cookies. That means Amazon doesn't know who you are, so you can't one-click buy. Your news-reader makes you log in again. It takes longer to access your email because Gmail makes you log in and re-affirm your authenticator. Your ad blocker is disabled. Your CSS fixing plugin is blocked.

This is not how I want to use my computer, logging in to every single site every single time I visit despite being on a trusted device. We have plugins and cookies for a reason, because they make the Internet a more useful tool. They also have nefarious uses, but saying that the Internet should throw out all convenience to maximize security is ignorant of the reality that people will just switch to the more convenient browser.

What we need is not a better incognito mode, but for tech journalists to stop pontificating about technology they do not understand.

If you really want to improve your anonymity online there are plugins that allow you to whitelist 'safe' cookies, and trash or block all the others. That plus plugins to block third-party widgets allow you to get 99% of the functionality from the Internet with only 1% of the spying. But these plugins take work on your part, to identify what sites and cookies you trust. Most people are too lazy. And the browser has no way of knowing for you. For example, I may want Amazon to remember me so I can buy with one click... you may not because you don't trust Amazon's tracking of what products you look at. The browser shouldn't be deciding that for you, but making choices like that for every site is a pain few users will bother with.

Re:This Article is Ignorant

[nadass]

What we need is not a better incognito mode, but for tech journalists to stop pontificating about technology they do not understand.

Exactly. There's nothing to read into their ramblings except that, as journalists, they have daily/weekly story and word count quotas.

Re:This Article is Ignorant

[Zumbs]

Private browsing opens your browser in a blank-slate mode. Generally, no plugins, no cookies.

Then you need a better browser :-) When I use Firefox for private browsing, NoScript, AdBlock and Ghostery are still very much active.

This is not how I want to use my computer, logging in to every single site every single time I visit despite being on a trusted device. We have plugins and cookies for a reason, because they make the Internet a more useful tool.

I mostly agree there. However, private browsing does allow me to start a session, e.g. to search for regular goods on the internet (because many webshops do require that I allow javascript to run), and clear any cookies and history during that session when I close it.

Re:This Article is Ignorant

[Z00L00K]

I think that the current browser model needs to get refreshed where cross-site cookies and similar stuff shall be killed off in the browser much like what Ghostery do. However some sites are a problem since they have different servers for serving images and the text content. Mostly found on some news sites.

Re:This Article is Ignorant

[AmiMoJo]

There is a good argument for making private browsing the default though. For example, reject all cookies by default and have a whitelist requester when the browser notices you are logging in. Many browsers already offer to save your password for you.

More over, if major browsers started to enforce typical privacy enhancements by default, like blocking third party JavaScript, it would force sites to make sure they work without those things.

Something like Privacy Badger could be built in to, automatically blocking things that appear to be tracking you too. Like anti-virus for piracy.

Re:This Article is Ignorant

[lambsonic]

Actually, you are the one who is ignorant of how cookies work. Mozilla already has a bug documenting what this guy is asking for, which has several proof-of-concept implementations, one of which is already used in the Tor browser. I implemented vertical and horizontal browser data isolation in about a month in my spare time. Mozilla has finally started working toward this with their isolated tabs. The next logical result will be isolated origins. The change is inevitable. And get this: third-party cookies still work. They are just isolated to the origin domain. You can still use single sign-on, but it becomes one sign-on per origin. You stay logged in for as long as you want. Your browsing habits just stop becoming trackable. Also, browser fingerprinting is a defeated technology. Just randomly rotate between common values, and noise is added to a non-unique signal. The only thing left is IP address tracking, which can easily be defeated by VPNs, or any form of IP masquerading. Tracking on The Web is dying because it is all moving to third-party app monetization libraries, and that is where all of the money is now.

Re:This Article is Ignorant

I don't think so. We currently don't have the option so of course we don't mess with it. The "solutions" you mention don't really solve anything and take more time than the suggestions people have. We need cookie security in the hands of the users. For example a browser would both disallow cookie placement and cookie viewing by default. One could then allow cookies from websites in a manner similar to the option to keep a password for a particular site. These cookies that have been accepted by the user would only be viewable by the website that presented the cookie. All others would not see or know if any cookies are present. If we can associate a pwd with an address and not show that password to every website visited then we can do the same with cookies. Just basic cookie security. It would be easy to manage by users. Having to present papers showing our movements on the net is invasive and absolutely unnecessary for the internet to function. It would leave the creeps and dregs without much to abuse as far a cookies are concerned.

Re:This Article is Ignorant

[houghi]

I do not hgave an issue with them knowing what I do on their site. I jave an issue that they have a view when I am NOT on their site, but on another site.

Facebook is pretty bad at this and the other one is Google.

Besides that I hate it that they suggest things for me. 95% of the time it is an item I just bought. I just bought it. No need to buy it again. The other 5% are things I absolutely do not want, otherwise I would have bought them.

However what REALLY is needed is not allowing the data to be used in any other way outside of that website/entity. So Google can only use it on google and not on YouTuve. Ads from Google on e.g. /. can only be used on /.

I am well aware that companies will not want to agree with that and thus it will never happen as it will be in interest of the consumer, it is not in interest of the companies. Yes, I am that biiter.

Re:This Article is Ignorant

[AmiMoJo]

One trick I use to get lower prices is to find a product I want, the switch VPN end point and look at the same thing in a private browsing window. Don't just copy/paste the URL, there are probably identifiers in it, just go to the shop's main page and search.

Often being logged out and an apparently new customer gets you a better price. Sometimes it helps to use referral links from comparison sites like Google. Once you have seen the lower price you can add it to your guest basket and then log in.

A nuanced problem

[PhantomHarlock]

This is an interesting issue because it's become so complex. To browse privately and still allow a website to function has become a difficult prospect.

You want each website to work, but you don't want any cookies or other data from one site to be able to be read by another. So individually sandboxed pages and cookies are the idea. Even if you block third party tracking cookies, other sites might be looking for cookies set by other discreet sites, not just cookies from tracking firms. The problem is so many sites use third party services for photo and sometimes entire article syndication that it's very difficult to tear everything apart. It's almost a case by case basis.

The worst offenders are news sites. Browsing with noscript, the list of third party URLs sometimes scrolls off the page. It can be difficult to pick through the content and find the correct one to enable an embedded video to play, for example.

For now I browse with noscript and adblock plus and occasionally private windows, but noscript is not an option for anything but serious enthusiasts who are willing to pick through all the trash to get what they want.

Browsing without an ad blocker and noscript on most sites is like sex without protection. You might be looking on that one day when a mainstream ad network has become infected with malware, and oops, you're fucked! I'm not against advertising but how you can trust any of it when so many ad networks have been compromised in the past, repeatedly?

Ghostery does this

[DogDude]

If you're concerned about tracking, just install the Ghostery extension. It takes care of this.

Scripts

[RandomFactor]

I run incognito on occasion, but as a rule i'm on Firefox+NoScript+ABP and not actually in 'Private' browsing mode.

I suspect this leaves me much more trackable, but if i am browsing untrusted sites (read:ANY sites), i am way more worried about remote 0day compromise of the week than i am tracking.

Still, if i could auto-incognito and whitelist from that mode or cognito-reload at will (without enabling anything else) I would likely add that to my mix. But again, i run scripts disabled all the time so i'm willing to be a bit more involved in my browsing than most.

Bigger issue: Private mode only affects history...

It doesn't affect cross window cookies and other items that people should be concerned with. Unless you close the browser completely, private mode holds session data for the length of the browser instance. Meaning you are leaking all kinds of data at the very least on a per site, and likely on a cross site basis any time you don't full shut down the browser between websites which might carry over session information.

You don't have to believe me, go test it for yourself with a site that has session cookies. Close your private window without logging out, open a new private window and see if you get a new login page, or a return to your previous session.

Privacy mode is one of the most dangerous misfeatures added to browsers today because it gives a false sense of security without offering any of the features that 'common knowledge' assumes it has.

Feed your brains bitches. It's the one way to fight back against the system.

better name?

[surd1618]

Given that many users don't know the difference between 'privacy' and 'security', I have taken to calling it 'amnesic' or 'forgetful' mode instead.

Trust and Compromise

Nothing prevents anyone in the path from analyzing and tracking your traffic. Don't pretend common CAs haven't been voluntarily, transparently compromised. You have no way to verify.

Do you trust your ISP? Do you trust their peers? Do you trust the telcos? Do you trust the service provider?

I Use Multiple Profiles

FWIW:

I have about 10 different firefox profiles and a menu widget to launch them individually. Most are divided by task - one for all my banking, another for managing utility bills, one for "window shopping," another just for making purchases when I know exactly what I want, another for gmail (actually two different profiles for different gmail accounts), another that has no disk cache configured and wipes everything on exit. I also have two profiles for completely fake identities that I have very lax security on so that they are deliberately tracked. They are like "cover identities" - better to give the trackers something that they think is real than to look suspicious by trying too hard to avoid tracking.

All the profiles have different sets of extensions (although 90% of the extensions are common across all my profiles). Beyond the basics like Adblock, NoScript, Requestpolicy, and Self-Destructing Cookies I also use extensions like Random Agent Spoofer and Canvas Defender to give each profile a different "fingerprint."

Also I use the PrivateInternetAccess VPN because it lets me switch IP addresses at will, so whenever I fire up a new profile I also switch to a new IP address. I am looking into setting up a bunch of outbound proxy servers, each one bound to a different VPN tunnel so that each profile can get a persistent but unique IP address. I've just been too lazy to put that together yet.

All in all it is a PITA to set up, but once everything is in place it is pretty easy to use. The one thing that really increased usability was to set each profile to have a different theme, so that it is hard to make the mistake of using one profile when I thought I was using a different one.

Re:I Use Multiple Profiles

[TeknoHog]

I have another user account for browsing Facebook and other toys. This account doesn't have sound card access, so it also helps with FB notifications. There's practically no setup at all.

Re:I Use Multiple Profiles

[toonces33]

I have one without flash, which is the one I use normally. But yes, one can do such a thing.

If you were really paranoid about snooping, I guess you could set up a Linux VM and browse from there. Roll it back or blow away the profile from time to time if you wish.

Re:I Use Multiple Profiles

[Misagon]

That's how it should work. And yes, the problem is making it easy to create a new profile.

I have long requested that each private browsing window be its own private session, with no sharing of cookies between them.
What if we would start with that, and create new "profiles" from "private browsing" sessions: a single button could be used for "saving" a temporary session.

Re:I Use Multiple Profiles

FWIW the Tor Browser fork of firefox goes even further and automagically segregates cookies by the current URL. So if you are on espn.com, all the embedded trackers on therre will get cookies from the "espn.com cookiejar" and then if you go to disney.com all the embedded trackers there will cookies from the "disney.com cookiejar."

Default to fake all PII

Whatever browser mode has by default, needs to fake out various values containing user traceable value, and route via tor by default.

For sites where you Want tracking, say a sports sign up site, or Amazon, you turn off the default.

It cannot just block. It needs to fake em out. Same for apps on mobile. Say yes to camera, local storage, etc. But then fake em all out by default.

Re:Default to fake all PII

It would be nice if this was the default but it'll never happen because there's a huge conflict of interest. Chrome is a Google product, Google is an advertising company, they would never allow faking out trackers by default. Firefox used to get its funding from Google and now gets a lot from Yahoo, another advertising company that would never allow faking out trackers by default. And Edge, if it's worth mentioning, we all know how Microsoft feels about tracking and telemetry these days.

What we really need is a viable browser that isn't owned or sponsored by advertising companies.

Re:Default to fake all PII

[toonces33]

The amount of work involved in maintaining your own browser is quite substantial. Even if it is just a fork of Firefox with a handful of things turned off.

There are a handful of other browsers that are out there - I don't know how well they deal with all of this stuff.

start by blocking google analytics

just by blocking google analytics you get up to 4sec faster pageload (1mbps wifi b).

all crossdomain scripts should be blocked by default (ideally all crossdomain resources)

crossdomain flash & videos would become click to load/play
crossdomain images would become click to load/view
and the bigges security issue of the web; crossdomain scripts would hopefully be blocked away...

also Third Party cookies

[tomhath]

There's no need for them, all they do is allow tracking. Of course there are other ways to track, but 3rd party cookies are the biggest offender.

A bit late.

Even Mozilla already knows this, and has been working towards a solution: https://blog.mozilla.org/tanvi/2016/06/16/contextual-identities-on-the-web/

And we all know how terrible and worthless Mozilla is.

The day I noticed the browser ain't my ally

Firefox here. For a lack f a better alternative. The day the user preference to disable javascript disappeared, I was royally pissed off. The day the user preference to disable cookies hid behind an obscure about:config mumbo jumbo I noticed: no, not my allies.

After all, most of their money come from ad industry, so what should I expect?

That day with pocket was just confirmation of something I knew already.

Firefox. I use you, But I don't love you anymore.

Re:The day I noticed the browser ain't my ally

After all, most of their money come from ad industry, so what should I expect?

Did you expect the makers of a free product to work for decades for nothing? This looks like a disadvantage of free software -- the actual users are treated as second-class citizens while the company that pays for the software gets better treatment. Would we have this problem if Mozilla charged $5 for Firefox? Very likely not.

Re:The day I noticed the browser ain't my ally

have a look at umatrix, it gives you boh the cookie and js options (amongst others)
in addition it makes those settings per-domain for even more control

We try to make it better

[isj]

<plug>
We (privavore) are creating a fork for Firefox. (privafox.) By default we change all cookies into session-only. But with twists:
  - persistent cookies are allowed for sites that you provide a password to. The assumption is that if you log into a site the you probably want your shopping cart retained, and that by logging in you realize that the site will keep track of you. But we don't allow 3rd-party cookies.
  - workarounds for the EU cookie consent (in progress). By disallowing cookies by default you will get the "we use cookies to improve your experience" prompt.
  - user-agent is fixed (in-progress). That makes it a lot more difficult to distinguish different users behind the same ip (NAT).
</plug>
Both firefox' and chrome's private browsing mode leaves something to be desired. But that's ok.Their developers focus on creating the best browser. We just provide "after-market" customizations. Not for you, but for your less tech-savvy parents.

Re: No, we need to stop doing illicit things onlin

Or close your eyes when you browse, nobody can see you.

Addons to Block Cookies,Analytics,WebBugs&Trac

Block all tracking via cookies, analytics, web bugs and trackers:

Use Firefox in normal mode with the following addons:
CanvasBlocker
FlashStopper
HTTPS-Everywhere
NoScript
Privacy Badger
Random Agent Spoofer
RefControl
RequestPolicy Continued
Self-Destructing Cookies
ShareMeNot
uBlock or Adblock Plus

I won't post how to be fully invisible BUT

In general, surf your porn in Linux on an older version of Tor with your clock set goofy.

Virtual machine even better.

You can also burn a CD of Tails and use that for the butts. If you never noticed, cam site all TRY to connect to gstatic (Google) and yes it is tracked. Use NoScript and uncheck all boxes under ABE, and remove all from the box of pre-allows on the XSS tab.

Start there.

https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections

After that, go to
https://panopticlick.eff.org/

and
http://browserspy.dk/

Google being the US Government cunts that they are, got browserspy.dk to contact gstatic if you let it. Keep it blocked while you check.

use duckduckgo.com or the .onion version here http://3g2upl4pq6kufc4m.onion/

Other stuff but I won't tell you, find it.

On the other hand, if you think "private browsing mode" matters even in the slightest, learn this now. Google sees your banking, your porn, etc.

Re:I won't post how to be fully invisible BUT

This is the only (newest of the only) Tails safe to use.

https://kat.cr/tails-1-4-1-i386-iso-multilang-tntvillage-t10922671.html

http://i.imgur.com/QLGyQYf.jpg

sandbox the cookies

I would prefer to sandbox each site i goto so i can look for those tightie whities and then browse othersites in peace. Thats all I really woukd want... Maybe charge to store cookies or to track my ip address

Wadda ya use ...

In a Qube ... https://www.qubes-os.org/tour/

Firefox Containers

In Firefox Nightly Build you can use containers for different things. They are totally seperated from one another.
Not sure if it will come to Stable Build in the future, and I'm also not sure if you can create your own containers or just use the default 4-5 in their example.
But this way you would get kind of real Private Browsing (In the meaning that sites are totally isolated from each other).

https://wiki.mozilla.org/Security/Contextual_Identity_Project/Containers

Re:Bigger issue: Private mode only affects history

Firefox clears all that when you close all tabs of that site in the private window.

Privacy Badger is better

[mister_playboy]

Ghostery's business model is that they prevent other trackers from tracking their users so that the tracking data gathered by Ghostery itself is more valuable.

There is no need to compromise with commercial interests on this subject. Use EFF's Privacy Badger instead.

Cookie whitelist

[mister_playboy]

Preferences / Privacy / Uncheck Accept cookies from sites

Then click on Exceptions and build a whitelist of sites you do want to allow cookies on... probably just the sites you login to. Sites that require cookies to show you content can be placated by allowing them cookies that only last for the browser sesson.

Should be the last piece of the puzzle for ya. :)

Re:Cookie whitelist

[allo]

settings: allow cookies until firefox is closed
install cookie culler and "protect" cookies you want to keep
install self destructing cookies and whitelist the pages with protected cookies (and some with cookies, which should survive until you close the browser, not the tab)

VPN for Private tabs

[locopuyo]

Opera already has a built in VPN option for private tabs.

Re:VPN for Private tabs

[Bristol_92]

It's vital to choose a VPN provider you trust, and who keeps no logs of your internet activity. If you are concerned about privacy then you should never pick a VPN provider who keeps logs.

complete security

that browser feature sits on a metric fuck ton of browser code, sitting on a metric fuck ton of modern featureful OS code, sitting on a metric fuck ton of closed source firmwares/bios/uefi, sitting on a metric fuck ton of closed source hardware made my manufacturers in China that don't give a rats ass about you. Yes, your idea for a silly little browser feature is going to save us from the surveillance apocolypse. Learn to be helpless.

Paid vpn

Done.

Different profiles for different purposes

[grilled-cheese]

Both Firefox and Chrome have the concept of different profiles/users. If you need to separate your personal ad experience from your professional one, just split your browser in two with a different profile. This means all your plugins/cookies/history get loaded into a different sandbox all together. It can still be separately fingerprinted and tracked, but it does separate it.

Re: No, we need to stop doing illicit things onlin

And luckily, you have total control over all people, thus preventing others from leaving info online about your person ðY

5 necessary addons

Browsing at least in somewhat private is actually a lot of work. A lot more than most people are willing to put up with. The reason I use Firefox for this is because no other browser has the addons necessary to accomplish this. The addons that I use are:

• Self-destructing Cookies - Takes care of tracking cookies and other temporary measures used to track browser
• NoScript - Makes sure that scripts cannot execute where I don't want them to
• RequestPolicy Continued - Allows me to control what third party sites can see my access to the website
• uBlock origin - Knows better than me which resources to block even from sites I've enabled in RequestPolicy
• SmartReferrer - Prevents using referrers to gather information about me

While SmartReferrer hardly needs any site specific configuration (leaving it at direct hit mode), the other 4 require configuration on site by site basis. This can make browsing really cumbersome and requires putting extra thought and time for each new website you visit. Also, sites like Reddit that load a lot of external resources can also become a pain to use. However, this is the only way I feel that I'm at least in somewhat control of what my browser lets others to know about me.

Of course, there's still the matter of not being able to control my IP address, but that could be taken care of with the use of VPN. The crux is, however, I don't see how most of this could be automated and as long as it cannot be, the private browsing does not really provide all that much benefit.

Secure browsing?

[sgunhouse]

Obviously they mean secure, not private. Really, no one cares what I do online - I'm rather boring - so I don't care (much) about tracking. But there are times when I'd like to be even more anonymous. And that's easy enough - it's called a VPN.

Given that I'm only aware of two browsers with a built-in VPN, I have to ask - are they working for that Tor browser (based on Firefox) or for Opera (based on Chromium) ... or have they been in a cave somewhere and never heard of either?

Most of these features don't do much

Chrome is pathetic with Incognito mode. About all it does do is not save your history. Every thing still goes to Google, and true private browsing would actually include a Tor browser like function in which your IP address is hidden and tracking is completely disabled. Of course this is why internet providers like Comcast hate a browser like Tor. They would rather have users only think they are browsing in private. There are browsers out there that actually do what they promise but it ain't one of the top 4.

Block trackers easily via hosts

APK Hosts File Engine 9.0++ SR-4 32/64-bit http://www.bing.com/search?q=%...

Less power/cpu/ram + IO use vs. DNS/routers/addons/antivirus (slows you) + less security issues/complexity. Compliments firewalls (w/ layered drivers blocking less used IP addys vs. hosts blocking more used domains) & DNS (lightens dns load). Gets data via 10 security sites.

Ads rob bandwidth/speed, security (malvertising), privacy (tracking) + anonymity.

Hosts add speed (hardcodes/adblocks), security (bad sites/poisoned dns), reliability (dns down), & anonymity (dns requestlogs/trackers) natively. Hosts != ClarityRay blockable (vs. souled-out to admen inferior wasteful redundant slow usermode addons)

Works vs. caps & HTTP PUSH ads w/ firewalls.

Avg. webpage = big as Doom http://www.theregister.co.uk/2... & ads = 40% of the size.

APK

P.S. - Safe https://www.virustotal.com/en/... (Verified by Malwarebytes' S. Burn "I've seen the code & it's safe" http://forum.hosts-file.net/vi... )

Re:Block trackers easily via hosts

+1, good to see you on-topic, APK.

Chromium

Solution: Use Chromium's "Open a New Window With Temporary Profile" feature. This is a problem that's already been solved.

For the utmost safety...

I use a full body condom when browsing.

Privacy Browser

[sorenstoutner]

Privacy Browser is a web browser for Android designed to address this very issue. https://www.stoutner.com/priva... There is a planned feature to do exactly what the submitter requested, "Every single link to non-trusted websites should open, by default, in a Private/Incognito window." https://redmine.stoutner.com/i...

Firefox private Profile

[allo]

See https://ffprofile.com/ to create a secured profile. See the github link to contribute with own ideas.