Private browsing ‘not so private’
By Tom Brewster,
Private browsing does not offer complete security from determined attackers and more needs to be done to offer stronger protection, a report has suggested.
Looking at Safari, Firefox, Google Chrome and Internet Explorer, researchers from Stanford and Carnegie Mellon University found each browser leaked user data in differing ways during or after private sessions.
One problem is operating systems often store certain DNS data. An attacker with control over a user’s system can look at the DNS cache post-browsing and learn if and when the user visited a specific website, the researchers explained.
“Thus, to properly implement private browsing, the browser will need to ensure that all DNS queries while in private mode do not affect the system’s DNS cache,” the report said.
“None of the mainstream browsers currently address this issue.”
One experiment showed how URLs of visited websites had been stored on the computer’s swap file, despite privacy being on, along with links in those pages and sometimes even text from a site.
“A full implementation of private browsing will need to prevent browser memory pages from being swapped out,” the report read, again noting none of the mainstream browsers do this.
Researchers also showed how many popular browser extensions undermined the security of private browsing.
“Browser add-ons… pose a privacy risk to private browsing because they can persist state to disk about a user’s behavior in private mode,” the report claimed.
“The developers of these add-ons may not have considered private browsing mode while designing their software, and their source code is not subject to the same rigorous scrutiny that browsers are subjected to.”
The study paper, due to be delivered at the Usenix security conference next week, also found private browsing was used more frequently in services which used “subtle private browsing indicators.”
“Safari and Firefox have subtle indicators and enforce a single mode across all windows; they had the highest rate of private browsing use.”
Unsurprisingly, the report showed how private settings were used more often when searching porn sites than when looking for surprise gifts.
You may also like...
Sponsored Links
advertisement
You may also like...
Latest Private Cloud Analysis & Insight
IT spending: recession "knocking at the door"
Inside the enterprise: Gartner argues that European IT budgets will be under pressure next year, and CIOs need to be prepared.
- Michael Dell: Back from the brink?
- Where will cloud computing take enterprise IT in 2011?
- The growing importance of cloud standards
- Can we ever trust the cloud?
- How businesses can use the cloud today
- Cloud computing: three definitions
- How the cloud will change the way your business works
- Business risks when moving to the cloud
- Horror stories: when the cloud goes wrong
advertisement
Most popular
- Will someone rid me of these troublesome Macs?
- Symantec hackers: We've released pcAnywhere source code
- BT considering Ofcom price cap appeal
- Google sends in Bouncer to sort out malicious apps
- ACTA: the basics, the controversies, and the future
- Trendnet firmware flaw exposes private videos
- Anonymous publishes FBI hacking call
- Head to Head: Mac OS X 10.7 Lion vs Windows 7
- VeriSign admits 2010 hack
- Nokia Lumia 710 review
Latest News Videos in Private Cloud
Cloud computing explained
PlayWhat is cloud computing? This video provides an interesting take on what this new model of computing can offer businesses.
Register for IT PRO
You'll get exclusive member benefits including free whitepapers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
