Feeds

back to article Private browsing modes in four biggest browsers often fail

Features in the four major browsers designed to cloak users' browser history often don't work as billed, according to a research paper that warns that users may get a false sense of security when using the built-in privacy settings. The private-browsing modes are supposed to allow users to visit a website without leaving any …

COMMENTS

This topic is closed for new posts.
Anonymous Coward

Watch the IE8 ad where the chap is buying his wife a "gift"

and imagine instead that he's looking for smut: it's almost amusing.

Anyway, a better way to keep people from snooping your history is for everyone to have their own accounts in which they can do as they please. I also make use of Mac OS X's Guest Account when someone wants to, for instance, quickly check their email: as soon as they're done, all tracks are erased.

0
0
Silver badge

And the gift was...

A rubber gimp outfit and enema bag accessory.

0
0

Re: Watch the IE8 ad where the chap is buying his wife a "gift" → #

> and imagine instead that he's looking for smut: it's almost amusing.

Isn't that the point of the advert?

I.e. a the minds of all the husbands watching suddenly get transfixed thinking of pron, and the wives' get transfixed thinking of presents.

0
0
FAIL

Another good use of funds

"The researchers said that to the best of their knowledge they are the first to demonstrate a way to detect private browsing mode"

And how exactly does this matter to the website? Why would a website want to know if a user was browsing in private mode? It's more useless than detecting if a user has Javascript or cookies disabled.

A good waste of cash if you ask me.

0
1
Thumb Up

Don't forget "flash cookies"!

The complete solution, and it protects you against malicious script.

Ta Da!!!

http://www.sandboxie.com/

I reccomend very highly!

Oh, did I mention it's free...

0
0
Black Helicopters

IE ad

I was rather amused at the Internet Explorer ad going on about "buying a present for the wife" when everyone knows that 95% of the time it's going to be used for hiding porn browsing and/or dating sites, 5% for shopping for "surprise" presents for the SO.

2
0
Silver badge

pfffft!!!

5%, yeah right ;-)

1
0

Yeah right....

"when IE and Safari encounter a self-signed certificate, it is stored in a certificate vault that is preserved even after the private session ends."

Like the donkey porn sites you dont want your wife to see have self signed certificates!

Erm, i am not talking about my wife... it's a mate's wife, yes that's it, a mate, not me, nosireebob.

Ahem

3
0
Coat

Private browsing??

So...you don't want your *mate's* wife to see that you've been browsing donkey porn but you're OK with your own wife knowing the explanation for your sticky keyboard...hmmm...

Just a shot in the dark but I suspect the inadequacies of private browsing may be the least of your problems!

Mines the one with the dark glasses and wet-wipes in the pocket...

0
0

Sticky keyboard?

Who said anything about a sticky keyboard? Have you not heard of cling film?

My mates say E-aww E-aww E-always uses it!

2
0

I've had bad experiences with Safari for Mac

I always update to the latest version. So often, when i've reset the browser and emptied the cache, I visit a website to find I am still logged in.

I'm seeking a browser that works 100% in this regard.

1
1

Opera?

So, Opera does not suffer from this problem, or was it not even tested?

8
0
Troll

Not even tested

But only because no one cares about Opera.

2
5
FAIL

Private modes often fail?

People using these private modes aren't bothered about forensic details like this. They're probably trying to avoid snooping parents/spouses rather than the federalis. With that in mind, private mode gets the job done.

4
0
Silver badge
Thumb Up

Yup

Pr0n modes are used just for that. Not for serious privacy concerns. It's to stop the only marginally tech-savvy wives from seeing which fetish you are into and which goats you are interested in meeting.

...

Apparently. According to friends.

...

Erm. Acquaintances.

1
0
Anonymous Coward

Indeed

I'm guessing no matter how private a browser claims to be, the contents of a site is sitting in memory, which means windows may decide to write it to the page file, which means a forensic trace anyway.

2
2
FAIL

Did they test Opera?

As it's tab-based Private Tab is by far the best implementation of Private browsing, where you can have private and non-private tabs.

6
0
Anonymous Coward

So long as you remember which tab is which

and don't reuse a regular tab for a search you wanted to keep private.

1
0
Thumb Up

Yeah... be careful!

I actually use Chromium (not Chrome) for private browsing and nothing else. Since I use Opera for regular browsing, don't want to get things mixed up...

0
0
WTF?

The obvious question

So Opera is ok? Or they never checked?

2
0

Re: The obvious question

A quick search of the linked pdf suggests they didn't bother trying Opera at all.

0
0
Go

Simple,

install at least three [free] track eraser programs and have them either run on a schedule or at start up. CCleaner is a good place to start; there are others. And of course there is manual delete too but that's so 20th century.

1
1
FAIL

Even these...

Don't work as advertised. Had to do a disk recovery once on a work colleague's computer and it's amazing what they leave behind...

I notified him that it would be prudent to stop, and that the boss considered evidence eliminators a grounds for firing anyway.

0
0
Anonymous Coward

If you want to hide what you've been up to

Get a knoppix boot CD. No log files, no cache, no nothing.

3
0
Silver badge
FAIL

But

Surely a user's browsing history is hidden behind their login password anyway?

(Unless they're in /etc/sudoers, in which case all bets are off.)

0
0
Anonymous Coward

or.....

find a wife that is into donkey porn as well....

3
0
Silver badge
Linux

What a load of fail...

Modern computers can boot from all sorts of odd little things, like SD cards and the like.

Modern operating systems, such as Ubuntu, can be installed on such, with "persistence" so stuff like wifi keys and passwords won't be forgotten each time.

Thus, if you want a true "private mode" for all your sick desires, boot up from SD card, browse, get your yayas and then restart back in Windows with the SD card safely in your pocket. That ought to be pretty spouse/parent-proof, and if questions get asked, it's a doddle to "format" these things in a digital camera.

This is, I should point out, not something I have a need to do, but come on guys - we're supposed to be smarter than the average grockle, we ought to have ways and means that are somewhat more foolproof than "Private mode"...

1
0
J 3
Coat

Which brings about the...

Is that an SD card in your pocket or are you just happy to see me?

(checking pockets)

0
0
Alert

But does it...

pass the latest MAC address tracking breakthrough? Your system will give up the MAC address of its gateway router for intensely delicious geolocation.

0
0

@Heyrick

Boot from the SD? Why not just use virtual machine, no need to reboot the main operating system.

0
0
Silver badge

Why not use a virtual machine...?

My main computer is an eeePC 901 which is just fine for normal use, but if you start trying anything funny (like an operating system within an operating system), it will struggle. Not so much with lack of processor power, but there's only so much you can do with 1Gb RAM and no swapfile.

Secondly, wouldn't a virtual machine risk leaving bits behind on the host's harddisc? Bits in fragmented files and such?

Nah, I think it would be quicker, safer, and more secure to run a completely different OS from an SD card. There doesn't need to be any evidence of this in the main system (in other words, no VM software), you just pop it in and boot from it. When you're done, shutdown and eject it.

0
0
Thumb Up

Virtual machine anyone?

Would it not be just as easy to start a virtual machine under something like Sun VirtualBox, do your "essential" surfing then destroy the machine in its entirety afterwards? By "in its entirety", I mean blat it from the config, any virtual disks, etc.

Just floating that one out there as it's what I do and have thought it to be pretty secure. Although, currently downloading "Sandboxie" to give that a try. Nice one "Anonymous Coward - Don't forget "flash cookies"! #"

0
0
Silver badge

Put one and one together.

Use a virtual machine system, but keep the virtual hard drive and so on on removable media (if you're extra paranoid, TrueCrypt it or something). The session cannot be loaded without the thing mounted, and once it's removed, who's to know it was even there?

2
0
Stop

Flash is the worst.

It keeps a history of every "gift" site you may have looked at:

http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html

0
0

Wow

Thats unbelievable!

Why would they do that?

0
0
Grenade

Totally believable...

Those settings so your movies display, your sound level is where you want it to be, where you were in the audio stream, your game score. You do know that information has to be stored somewhere, don't you?

0
0

Another idea ?

On UNIX one could set up a special user account and arrange the browser to run in the context of that while sharing the X-session (= rw group permissions for .xauthority, group = special user's group) with the real user.After a session the dedicated account's home directory would be wiped and restored into a default state (for default browsers settings and such) from an archive.

0
0

firefox -ProfileManager

Or, if using Firefox, you could just have a shortcut handy to start it with -ProfileManager, then create a fresh profile to use each time you want to do some private browsing, and delete it on next startup in this manner (or manually rm -rf the folder).

I do just this to be sure of nothing logging what I do when using web banking, or indeed if I simply want to test if some browsing problem is related to my normal profile, so use a blank profile with no addons etc.

I know chrome can be told to use a specific folder for its profile too, but it doesn't have the nice front-end profile manager that 'firefox -ProfileManager' gives you.

0
0
Linux

Bugs?

Whenever I read an article like this one where researchers are discovering vulnerabilities in browsers, I think to myself, "They filed the bugs for these, right?" I mean, if they really think they're doing valuable research, they'd try to fix problems they found, right?

0
0
Anonymous Coward

tool

wtf are you on about? -these people are not the browser's developers, and more to the point, this is not a vulnerability. unless you count your wife as a security threat i guess.

0
1
Joke

Yup...

... my wife is a security threat to the life expectancy of anything electronic the house.

0
0

The wonders of eCommerce

"Watch the IE8 ad where the chap is buying his wife a "gift" and imagine instead that he's looking for smut: it's almost amusing."

Could, of course, be a smutty gift he's buying for her. They even have those advertised in the back pages of The Grauniad 'Weekend' magazine on Saturdays, so that must be OK, surely....

Now remind me; which wedding anniversary is 'Latex'?

1
0
Silver badge
Happy

@Tim

All of them, if you play your cards right.

GJC

0
0
Linux

simples

Just stick your firefox profile on a ramdisk. On Linux that's as simple as symlinking to or mouting a tmpfs at ~/.mozilla

something like:

mount -t tmpfs tmpfs ~user/.mozilla

This has the added advantage that the old .mozilla will reappear as soon as you unmount it.

For the truly paranoid, you could create a new user with their entire home directory on tmpfs, which gets created fresh whenever they log in, just incase something like flash writes to its own directory.

You can even use the sux program to run firefox (or any other browser) as that user without logging out of your own account or closing your non-private browsing session.

0
0
Gates Horns

Firefox on Windows 7

in private browsing mode will still save a list of saved items to the 'recent' section of the Firefox icon's jump list.

Firefox may say you're in a private browsing session but it will still rat you out to Windows Explorer (who, as everyone knows is a loose lipped gossip & loose legged whore of the first order).

0
0
Grenade

Your browser will ruin your life in ten seconds

No problems with Opera then. Well especially if you turn on 10.60's on-demand plugins in "opera:config" user prefs section. With shipping webm support you don't need flash to get your porn on.

0
0
Bronze badge
Megaphone

I only use the feature for banking.

I said BANKING, you letcherous b*astards ;-)

My missus, who doesn't understand the feature, just watches pr0n inhibited. She finds better sites than me, FFS!

<BOFH>

Nice that when she's gone to work I get a chance to check her machine out...for essential upgrades, natch...

</BOFH>

0
0

Don't forget

if you're smut-despising other half is semi clued-up, to issue ipconfig /flushdns too.

0
0

U3 USB sticks.

What about running a browser on one? Aren't they supposed to leave nothing behind on the PC?

0
0

sbrcaleb

I use it for checking www.scrabblesolver.net on a laptop I occasionally share with my significant other. I'd hate her to know that, not only is she better than me , but cheating isn't helping.

My pr0n gets checked on an entirely differenct laptop.

0
0
This topic is closed for new posts.