back to article Private browsing isn't: Boffins say smut-mode can't hide your tracks

A group of boffins working at MIT's Computer Science and Artificial Intelligence Laboratory believe that “private” browsing modes aren't private, so have given developers a framework to fix it. The problem, wrote Frank Wang with his thesis advisors (Nickolai Zeldovich and luminary James Micken), is that even if you're using “ …

  1. Charles 9 Silver badge

    So IOW, how do you ensure privacy when (a) even metadata is useful, (b) mail doesn't work without an address (metadata), and (c) you can't trust the mailman (Trent can be doubled)?

  2. Pascal Monett Silver badge

    A pretty high bar

    Sounds impressive, and demonstrates the cost of true, paranoid-level security.

    I'll be surprised if it becomes widely used by the Facebook generation, though. Maybe criminals will have an interest, and I'm sure Putin's hackers will be checking it out.

    1. Charles 9 Silver badge

      Re: A pretty high bar

      And of course it says nothing about owning the server or client directly, outside any envelopes.

    2. veti Silver badge

      Re: A pretty high bar

      I'll be astonished if it becomes widely used by any generation. Requires website to actively forego information, just to "protect" user privacy (from whom, exactly?) I find it hard to think of any business case for that.

      1. rh587 Silver badge

        Re: A pretty high bar

        I'll be astonished if it becomes widely used by any generation. Requires website to actively forego information, just to "protect" user privacy (from whom, exactly?) I find it hard to think of any business case for that.

        Women's Aid.

        Opposition political sites in certain nations.

        I can think of a few cases where you want to be absolutely certain that you're not leaving any traces in the user's machine.

        The second case is perhaps less strong since activists would want to be using TOR or a VPN, ideally from a TAILS install or non-persistent VM since they need to hide at a network level. In the former case though, making sure there's no risk of leaving a "Women's Aid" logo in the browser cache is a very sound shout.

      2. Anonymous Coward
        Anonymous Coward

        Re: A pretty high bar

        > just to "protect" user privacy (from whom, exactly?) I find it hard to think of any business case for that.

        Ours is that negligence in protecting personal data would hardly boost our clients' confidence in our ability to maintain their highly sensitive industrial secrets confidential.

    3. David Shaw

      Re: Putin's hackers!

      @PM, evidence here agree with you partially, 30 retired spies have been recently arrested for a multi-million dollar attack on oposition parties, opposition figureheads and just celebs who held the wrong opinion. Sadly lacks a link to Vlad.

      http://english.yonhapnews.co.kr/national/2018/02/26/0301000000AEN20180226007600315.html

      massive illegal political maneuver led by the state spy agency

      reminder this is the South of Korea, refers to the previous administration, a previously fully on-message member of the enormous MIC *ntel agencies matrix. Subverting democracy, and getting caught - at least that sounds like a resurgence of democracy, if only, amazingly, in the snowy Korean Peninusula.

      Spies/Officers do obviously have a real role to play, spy vs. spy, so counter corrupt Putin by all means - but stop subverting normal life with your cheap digital tools and your pervasive 'store everything' for later advantage. For the massed ranks of spies with their near trillions in budgets It is obviously so tempting to nudge 'your' version of democracy, that I'd be surprised if this wasn't happening everywhere on the planet, and not just where there are rooskies. That's an important fact, and I won't even mention the absurd Czech's. oops.

      Back to the subject of the article, I have used TAILS(*), as a live boot CD, but in the correct paranoid-level of security I assumed even that was backdoored to some extent, and certainly my download of the tool was a flagged event. I consider 'private browsing' feature in Browsers to be another bit of security theatre - but maybe "Private Browsing" could work on some badvertiser javascript auction behind the scenes? getting a decent air-fare or insurance quote maybe!

      (*)I needed to hide my data/metadata whilst I worked on some sensitive GMO related corn analysis figures for work, and that implied, and required, almost 'active terrorist cell' levels of IT, in order to preserve the security of the citizens, allegedly. It seems to have worked.

    4. Anonymous Coward
      Anonymous Coward

      Re: A pretty high bar

      facebook generation: "What's that long word that begins with p bro?"

  3. Elmer Phud

    Veil, eh?

    That name will go down well with the usual suspects . . .

    "Another piece of Muslimification!"

    "Terrorist software"

    "Dark Net"

    etc.

  4. Anonymous Coward
    Anonymous Coward

    I dont believe there is ever likely to be full privacy on the internet

    There are too many ways of gathering meta-data and joining it back up as suggested above.

    I am not sure that complete privacy is worthwhile in general use either.

    That's like walking through my local high street shops and expecting nobody to recognise me. That seems a little odd. Although clearly I don't want my pockets picked it is normal to be seen out and about in the (real) world. Privacy and complete anonymity are not the same thing.

    There must be a sensible line on this, I'm just not sure where it should be.

    Overall though if it is your ISP controlling your privacy you may as well ignore it. If the authorities want your data they will simply harvest it the private side of the connection.

    1. IamStillIan

      Re: I dont believe there is ever likely to be full privacy on the internet

      "I dont believe there is ever likely to be full privacy on the internet"

      That'd basically be oxymoronic. The internet exists to communicate data. "Full privacy" for everyone about everything would mean don't communicate any data... As you say, it's about agreeing boundaries. The system is still relatively immature (compared to walking down the street..), opinions vary, the scope is wide, and enforcement is difficult. We're a long way off.

      You walk down your street with knowledge of the area / community, and having decided the risk is acceptable; there maybe some streets you don't walk down because you don't feel that's true.

      The real difference vs the down the street analogy is the scale and extent at which it can happen. People elsewhere in the world can do it en-masse in your street, and every other street. That changes the discussion because you no longer know which streets are safe, or what communicty you're interacting with, so your ability to choose is being eroded. Oddly enough that's an inverse privacy problem, where those doing the monitoring have too much privacy.

  5. Anonymous Coward
    Anonymous Coward

    If a website wants to circumnavigate your privacy then it's going to do it anyway, suggesting websites stop collecting the information misses the point of if they want it in the first place. If they don't then they won't bother. It's client side or nothing.

  6. Tom 7 Silver badge

    More importantly

    does it make life difficult for the fuckers trying to track you?

    If it does I'm in.

    1. Mark 85 Silver badge

      Re: More importantly

      Maybe run of the mill advertisers. But I doubt if any of the lettered agencies will be stopped since they'll figure out how to get into the middle of the comms and slurp what they want when they want it.

      1. JohnFen Silver badge

        Re: More importantly

        "Maybe run of the mill advertisers."

        Even just that would be an improvement. Every little bit helps.

  7. Anonymous Coward
    Anonymous Coward

    I was going to write a article on my blog about what is left behind after you close a private browsing mode session.

    I am going to start by doing a clean OS install and then open a private browser session and visit a few websites. After doing this was going to use some forensic file recovery tools such as Photorec to see what files can be recovered from the hard drive after the browser session is closed. Will try it with a few major browsers and see which one leaves behind the least traces.

    1. g00se

      I was going to write a article on my blog about what is left behind after you close a private browsing mode session.

      Maybe post a link to it when it's done?

      ...to see what files can be recovered from the hard drive after the browser session is closed

      Presumably a lot of files. How would you know which to look for? Isn't what 'sensitive' data can be recovered the important factor?

    2. Anonymous Coward
      Joke

      "I was going to write a article on my blog about what is left behind after you close a private browsing mode session."

      Looked for it, but I couldn't find it.

    3. Ken Moorhouse Silver badge

      Re: I was going to write a article on my blog

      All the Biro's in that packet you bought the other day have transmitters embedded in them which can send to the 3LA's the XY coordinates of each motion of the pen when it detects contact with paper. So there's no need to put it in a blog...

  8. Anonymous South African Coward Silver badge

    There is one problem with all this.

    At one stage your traffic have to pass through your ISP, or if you're using a VPN, somebody else's server which may, or may not, log what you're doing, what smut you're ogling and what bomb recipes you've been eyeballing.

    1. Charles 9 Silver badge

      It's like I said. Mail, phone, and the Internet don't work without addresses or references, and these alone are enough for the right plod. They don't even need to know what you're saying (encrypted session): simply the mere and unavoidable fact you're saying something.

  9. Anonymous Coward
    Anonymous Coward

    Is this really news?

    Firefox's simple explanation of Private Mode

    "Important: Private Browsing doesn't make you anonymous on the Internet. Your Internet service provider, employer, or the sites themselves can still track what pages you visit. Private Browsing also doesn't protect you from keyloggers or spyware that may be installed on your computer."

    1. Pen-y-gors Silver badge

      Re: Is this really news?

      Presumably the same is true of 'Firefox Focus' on Android?

      And presumably adding a (trusted) VPN to the mix complicates things a bit more, but is still imperfect if someone is determined to trace you and can get court orders in Bulgarian (or wherever your VPN comes out)

    2. FrogsAndChips Silver badge

      Re: Is this really news?

      Exacty, Private mode has never been about protecting yourself from your boss/your ISP/websites snooping on your browsing details, anyone thinking so was just fooling themselves.

      PM is about hiding your history from your family, because you don't want them to discover your surprise birthday present or other questionable browsing habits (your definition may vary) through a Ctrl-H search or your Google bar. I don't care that some data may persist in “on-disk reflections of RAM such as the swap file”, I'm pretty confident it's beyond the skills of anyone in my household to get this stuff out of Firefox itself. That's good enough for me and all I'm asking from Private Mode.

      1. Anonymous Coward
        Anonymous Coward

        Re: Is this really news?

        I use Privacy Mode (with Noscript, of course) mainly to keep cookies from clogging up my system. You are really only anonymous if you surf at the library.

        1. FrogsAndChips Silver badge

          Re: surfing at the library

          Wearing a hoodie and using a privacy screen.

          1. Chozo

            Re: surfing at the library

            Using somebody else's login credentials..

            1. Charles 9 Silver badge

              Re: surfing at the library

              It would have to be the credentials of someone else who ALSO uses that computer; otherwise, the fact you're logging from another computer can raise a red flag in and of itself.

            2. GIRZiM

              Re: surfing at the library

              >Using somebody else's login credentials

              Sitting in a car with stolen number plates, in the library carpark, tunnelling in via a stolen laptop.

    3. GIRZiM

      Re: Is this really news?

      Does it not still mention people watching your activities over your shoulder?

      Or was that Chrome? I imagine Chrome users need all the help they can get.

  10. Anonymous Coward
    Anonymous Coward

    "Clear browsing history"

    I noticed long ago that clearing the browsers history does very little.

    I created a simple batch script that clears out a good portion of the data as well as clearing the DNS cache. (if you don't have it disabled already)

    Bleachbit does a pretty decent job at this as well.

    (I got a chuckle when I saw that a certain politician was used on Bleachbits official site: "Like a cloth or something?")

  11. Philip Stott

    Arrested Development

    I'm sure it's just me, but did anyone else have a little chortle at the thought of Mr. Wang investigating smut mode browsing?

    No? Thought so. I'll get my coat.

  12. Anonymous Coward
    Paris Hilton

    You're as public as a person in a trench coat exposing them self in the park

    Smut more, {grins} that about right, and stealth more, is going to the XXX store yourself.

    If you want to keep it private, then keep it off the Net.

    Has someone turned a (old) laptop and laser printer into a memory-typewriter, I would have though that they would have by now, where it would load and save files to the sd card reader and only scan and type to letters savable on the SD card, or could possibly phone-fax too. that would be it.

    That's about as secure as it gets for computing and electronics

    If you can do it in hardware, you can undo it in hardware

    If you can do it in software, you can undo it in software.........

  13. Lee D Silver badge

    "Incognito" means "don't use my saved cookies / history". Not "I'm invisible".

    The page that shows when you turn it on on most browsers tells you that. If anything, it's a "pretend I'm not me, so I can test this page / log in as someone else" more than anything else.

    As I tell the kids in the school I work, who all have 1-1 devices on the school Wifi... incognito mode is like huddling in a group in the playground giggling at something. All you do is go out of your way to attract more attention than you would have just browsing normally, and you don't actually hide ANYTHING of what's going on on your device - literally two clicks and I can tell you every site you went on while incognito (because, yes, we have managed devices with SSL interception, etc.). No, clearing your browser history doesn't remove all trace of you going on that site either. Because you can't clear the history of the next computer up the chain, which is the web filter.

    To be honest, I get ten times more use out of incognito than they do, and legitimately. When you have to login as fifty different kids/staff/parents over the course of a day, it quickly becomes tedious to log them out, manage 20 users on Google accounts, etc., so I have one browser logged in permanently for my own stuff, and then an incognito window for demoing / testing other people's logins (which allows you to show the first run "please login" screens because it's a fresh run every time).

    Incognito is more "don't send my *usual* saved information" than anything to do with privacy or security or anything else. If you think otherwise, you totally misunderstand its purpose, and you didn't read the screen that comes up when you do it.

    P.S. if you want to browse privately, you need to VPN to a secure and anonymous computer with complete and unfiltered / unmonitored Internet access. That alone should tell you that for most people it's not really practical or possible. Sure, you can point at Tor, VPN providers, rent a machine using Bitcoin or whatever you want... it still doesn't mean that you're secure (Tor is notorious for operating exactly as designed and yet being trivially easy to leak data that you don't want to, VPN endpoints can monitor what you do, Bitcoin transactions can be tracked even if they don't immediately give up your name, etc.).

    And the effort to go to that extent is beyond "just trying to secure my computer, your honour".

  14. Anonymous Coward
    Anonymous Coward

    I don't get this part...

    So, as a site operator, I should add the Veil server service that would somehow obfuscate the URL the user accesses. Except that the connection would still observably go to my servers and my servers would need to know the real URL anyway.

    I don't see what this should protect against. I might give the graphical firewall component a try, though.

    1. Ken Moorhouse Silver badge
      Coat

      Re: I might give the graphical firewall component a try, though.

      Have you been diagnosed as pyrophiliac?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019