Forgot your password?
typodupeerror
Privacy Your Rights Online

Browser Private Modes Not So Private After All 198

Posted by CmdrTaco
from the don't-look-at-my-prvates dept.
CWmike writes "Browsing in 'private mode" isn't as private as users think, reports Gregg Keizer. 'There are some traces left behind [by all browsers] that could reveal some of the sites that you've been to,' said researcher Collin Jackson. He, along with three colleagues, will present their findings on Tuesday at the Usenix Security Symposium in DC. IE, Firefox and Safari, for instance, leave traces of SSL encryption keys even when run in private mode, while IE and Safari on Windows preserve self-signed SSL certificates in a 'vault' file that could be read by others to track the browser's path. Firefox also retains evidence of some certificates. Private mode has also been billed as a way for users to hide themselves from the prying eyes of sites that try to track habits and histories. Jackson said most users see that as the biggest attraction to private mode. 'Some browsers do a better job of protecting you from other types of scenarios, such as Web site tracking,' Jackson said. 'Safari is very much more willing to reveal you to Web sites than the others.'"
This discussion has been archived. No new comments can be posted.

Browser Private Modes Not So Private After All

Comments Filter:
  • Opera (Score:5, Interesting)

    by AnonGCB (1398517) <7spams@gma[ ]com ['il.' in gap]> on Tuesday August 10, 2010 @04:01PM (#33208304)

    Opera wasn't included, but I'm very curious as to how good their private mode is.

    • I am also very interested in this. I've been using Opera as my browser of choice for over 6 months now and can't see myself switching back to anything else. I don't really use private browsing mode, but it would be nice to know how well it functions if I did need it.

    • Re: (Score:3, Interesting)

      by ReederDa (1874738)
      I'd like to know how Chrome is rated with this.
    • Re:Opera (Score:5, Insightful)

      by morari (1080535) on Tuesday August 10, 2010 @06:18PM (#33209922) Journal

      Private mode has also been billed as a way for users to hide themselves from the prying eyes of sites that try to track habits and histories. Jackson said most users see that as the biggest attraction to private mode.

      I thought hiding your porn habits from the wife or employer was the biggest attraction?

    • by Kesch (943326)

      Definitive scientific testing has been conducted.

      Opera is more private than a potato.

  • by Anonymous Coward

    You stumble on the page and see (0 Comments) followed by this huge white space. Looking at it, how can you not write something in it? Multiply this mentality across every other visitor who experiences a blank page and it's no wonder you have so many 'first posts' half way down the page.

  • by Anonymous Coward
    Shocker! Say it ain't so!

    How many more of these until Browser jokes around here end with "Safari!" instead of "Internet Explorer!"? At least IE takes security seriously nowadays...

    (You'll never find a vulnerability in my Mosaic! Ha ha! Security through obsolescence!)
    • At least IE takes security seriously nowadays...

      Warning, this site is very secure. Yes/No/Retry

      ?

    • You know private browsing wasn't exactly design to be a DOD level security feature. It is supposed to keep your browsing habits from the casual observer using the same computer. If you take security seriously you have to have other measures in place.

  • by e065c8515d206cb0e190 (1785896) on Tuesday August 10, 2010 @04:05PM (#33208360)
    As there is a flash animation on every other site, looking at your flash cash pretty much reveals what you've "anonymously" browsed recently...
  • Seems like setting up a ramdisk and placing all of your cache/bookmarks/saved values files there would be the way to do this. You could use a script that created the ramdisk and copied the bookmarks, etc... to it before starting the browser. Then have it destroy all of that when the browser closed.

    That would certainly be a handy utility to have, especially if it could be configured to make you anonymous (none of your identifying cookies, etc..) as an option.
    • by vux984 (928602) on Tuesday August 10, 2010 @04:15PM (#33208518)
      When I want to browse in high security / high privacy I use a virtual machine and delete all changes when shutting it down. (ie so the vm is in precisely the same state it was in when i turned it on.) This also gives me some reasonably good protection from viruses/malware/ and other crud, since unless it manages to break out of the VM, it goes away when I shut the VM down.
      • by Psx29 (538840) on Tuesday August 10, 2010 @04:29PM (#33208724)
        Another alternative is to boot off a live cd
        • Re: (Score:3, Insightful)

          by vux984 (928602)

          I agree. Its the best alternative if you need total security. Boot off a live CD from a diskless machine. (or at least set the hard drives as read-only).

          But its a hassle to boot off a live CD.

          My VM method realizes nearly all of the benefits of a live CD with a lot more convenience, since you can run it in antoher window along with everything else you are doing. Its more than secure enough for my purposes (keeps the kids from stumbling into it, and acts as a firewall for malware coming through the browser).

      • by MBGMorden (803437)

        Don't the changes still get written to disk though? Sure it reverts after it's done, but unless that space is securely wiped then it's still recoverable. The ram disk option seems like a better route since you're ensured that those contents are truly gone once they're deleted or the machine looses power. In today's world it's trivial to put an extra 1GB or so towards a ram disk, and most people could web browse from that just fine.

        • by vux984 (928602)

          Don't the changes still get written to disk though?

          Its more or less a like a snapshot, and all 'new' disk writes are written to a separate file to be optionally merged back into the disk image. If you decide to discard them, then the file just gets deleted. I suppose some sort of disk forensics done on the freed space before its overwritten might be able to recover something.

          It depends what you are looking for. When I want private / secure browsing, I just don't want any traces of it in my main browser, I d

      • by h4rr4r (612664)

        Unless your host OS is infected, then all bets are off.

    • by blair1q (305137)

      Keep your entire browser tree and all of its temp locations on a thumbdrive.

      In fact, just boot from it.

      No thumbdrive = no breadcrumbs.

    • by justin12345 (846440) on Tuesday August 10, 2010 @04:48PM (#33208934)
      Yeah a ram disk or virtual machine is defintely way more secure, as well as using proxies or TOR to disguise your IP address (confusing Geo-location databases), forged browser signatures, and a few other things I can't think of right now. Assuming you are committing acts of international espionage, working undercover for the NSA, or simply know that MLB is after you, you should definitely be taking those precautions.

      The thing is, my understanding is that "privacy mode" is really just for not having your porn links show up in your browser history, should your S/O or Mom not approve of you viewing such material. It also saves you potential embarrassment when you open up a new tab in Safari or Chrome and it gives you a grid of thumbnails of recently viewed sites. I think Gregg Keizer grossly overestimates what people expect when they click the "private" button. They aren't clicking it to view sites that require SSL certificates, they are clicking it to view sites who's title tag is "Slut fucked by guy" or "Sexy trinity anal part1" and shows up in the browser history as such. Most just use the privacy mode so their S/O or Mom doesn't stumble across those links while looking up that article they read yesterday about "How to plan the perfect wedding" or "Is internet addiction destroying your family?".
    • by Dan541 (1032000)

      Or you can use truecrypt and tor.

    • by xorsyst (1279232)

      Try Sandboxie [sandboxie.com]

  • by DeHackEd (159723) on Tuesday August 10, 2010 @04:06PM (#33208366) Homepage

    Flash cookies, or even any temp files left behind by video playback. I've heard it happen. See if anything was left in your Temp directory matching "Flash*" and play it back as .flv or .mp4. Very incriminating evidence

  • Biggest Attraction (Score:5, Insightful)

    by ceoyoyo (59147) on Tuesday August 10, 2010 @04:06PM (#33208372)

    "Jackson said most users see that as the biggest attraction to private mode."

    Nonsense. The biggest attraction of private mode is that hotteennymphosexkittens.com doesn't show up in the suggestions when someone borrows your computer to check Hotmail.

    If you want real privacy you shouldn't be trusting a web browser privacy mode.

    • by swanzilla (1458281) on Tuesday August 10, 2010 @04:11PM (#33208458) Homepage

      "Jackson said most users see that as the biggest attraction to private mode."

      Nonsense. The biggest attraction of private mode is that hotteennymphosexkittens.com doesn't show up in the suggestions when someone borrows your computer to check Hotmail.

      If you want real privacy you shouldn't be trusting a web browser privacy mode.

      Youtube might be more relevantly incriminating than Hotmail.

    • Re: (Score:2, Insightful)

      If you want real privacy, boot from a liveCD or USB stick

    • by Surt (22457) on Tuesday August 10, 2010 @04:16PM (#33208536) Homepage Journal

      I cannot believe how lazy the porn people are. It has been like a whole minute and that site is STILL not up.

      • by sznupi (719324)

        Hopefully they will pass on water nymphs, that would be just cruel to the small kittens, and evident to everybody; in however suggestive positions the kittens would be placed for a given shot.

    • Re: (Score:3, Interesting)

      by jdgeorge (18767)

      "Jackson said most users see that as the biggest attraction to private mode."

      Nonsense. The biggest attraction of private mode is that hotteennymphosexkittens.com doesn't show up in the suggestions when someone borrows your computer to check Hotmail.

      If you want real privacy you shouldn't be trusting a web browser privacy mode.

      Good point, but I thought the attraction was so web sites can't sniff your browsing history. [mozilla.com]

      • by ceoyoyo (59147)

        Mozilla might be pitching it as privacy protection on the web side, but there's a reason "privacy mode" has been better known as "porn mode" since it's introduction.

      • That link, while interesting, has no direct relevancy to any of these privacy mode features. It describes Mozilla's planned fix for the CSS :visited information leak, where a website can, fairly quickly and easily, determine which websites (of a preselected list) you have visited. The planned fix has nothing, explicitly, to do with privacy mode, as it will be used in all browsing modes.

    • Good point. But I'd like the browser makers to think on this a little harder. They could do all sorts of things to make this mode more attractive. Options to turn off flash and Javascript... or delete all their temp files... Also, have an option to automatically switch to a proxy or VPN when switching to private mode. If it really were a lot more secure I could see it coming in handy for people living in countries not so friendly to free speech.
    • by duranaki (776224)
      Thank you for saving me the time to type that exact comment. :)
    • by brunes69 (86786)

      If you trust someone enough to use your personal computer, but don't trust them enough to know you surf porn, then you have serious issues. And yes, this includes your wife. Never understood guys who try to hide the fact they watch porn from their wife. I mean, I don't rub it in her face, but my wife is not a fool, she knows I watch porn.

      • by ceoyoyo (59147)

        I was once at a conference with my masters supervisor. I needed to demo something at one of the sessions so I asked him if I could borrow his notebook. He agreed, and I went to the session. Right before I popped open the notebook to set up the demo. Full screen in dripping sticky colour was the porn he'd been watching the night before.

        There are more reasons for porn mode than hiding it from your wife. One of them is the same reason why you don't leave Hustler on the coffee table when you've got company

    • when someone borrows your computer to check Hotmail.

      When installing a new machine I always take 10 seconds to create a 'demo' user account. I'll sometimes use it for actually doing a demo or presentation, but usually just to FUS to it when somebody wants to borrow the Firefox. XFCE or something similarly light makes it less painful to switch into it.

  • Lately I've taken a new approach to privacy. I used to try and keep most everything private unless I wanted to share it, but nowadays I've adopted a bland public persona that I don't mind if the world knows about. Then when I want to do something I don't want public, I just invest time and inconvenience commensurate with the criticality of keeping my activity private to make sure it stays private.

    • When i want to accomplish something without it being attributed to me, i just don a cape and cowl. You'd be surprised how much privacy you have when people can only see your mouth and chin.

      it doesn't hurt to have a good utility belt and jet car either.
  • by HerculesMO (693085) on Tuesday August 10, 2010 @04:09PM (#33208430)

    I mean, as long as your wife/girlfriend can't track your porno sites with ease you're fine.

    If your wife/girlfriend is a CS major with cryptology in her repertoire though... might want to find a different 'hobby'.

  • So private mode is good enough for me!
    • by blair1q (305137)

      If you're married, and she isn't l33t, are you sure you belong on /.?

      • If you're married, and she isn't l33t, are you sure you belong on /.?

        Of course, Never marry someone who is more 1337 than you are.

  • by stagg (1606187) on Tuesday August 10, 2010 @04:17PM (#33208546)
    Virtual machines? Flash disks? I never use the same computer twice! But...who are we hiding from? I support efforts to maintain privacy, and I admire it as a thought experiment, but what's the scenario we're defending against here? All of this sounds like extreme overkill if you're hiding porn from your mom. If you're trying to hide from advertisers, governments, etc, then I think that your bigger worry is not your home machine, but everything out there in our marvelously complicated ecosystem of an internet.
  • by BitZtream (692029) on Tuesday August 10, 2010 @04:18PM (#33208578)

    In private browsing mode, hook fopen, all "w" calls get redirected to a special directory, all fopen "r" calls get checked to confirm they are either referencing that directory or referencing known acceptable files (maybe certain preferences).

    That instantly solves ALL in-process code. Its not something that would share all its code across platforms since the hooking mechanisms are different but it is going to be the only sure fire way to be safe.

    Out-of-process plugins would require a different approach, but since the browser starts them it could hook them as well if the effort was put forth. You hook flash and don't let it write anywhere but where you tell it too, then those retarded flash cookies can't give you away either.

    Clear the directory when leaving private browsing mode.

    I can't think of any real OS that you can't do this on fairly easy. Windows is doable although it takes a little bit of effort, most UNIX clones are trivial to hook. Might be a problem for browser ports to oddball devices (which I'm counting phones in this group since they are radically different, even if common) but its also probably much less of a concern there. I'm not aware of a private mode for Mobile safari so it doesnt' seem that anyone cares anyway, or am I just missing it?

  • by Anonymous Coward

    I noticed that javascript errors still go to syslog in private mode on Safari, at least.

  • I use GlimmerBlocker [glimmerblocker.org], which is a pretty cool little system extension which has a bunch of built in blocking scripts, but also allows you to create your own.

    I also use ClickToFlash [clicktoflash.com], but not sure if that does anything to protect you against Flash Cookies.

    Then if you really get annoyed at certain sites, you can always edit your host file.

  • Privacy, CLI-style (Score:4, Interesting)

    by by (1706743) (1706744) on Tuesday August 10, 2010 @05:15PM (#33209282)
    If I ever encounter a link which I'm curious about more from an academic perspective than anything else (e.g., a link from a possibly-legitimate-but-likely-spam email), I'll just wget it and then go through the page source and/or view it with a browser.

    This anecdote is a little off-topic I guess, but as far as privacy goes, I suspect it's a pretty decent way of going about things.
  • Did anyone else notice that the article didn't actually mention any privacy flaws with chrome, even though it says that chrome has them? They cite specific examples for IE, firefox and safari, then just say "oh, chrome has flaws too".
    • by geekoid (135745)

      Yeah, I noticed that as well. I wonder if it just didn't meet there forgone conclusions.

  • I didn't even realize that the point of the private browsing had anything to do with sites you visited. I thought it was clearly being marketed at a way to keep the next person sitting at your computer from seeing that you were visiting porn sites. Having your wife or kids follow behind you on the computer only to have porn sites pop up when they start typing in an address was a pretty big problem for a lot of people. This problem got even worse when the address bar started doing better type ahead by pri
  • I've been doing this since way back when Firefox 1.0. I have a script that front ends the startup of Firefox. It creates a fake home directory (sets the HOME environment variable). It is populated with an initial set of files Firefox expects or needs and then launches the real Firefox program. It adds about 0.5 seconds to the startup time (was more like 3 seconds way back when I first did this). Another script can scan all these fake homes and figure out which ones are still busy, leaving them alone, a

"In matters of principle, stand like a rock; in matters of taste, swim with the current." -- Thomas Jefferson

Working...