Browser Private Modes Not So Private After All 198
CWmike writes "Browsing in 'private mode" isn't as private as users think, reports Gregg Keizer. 'There are some traces left behind [by all browsers] that could reveal some of the sites that you've been to,' said researcher Collin Jackson. He, along with three colleagues, will present their findings on Tuesday at the Usenix Security Symposium in DC. IE, Firefox and Safari, for instance, leave traces of SSL encryption keys even when run in private mode, while IE and Safari on Windows preserve self-signed SSL certificates in a 'vault' file that could be read by others to track the browser's path. Firefox also retains evidence of some certificates. Private mode has also been billed as a way for users to hide themselves from the prying eyes of sites that try to track habits and histories. Jackson said most users see that as the biggest attraction to private mode. 'Some browsers do a better job of protecting you from other types of scenarios, such as Web site tracking,' Jackson said. 'Safari is very much more willing to reveal you to Web sites than the others.'"
Opera (Score:5, Interesting)
Opera wasn't included, but I'm very curious as to how good their private mode is.
Re: (Score:2)
I am also very interested in this. I've been using Opera as my browser of choice for over 6 months now and can't see myself switching back to anything else. I don't really use private browsing mode, but it would be nice to know how well it functions if I did need it.
Re: (Score:3, Interesting)
Re:Opera (Score:5, Insightful)
Private mode has also been billed as a way for users to hide themselves from the prying eyes of sites that try to track habits and histories. Jackson said most users see that as the biggest attraction to private mode.
I thought hiding your porn habits from the wife or employer was the biggest attraction?
Re: (Score:2)
Definitive scientific testing has been conducted.
Opera is more private than a potato.
Re: (Score:2)
The problem with first posts (Score:2, Insightful)
You stumble on the page and see (0 Comments) followed by this huge white space. Looking at it, how can you not write something in it? Multiply this mentality across every other visitor who experiences a blank page and it's no wonder you have so many 'first posts' half way down the page.
Re:The problem with first posts (Score:5, Funny)
We fight our fear of an empty internet?
Re: (Score:2)
Safari has extremely lax security? (Score:2, Funny)
How many more of these until Browser jokes around here end with "Safari!" instead of "Internet Explorer!"? At least IE takes security seriously nowadays...
(You'll never find a vulnerability in my Mosaic! Ha ha! Security through obsolescence!)
Re: (Score:2)
Warning, this site is very secure. Yes/No/Retry
?
Re: (Score:2)
You know private browsing wasn't exactly design to be a DOD level security feature. It is supposed to keep your browsing habits from the casual observer using the same computer. If you take security seriously you have to have other measures in place.
Flash cookies remain too (Score:3, Insightful)
Re:Flash cookies remain too (Score:4, Informative)
Firefox in Privacy mode with Better Privacy extension. Pretty good setup.
Re:Flash cookies remain too (Score:5, Interesting)
Re: (Score:2, Insightful)
Re:Flash cookies remain too (Score:5, Funny)
I run a virtual machine on a live CD, then restore the snapshot, reboot the machine, snap the CD in half, attach a high powered electromagnet to the tower, then burn down the building.
Re: (Score:3, Funny)
Re: (Score:2)
I'd hate to know what you do when the CD's in ISO form...
Re:Flash cookies remain too (Score:4, Interesting)
What a rookie..... you left IP address traces on the gateway logs of your ISP. better nuke your ISP from orbit just to be safe.
Re: (Score:3, Insightful)
Re: (Score:3, Informative)
then burn down the building.
I think that's the building he was talking about... his ISP. It's kind of annoying to burn down your own house every time.
Re: (Score:2)
It's kind of annoying to burn down your own house every time.
Makes ya wonder where the Fire in Firefox came from, doesn't it...
Re: (Score:3, Funny)
I telnet into the servers, and type out the headers by hand.
Re: (Score:2)
I use Lynx.
Re:Flash cookies remain too (Score:4, Funny)
I use Lynx.
and a really vivid imagination.
Re: (Score:2)
Re: (Score:2)
No, looking in /dev/null doesn't reveal much of anything.
Re: (Score:2)
Re:Flash cookies remain too (Score:4, Funny)
Re: (Score:2)
You've confounded /dev/null and /dev/random. The latter is where all the really exciting stuff is (it includes all of pi!)
Re: (Score:2)
You've confused /dev/random and /dev/urandom. The latter doesn't block waiting for more entropy.
Re: (Score:2)
You've confounded /dev/null and /dev/random. The latter is where all the really exciting stuff is (it includes all of pi!)
Maybe so, but /dev/null has greater capacity - you can only get one copy of pi into /dev/random.
Re: (Score:2)
Even browsers that allow disabling cookies usually still have both Flash cookies (some trail every Flash site) and JAVA cookies. JAVA also may cache images outside the browser cache.
As memory intensive as modern browsers are, and with them seemly able to go back endlessly with that back button, it should also be assumed that every page you visit it swapped into the virtual memory swap file.
At this point, Private Browsing mode seems to do little more than hide the browser history from a tech-illiterate spou
Re: (Score:2)
So now Flash only stalks users and shares what Flash sites they've visited with other Flash sites the rest of the time? Normal browser cookie controls can't prevent/delete those either. That's still not much respect for privacy. It's nasty behavior most users don't know about.
Some Firefox users use the BetterPrivacy plugin for dealing with Flash cookies,
ideally most would also disable Flash by default and enable it only on specific sites.
(several plugins allow such control)
Browser settings, including pri
Re: (Score:2)
Not sure about other browsers, but this was fixed over a month ago with the latest version of Flash if you're running IE8.
Re: (Score:2)
sudo chattr -R +i .adobe .macromedia
sudo chattr -R +i
You need all of your files on a ramdisk (Score:2)
That would certainly be a handy utility to have, especially if it could be configured to make you anonymous (none of your identifying cookies, etc..) as an option.
Re:You need all of your files on a ramdisk (Score:5, Interesting)
Comment removed (Score:4, Informative)
Re: (Score:3, Insightful)
I agree. Its the best alternative if you need total security. Boot off a live CD from a diskless machine. (or at least set the hard drives as read-only).
But its a hassle to boot off a live CD.
My VM method realizes nearly all of the benefits of a live CD with a lot more convenience, since you can run it in antoher window along with everything else you are doing. Its more than secure enough for my purposes (keeps the kids from stumbling into it, and acts as a firewall for malware coming through the browser).
Re: (Score:2)
Where the CCTV camera and satellites can see you.
Re: (Score:2)
Don't the changes still get written to disk though? Sure it reverts after it's done, but unless that space is securely wiped then it's still recoverable. The ram disk option seems like a better route since you're ensured that those contents are truly gone once they're deleted or the machine looses power. In today's world it's trivial to put an extra 1GB or so towards a ram disk, and most people could web browse from that just fine.
Re: (Score:2)
Don't the changes still get written to disk though?
Its more or less a like a snapshot, and all 'new' disk writes are written to a separate file to be optionally merged back into the disk image. If you decide to discard them, then the file just gets deleted. I suppose some sort of disk forensics done on the freed space before its overwritten might be able to recover something.
It depends what you are looking for. When I want private / secure browsing, I just don't want any traces of it in my main browser, I d
Re: (Score:2)
Unless your host OS is infected, then all bets are off.
Re: (Score:2)
Keep your entire browser tree and all of its temp locations on a thumbdrive.
In fact, just boot from it.
No thumbdrive = no breadcrumbs.
Re:You need all of your files on a ramdisk (Score:5, Insightful)
The thing is, my understanding is that "privacy mode" is really just for not having your porn links show up in your browser history, should your S/O or Mom not approve of you viewing such material. It also saves you potential embarrassment when you open up a new tab in Safari or Chrome and it gives you a grid of thumbnails of recently viewed sites. I think Gregg Keizer grossly overestimates what people expect when they click the "private" button. They aren't clicking it to view sites that require SSL certificates, they are clicking it to view sites who's title tag is "Slut fucked by guy" or "Sexy trinity anal part1" and shows up in the browser history as such. Most just use the privacy mode so their S/O or Mom doesn't stumble across those links while looking up that article they read yesterday about "How to plan the perfect wedding" or "Is internet addiction destroying your family?".
Re: (Score:2)
Or you can use truecrypt and tor.
Re: (Score:2)
Try Sandboxie [sandboxie.com]
Don't forget about flash (Score:5, Interesting)
Flash cookies, or even any temp files left behind by video playback. I've heard it happen. See if anything was left in your Temp directory matching "Flash*" and play it back as .flv or .mp4. Very incriminating evidence
Re: (Score:2, Informative)
The flashblock and betterprivacy add-ons for Firefox will help with flash.
Re: (Score:3, Funny)
Re: (Score:2)
err, you need to search before you clear your cache, and then after.
Re:Don't forget about flash (Score:5, Informative)
Biggest Attraction (Score:5, Insightful)
"Jackson said most users see that as the biggest attraction to private mode."
Nonsense. The biggest attraction of private mode is that hotteennymphosexkittens.com doesn't show up in the suggestions when someone borrows your computer to check Hotmail.
If you want real privacy you shouldn't be trusting a web browser privacy mode.
Re:Biggest Attraction (Score:4, Funny)
"Jackson said most users see that as the biggest attraction to private mode."
Nonsense. The biggest attraction of private mode is that hotteennymphosexkittens.com doesn't show up in the suggestions when someone borrows your computer to check Hotmail.
If you want real privacy you shouldn't be trusting a web browser privacy mode.
Youtube might be more relevantly incriminating than Hotmail.
Re: (Score:2, Insightful)
If you want real privacy, boot from a liveCD or USB stick
Re:Biggest Attraction (Score:5, Funny)
I cannot believe how lazy the porn people are. It has been like a whole minute and that site is STILL not up.
Re: (Score:2)
Hopefully they will pass on water nymphs, that would be just cruel to the small kittens, and evident to everybody; in however suggestive positions the kittens would be placed for a given shot.
Re: (Score:3, Interesting)
"Jackson said most users see that as the biggest attraction to private mode."
Nonsense. The biggest attraction of private mode is that hotteennymphosexkittens.com doesn't show up in the suggestions when someone borrows your computer to check Hotmail.
If you want real privacy you shouldn't be trusting a web browser privacy mode.
Good point, but I thought the attraction was so web sites can't sniff your browsing history. [mozilla.com]
Re: (Score:2)
Mozilla might be pitching it as privacy protection on the web side, but there's a reason "privacy mode" has been better known as "porn mode" since it's introduction.
Re: (Score:2)
That link, while interesting, has no direct relevancy to any of these privacy mode features. It describes Mozilla's planned fix for the CSS :visited information leak, where a website can, fairly quickly and easily, determine which websites (of a preselected list) you have visited. The planned fix has nothing, explicitly, to do with privacy mode, as it will be used in all browsing modes.
Re: (Score:2)
Re: (Score:2, Informative)
Re: (Score:2)
Re: (Score:2)
If you trust someone enough to use your personal computer, but don't trust them enough to know you surf porn, then you have serious issues. And yes, this includes your wife. Never understood guys who try to hide the fact they watch porn from their wife. I mean, I don't rub it in her face, but my wife is not a fool, she knows I watch porn.
Re: (Score:2)
I was once at a conference with my masters supervisor. I needed to demo something at one of the sessions so I asked him if I could borrow his notebook. He agreed, and I went to the session. Right before I popped open the notebook to set up the demo. Full screen in dripping sticky colour was the porn he'd been watching the night before.
There are more reasons for porn mode than hiding it from your wife. One of them is the same reason why you don't leave Hustler on the coffee table when you've got company
Fast User Switching (Score:2)
when someone borrows your computer to check Hotmail.
When installing a new machine I always take 10 seconds to create a 'demo' user account. I'll sometimes use it for actually doing a demo or presentation, but usually just to FUS to it when somebody wants to borrow the Firefox. XFCE or something similarly light makes it less painful to switch into it.
A new approach to privacy (Score:2)
Lately I've taken a new approach to privacy. I used to try and keep most everything private unless I wanted to share it, but nowadays I've adopted a bland public persona that I don't mind if the world knows about. Then when I want to do something I don't want public, I just invest time and inconvenience commensurate with the criticality of keeping my activity private to make sure it stays private.
Re: (Score:2)
it doesn't hurt to have a good utility belt and jet car either.
It's good enough.. (Score:4, Funny)
I mean, as long as your wife/girlfriend can't track your porno sites with ease you're fine.
If your wife/girlfriend is a CS major with cryptology in her repertoire though... might want to find a different 'hobby'.
Re:It's good enough.. (Score:5, Funny)
If your wife/girlfriend is a CS major with cryptology in her repertoire though... might want to find a different 'hobby'.
If I had a wife/girlfriend with a CS major in cryptology in her repertoire I wouldn't need a hobby.
Re:It's good enough.. (Score:5, Funny)
I mean, as long as your wife/girlfriend can't track your porno sites with ease you're fine.
If your wife/girlfriend is a CS major with cryptology in her repertoire though... might want to find a different 'hobby'.
Then it's back to an old suitcase under the work bench in the garage.
Re: (Score:2, Funny)
I see you're planning ahead.
Re:It's good enough.. (Score:5, Funny)
What? Why is everyone looking at me like that?
Re:It's good enough.. (Score:5, Funny)
Your wife is a CS major with cryptology in her repertoire. She just hasn't told you because you'd blow her cover.
Re: (Score:2)
If your wife/girlfriend is a CS major with cryptology in her repertoire, something tells me it's more likely she'd be more receptive to these "hobbies", even to the point of participating. ;)
Re: (Score:2)
My wife is not a security researcher (Score:2, Funny)
Re: (Score:2)
If you're married, and she isn't l33t, are you sure you belong on /.?
Re: (Score:2)
If you're married, and she isn't l33t, are you sure you belong on /.?
Of course, Never marry someone who is more 1337 than you are.
This is going to be an unpopular sentiment but... (Score:3, Insightful)
Re: (Score:3, Funny)
But...who are we hiding from?
Nice try but you're not going to find out that easily.
Doesn't seem like a hard problem to solve ... (Score:5, Interesting)
In private browsing mode, hook fopen, all "w" calls get redirected to a special directory, all fopen "r" calls get checked to confirm they are either referencing that directory or referencing known acceptable files (maybe certain preferences).
That instantly solves ALL in-process code. Its not something that would share all its code across platforms since the hooking mechanisms are different but it is going to be the only sure fire way to be safe.
Out-of-process plugins would require a different approach, but since the browser starts them it could hook them as well if the effort was put forth. You hook flash and don't let it write anywhere but where you tell it too, then those retarded flash cookies can't give you away either.
Clear the directory when leaving private browsing mode.
I can't think of any real OS that you can't do this on fairly easy. Windows is doable although it takes a little bit of effort, most UNIX clones are trivial to hook. Might be a problem for browser ports to oddball devices (which I'm counting phones in this group since they are radically different, even if common) but its also probably much less of a concern there. I'm not aware of a private mode for Mobile safari so it doesnt' seem that anyone cares anyway, or am I just missing it?
Javascript errors still go to syslog... (Score:2, Interesting)
I noticed that javascript errors still go to syslog in private mode on Safari, at least.
Re: (Score:2)
Eh? Safari logs Javascript errors to an OS error log?
Safari Setup... (Score:2)
I use GlimmerBlocker [glimmerblocker.org], which is a pretty cool little system extension which has a bunch of built in blocking scripts, but also allows you to create your own.
I also use ClickToFlash [clicktoflash.com], but not sure if that does anything to protect you against Flash Cookies.
Then if you really get annoyed at certain sites, you can always edit your host file.
Privacy, CLI-style (Score:4, Interesting)
This anecdote is a little off-topic I guess, but as far as privacy goes, I suspect it's a pretty decent way of going about things.
And what are Chrome's flaws you allude to? (Score:2)
Re: (Score:2)
Yeah, I noticed that as well. I wonder if it just didn't meet there forgone conclusions.
I didn't even realize. (Score:2)
Re: (Score:2)
Wiper, no wiping!
Adios!
The REAL way to do private mode (Score:2)
I've been doing this since way back when Firefox 1.0. I have a script that front ends the startup of Firefox. It creates a fake home directory (sets the HOME environment variable). It is populated with an initial set of files Firefox expects or needs and then launches the real Firefox program. It adds about 0.5 seconds to the startup time (was more like 3 seconds way back when I first did this). Another script can scan all these fake homes and figure out which ones are still busy, leaving them alone, a
Re: (Score:2, Informative)
Flash shared objects is the main thing. Easy fix -- download and use the BetterPrivacy extension.
Of course, the absolute sure way to ensure browser privacy is to have a virtual machine dedicated to browsing, and have it roll back to the last snapshot once done. This is easy to do in Windows 7 and XP Mode. This way, some cookies left behind by some third party add-on (Java, Flash, or W/E) are eradicated completely.
Re: (Score:2, Troll)
Plus, especially for the luser end of the spectrum, it's a great learning experience.
Re: (Score:2)
Those of us not running on Windows systems find that going more than a year between wipe/rebuild is not only possible, but preferable!
Re: (Score:2)
Those of us competently running Windows also find going more than a year to be easy and preferable.
Re:Clean on close (Score:5, Funny)
But the FBI/CIA/NSA have ways of reading even zeroed drives! (so I hear) Will we ever be safe??
That's why I one them instead. I've never heard that they can read a oned drive. :-)
Re: (Score:2)
Just install NoScript and be done with it.
NoScript is great, but it doesn't prevent CSS-based browser history sniffing [mozilla.com], if I understand correctly.
Re: (Score:2)
So does: [flag]+R "cmd" /s
cd \
del *.*
or /*
sudo rm -rf