Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Chrome Firefox Privacy Safari The Internet Your Rights Online

Do We Need A Better Private Browsing Mode? (networkworld.com) 126

Network World's Alan Zeichi recently argued "We need a better Private Browsing mode." Slashdot reader Miche67 writes: As this writer says, Chrome's Incognito Mode "doesn't offer strong protection at all." [Incognito mode "only prevents Chrome from saving your site visit activity. It won't stop other sources from seeing your browsing activity."] And Firefox's Private Browsing with Tracking Protection -- while stronger than Chrome -- is an all-or-nothing option. "You can't turn it off for sites you trust, but have it otherwise enabled by default."
The submission ends, "Every single link to non-trusted websites should open, by default, in a Private/Incognito window. C'mon, browser makers, get this done." This raises two questions. How do Slashdot's readers browse? And do you think we need a better private mode for web browsing?
This discussion has been archived. No new comments can be posted.

Do We Need A Better Private Browsing Mode?

Comments Filter:
  • by Anonymous Coward on Sunday July 10, 2016 @01:38PM (#52483947)

    If you don't want people to know you're watching porn online, don't watch porn online. If you don't want people to know you're accessing illicit content online, don't access illicit content online. Don't have anything to hide and you won't have any problems. The paranoia is from perverts, criminals, and other losers who feel the need to access illicit things online that they don't want others to know about. Modify your own behavior and you'll have no problems with needing to keep secrets.

    • Re: (Score:3, Funny)

      by Anonymous Coward

      If you don't want people to know you're watching porn online, don't watch porn online. If you don't want people to know you're accessing illicit content online, don't access illicit content online. Don't have anything to hide and you won't have any problems. The paranoia is from perverts, criminals, and other losers who feel the need to access illicit things online that they don't want others to know about. Modify your own behavior and you'll have no problems with needing to keep secrets.

      If I weren't also an anonymous coward I would mod this +1 Funny.

      I salute you for your masterful satire!

    • by BitterOak ( 537666 ) on Sunday July 10, 2016 @01:49PM (#52484025)
      This may be good advice in a relatively free country where people are allowed to criticize their government as well as investigate bad behavior by those in power, but in many countries in the world people don't have those freedoms which we take for granted. People living in oppressive regimes may need to rely more on technological means to protect their rights to organize and to criticize their government. An essential part of a participatory democracy is that people can be critical of their government, and if we want more countries to follow that model, people need to be free to exchange ideas without fear of reprisal.
      • Just don't use your real name anywhere on the internet.

        • by Anonymous Coward

          What about LinkedIn or job boards? Maybe you meant don't use your real name for anything political.

        • Just don't use your real name anywhere on the internet.

          You mean like when you sign up for internet service using your physical address? Yes, I'm sure that's going to stop the state government—which probably runs the ISP—from learning who you are. Even if you limit posting your critiques to libraries or other public places, they can use the browsing history to narrow down where to watch for you.

      • by KiloByte ( 825081 ) on Sunday July 10, 2016 @06:55PM (#52485569)

        What's that "free country" you're talking about? While in countries other than North Korea, Russia, China, Saudi Arabia you can often get away with criticizing the government on superficial matters, there isn't a single country that won't punish you for revealing news that truly hurts those in power.

        Case in point: Assange -- Sweden tries to pass as a free country. Or, show me those "free countries" supporting Snowden; Ecuador and Russia stepped up because of a grudge against USA rather than of good will.

      • by Alumoi ( 1321661 )

        Oppressive regimes? That's funyy, last I looked, US and UK were champions when trying to track every user accessing the net.

    • by Anonymous Coward

      If you don't want people to know you're watching porn online, don't watch porn online. If you don't want people to know you're accessing illicit content online, don't access illicit content online. Don't have anything to hide and you won't have any problems. The paranoia is from perverts, criminals, and other losers who feel the need to access illicit things online that they don't want others to know about. Modify your own behavior and you'll have no problems with needing to keep secrets.

      Have you had your h

    • Re: (Score:2, Funny)

      by Anonymous Coward

      Protip: Get rid of all your online accounts, except for one: Facebook. Do everything from your facebook account

  • by Anonymous Coward on Sunday July 10, 2016 @01:40PM (#52483963)

    How do Slashdot's readers browse?

    Sat in our parents basements in our underwear.

    And do you think we need a better private mode for web browsing?

    Yes, my parents get suspicious when I lock the door.

  • i use tor (Score:2, Interesting)

    by Anonymous Coward

    Common everybody knows that the private browsing mode is just a porn mode that hides your history from other users of your Computer, nothing more.

    I just use Tor if i want real privacy.

    • by maorb ( 2578043 )

      I've used private browsing mode to allow my friend to check his email without making me log out of my own email (from the same service of course). From my perspective, it just lets me open a "guest" mode browser that doesn't have all my URL autocompletes, usernames, passwords, etc automatically filling in. It's not to be confused with a security feature when used like that of course, all someone has to do to get back into my side of things is open a new windows, but it's still convenient.

    • Re:i use tor (Score:4, Interesting)

      by mlts ( 1038732 ) on Sunday July 10, 2016 @02:45PM (#52484369)

      With browser fingerprinting (check it out on EFF's Panopticlick), it really doesn't matter if you use Tor or not.

      What I do if I want a stateless session is vagrant up a virtual machine, have it provisioned with a web browser, usual ad blocker software, my bookmarks as a clicky HTML file locally, and use that. When done, destroy the VM. This way, any changes or stuff saved to the VM are toast, and there will always be a different fingerprint every session.

      As for protecting my IP, I just use a VPN service. For me a simple proxy is good enough so that ad companies and behavior tracking sites are blocked/stymied.

      • Re:i use tor (Score:5, Interesting)

        by AmiMoJo ( 196126 ) <mojo@NosPam.world3.net> on Sunday July 10, 2016 @04:31PM (#52484873) Homepage Journal

        Have you actually tried browser fingerprinting with the TOR Browser? If you set it up right (I recommend Tails) it doesn't work. It can't separate you from many, many other TOR Browser users.

        Go try it right now, with the Trails live CD. They fixed this years ago.

        • by Anonymous Coward

          It would be even better if that was all upstreamed and all TOR Browser users looked like all Firefox users, regardless of the versions they run. One way to get started on that, which I cannot believe isn't the default, is to remove specifics from them beyond the program. I mean things like OS, architecture, version numbers, and anything else I forgot. If browsers are not the same across platforms, then that is a bug that should be fixed, not something to be advertised to the server.

          • by Erioll ( 229536 )
            That would actually break other things. Things like the header that you suggest are already encrypted on any "https" website, and thus TOR doesn't know what that is, and can't manipulate it. So the only way for that to work would be to ban https on TOR, which would be stupid, which they wouldn't do.
      • Fingerprinting is defeated. Randomly rotate common values. Non-unique signal with noise. Using a VM is actually a more unique signal, and would easily let you be identified with known techniques involving a small fingerprint with an IP netmask. Better hope you aren't the only one doing deploying that VM-browser combination on your VPN service. Just because you are resetting your state doesn't mean you don't have state. It actually makes your profile more stateful in the long run.
  • 99.99% of my browsing I don't care if hosts know that I've been there before, or that I've been to a "partner" site. I rather like that my browser keeps a history of visited sites. Incognito is good if you want to keep your dirty habits secret from someone who might get their hands on your data. There is no such thing as truly private browsing. Yeah, yeah, VPN for your torrents, Great Firewall, etc, but there are holes in the security well past anything a typical user can influence.

    • by Anonymous Coward

      Dude, if you can't at least acknowledge that Big Brother May Someday Use My Data Against Me, then at least acknowledge that tracking is a little creepy.

    • There are cookies and cookies. If I go to foo.com and I get a cookie that is only readable by foo.com and is used to maintain state across visits, then that's fine. If that page on foo.com includes an i-frame that encodes the foo.com URL and contains something from bar.com that sets a cookie, and so do the next hundred sites that I visit, then I do care. I don't have any business relationship with the owners of bar.com and I don't want them to be tracking everything that I do online.

      This is something

      • by Merk42 ( 1906718 )
        What about 3rd parties that might be on a variety of URLs, such as disqus and social media?
        • Explicit user opt-in to having their cookies shared across sites. And a visual notification of all of the third-party domains that are tracking you.
        • by allo ( 1728082 )

          especially disqus is a bad example. If you allow 3rd party cookies, disqus can track what news sites and blogs you're reading without any problem.

          • by Merk42 ( 1906718 )
            That was my point. Not everything a website uses comes from the same domain (even excluding ads), so that initial idea has issues.
            TheRaven64 did comment [slashdot.org] on that situation though.
  • What about VPN's?

    • by arth1 ( 260657 )

      A VPN combined with an anonymizing and caching proxy.

      This, ironically, makes http more secure than https if you consider the server operator the potential bad guy. The proxy server can cache the data and not be forced to disclose that someone else is asking for the content. This is one of the reasons I oppose switching everything over to https. Enforcing https makes it easier, not harder, for web site operators to track you, which is why Google wants it so badly. It helps thwart listening in, but in m

  • by brwski ( 622056 ) on Sunday July 10, 2016 @01:47PM (#52484011)
    Rather than, ""Every single link to non-trusted websites should open, by default, in a Private/Incognito window," it should read, ""Every single link should open, by default, in a Private/Incognito window." In fact, there should be no way for a website to determine where else you've been. Sandbox everything; it's the only way to force advertisers and tracking companies to do things differently.
    • by mark-t ( 151149 )
      Better yet, the default behavior should be a configurable option in browser preferences. Make it an end-user choice.
    • by Anonymous Coward

      If you do that, the website owners will simply retaliate by requiring you to explicitly accept cookies each time you visit. And it's no use saying "well I'll go elsewhere then", because they'll all do it.

      If you push them too far, they'll push back.

  • by Anonymous Coward

    And yes an improved private mode would be a good thing.

  • by wierd_w ( 1375923 ) on Sunday July 10, 2016 @01:59PM (#52484093)

    We need a better social dynamic where the forces of greed and graft aren't out to secure everyone's dirty laundry for big profit. (you know. Extortion, blackmail, protection rackets, basically what the NSA is out for, along with the basic "Oh, you like porno with big giant dicks in it? We offer a wide assortment of novelty giant dildos for you to buy! Isn't that GREAT!?" that seems to have infested the internet lately.)

    I may be a greybeard by today's standards, but I remember when the internet was more about community, sharing news and jokes, and intellectual pursuits. Eternal September was the death of the internet. What we have now is a superhighway of advertisements directed into your eyeballs, and automated grabber arms reaching for your banking information.

    • by Voyager529 ( 1363959 ) <voyager529@ya h o o . c om> on Sunday July 10, 2016 @02:04PM (#52484113)

      Eternal September was the death of the internet. What we have now is a superhighway of advertisements directed into your eyeballs, and automated grabber arms reaching for your banking information.

      In a somewhat-amusing irony, Usenet is much more usable now and has basically-no spam anymore.

    • Eternal September was the death of the internet.

      I too enjoyed telneting into text worlds and using archie to pull scholarly papers. (That is not sarcasm btw).

      But the Eternal September is what brought us all the kickass internet stuff we have now. Without the influx of users it would be basically useless.

      • by Anonymous Coward

        But the Eternal September is what brought us all the kickass internet stuff we have now. Without the influx of users it would be basically useless.

        What kickass stuff exactly? Facebook? eBay? ...?
        What of those do we need, and didn't exist in one form or another before?

      • by mlts ( 1038732 )

        I would disagree for the most part. The only real gain we have had would be plain English search engines like Google.

        Twitter? That's what IRC is for.
        Someone's wall? That is what a .plan file is for and finger.
        A blog? Web page.
        Local stuff? NNTP groups.
        Stuff worldwide? More NNTP groups.
        Pr0n? alt.sex.cthulhu

        Social networks don't give much other than being one place with a consistant UI. Even worse, unlike USENET where even if someone is a total asshole, their voice is read until people stuff them in th

        • by AmiMoJo ( 196126 )

          Twitter? That's what IRC is for.
          Someone's wall? That is what a .plan file is for and finger.
          A blog? Web page.

          I don't think you really understand what those things are for...

          Twitter: Permanent (or at least lifetime of the account) and searchable, where as IRC is at best loggable somewhere.

          Wall (facebook?): Searchable and networkable, where as .plan and finger don't create any social links unless you include a list of other addresses you know.

          Blog: Easier to use than a web page, you can throw in images with a click or two and comments/spam are handled for you. As much as blogs are derided they did a lot to democrati

  • by bheerssen ( 534014 ) <bheerssen@gmail.com> on Sunday July 10, 2016 @02:01PM (#52484099)

    Better private mode browsing would be a great help, but there's more to that when protecting your identity online. For one thing, private mode browsing is meant to protect your history on your local machine, not across the internet. Secondly, unless you are willing to browse without the aid of javascript and cookies, there's no way to stop web site operators from tracking you. Sure, you can stop cross site scripting, but you can't stop one website from sharing your cookie data with another website, or any other data they can garner.

    So do you want to be truly anonymous? Use the Tor Browser, never use javascript, turn off cookies, and enjoy your sterile internet.

    Or, you can accept a certain amount of risk and enjoy a rich, vibrant internet experience.

    (I don't mean to disparage the Tor browser, it's a great product and I use it for some things.)

  • by Voyager529 ( 1363959 ) <voyager529@ya h o o . c om> on Sunday July 10, 2016 @02:02PM (#52484109)

    NoScript with only first party scripts allowed by default, and a handful of CDNs whitelisted. CCleaner Pro cleans up all of my browser activity every time I close it. Untangle denies connections to ad servers and trackers at the firewall level.

    Am I still being tracked? Probably...but the information obtained is much less juicy. I haven't seen an ad 'follow me' around the internet in quite some time.

  • by The Raven ( 30575 ) on Sunday July 10, 2016 @02:06PM (#52484125) Homepage

    Chrome Incognito and FireFox's Private Browsing are functionally identical. The caveat that the author highlights is how the Internet works. Of course sites have a record of your visit... they have to, to feed you the page! The disclaimer is to make sure that people know Incognito mode is like wearing an Anonymous mask, not like being invisible. And if you go up to an ATM dressed like V, but get money out of your credit card, then obviously the bank knows who visited the ATM despite the mask.

    This basic ignorance of how cookies work is pervasive.

    Private browsing opens your browser in a blank-slate mode. Generally, no plugins, no cookies. That means Amazon doesn't know who you are, so you can't one-click buy. Your news-reader makes you log in again. It takes longer to access your email because Gmail makes you log in and re-affirm your authenticator. Your ad blocker is disabled. Your CSS fixing plugin is blocked.

    This is not how I want to use my computer, logging in to every single site every single time I visit despite being on a trusted device. We have plugins and cookies for a reason, because they make the Internet a more useful tool. They also have nefarious uses, but saying that the Internet should throw out all convenience to maximize security is ignorant of the reality that people will just switch to the more convenient browser.

    What we need is not a better incognito mode, but for tech journalists to stop pontificating about technology they do not understand.

    If you really want to improve your anonymity online there are plugins that allow you to whitelist 'safe' cookies, and trash or block all the others. That plus plugins to block third-party widgets allow you to get 99% of the functionality from the Internet with only 1% of the spying. But these plugins take work on your part, to identify what sites and cookies you trust. Most people are too lazy. And the browser has no way of knowing for you. For example, I may want Amazon to remember me so I can buy with one click... you may not because you don't trust Amazon's tracking of what products you look at. The browser shouldn't be deciding that for you, but making choices like that for every site is a pain few users will bother with.

    • by nadass ( 3963991 )

      What we need is not a better incognito mode, but for tech journalists to stop pontificating about technology they do not understand.

      Exactly. There's nothing to read into their ramblings except that, as journalists, they have daily/weekly story and word count quotas.

    • by Zumbs ( 1241138 ) on Sunday July 10, 2016 @03:35PM (#52484633) Homepage

      Private browsing opens your browser in a blank-slate mode. Generally, no plugins, no cookies.

      Then you need a better browser :-) When I use Firefox for private browsing, NoScript, AdBlock and Ghostery are still very much active.

      This is not how I want to use my computer, logging in to every single site every single time I visit despite being on a trusted device. We have plugins and cookies for a reason, because they make the Internet a more useful tool.

      I mostly agree there. However, private browsing does allow me to start a session, e.g. to search for regular goods on the internet (because many webshops do require that I allow javascript to run), and clear any cookies and history during that session when I close it.

      • by Z00L00K ( 682162 )

        I think that the current browser model needs to get refreshed where cross-site cookies and similar stuff shall be killed off in the browser much like what Ghostery do. However some sites are a problem since they have different servers for serving images and the text content. Mostly found on some news sites.

      • by AmiMoJo ( 196126 )

        One trick I use to get lower prices is to find a product I want, the switch VPN end point and look at the same thing in a private browsing window. Don't just copy/paste the URL, there are probably identifiers in it, just go to the shop's main page and search.

        Often being logged out and an apparently new customer gets you a better price. Sometimes it helps to use referral links from comparison sites like Google. Once you have seen the lower price you can add it to your guest basket and then log in.

    • by AmiMoJo ( 196126 )

      There is a good argument for making private browsing the default though. For example, reject all cookies by default and have a whitelist requester when the browser notices you are logging in. Many browsers already offer to save your password for you.

      More over, if major browsers started to enforce typical privacy enhancements by default, like blocking third party JavaScript, it would force sites to make sure they work without those things.

      Something like Privacy Badger could be built in to, automatically bloc

    • Actually, you are the one who is ignorant of how cookies work. Mozilla already has a bug [mozilla.org] documenting what this guy is asking for, which has several proof-of-concept implementations, one of which is already used in the Tor browser. I implemented vertical and horizontal browser data isolation [github.com] in about a month in my spare time. Mozilla has finally started working toward this with their isolated tabs. The next logical result will be isolated origins. The change is inevitable. And get this: third-party cookies s
    • by houghi ( 78078 )

      I do not hgave an issue with them knowing what I do on their site. I jave an issue that they have a view when I am NOT on their site, but on another site.

      Facebook is pretty bad at this and the other one is Google.

      Besides that I hate it that they suggest things for me. 95% of the time it is an item I just bought. I just bought it. No need to buy it again. The other 5% are things I absolutely do not want, otherwise I would have bought them.

      However what REALLY is needed is not allowing the data to be used in

  • This is an interesting issue because it's become so complex. To browse privately and still allow a website to function has become a difficult prospect.

    You want each website to work, but you don't want any cookies or other data from one site to be able to be read by another. So individually sandboxed pages and cookies are the idea. Even if you block third party tracking cookies, other sites might be looking for cookies set by other discreet sites, not just cookies from tracking firms. The problem is so

  • by DogDude ( 805747 ) on Sunday July 10, 2016 @02:27PM (#52484235)
    If you're concerned about tracking, just install the Ghostery extension. It takes care of this.
  • I run incognito on occasion, but as a rule i'm on Firefox+NoScript+ABP and not actually in 'Private' browsing mode.

    I suspect this leaves me much more trackable, but if i am browsing untrusted sites (read:ANY sites), i am way more worried about remote 0day compromise of the week than i am tracking.

    Still, if i could auto-incognito and whitelist from that mode or cognito-reload at will (without enabling anything else) I would likely add that to my mix. But again, i run scripts disabled all the time so i'm wi

    • Preferences / Privacy / Uncheck Accept cookies from sites

      Then click on Exceptions and build a whitelist of sites you do want to allow cookies on... probably just the sites you login to. Sites that require cookies to show you content can be placated by allowing them cookies that only last for the browser sesson.

      Should be the last piece of the puzzle for ya. :)

      • by allo ( 1728082 )

        settings: allow cookies until firefox is closed
        install cookie culler and "protect" cookies you want to keep
        install self destructing cookies and whitelist the pages with protected cookies (and some with cookies, which should survive until you close the browser, not the tab)

  • Given that many users don't know the difference between 'privacy' and 'security', I have taken to calling it 'amnesic' or 'forgetful' mode instead.
  • by Anonymous Coward

    FWIW:

    I have about 10 different firefox profiles and a menu widget to launch them individually. Most are divided by task - one for all my banking, another for managing utility bills, one for "window shopping," another just for making purchases when I know exactly what I want, another for gmail (actually two different profiles for different gmail accounts), another that has no disk cache configured and wipes everything on exit. I also have two profiles for completely fake identities that I have very lax sec

    • I have another user account for browsing Facebook and other toys. This account doesn't have sound card access, so it also helps with FB notifications. There's practically no setup at all.
      • I have one without flash, which is the one I use normally. But yes, one can do such a thing.

        If you were really paranoid about snooping, I guess you could set up a Linux VM and browse from there. Roll it back or blow away the profile from time to time if you wish.

    • by Misagon ( 1135 )

      That's how it should work. And yes, the problem is making it easy to create a new profile.

      I have long requested that each private browsing window be its own private session, with no sharing of cookies between them.
      What if we would start with that, and create new "profiles" from "private browsing" sessions: a single button could be used for "saving" a temporary session.

  • by isj ( 453011 ) on Sunday July 10, 2016 @03:12PM (#52484545) Homepage

    <plug>
    We (privavore) are creating a fork for Firefox. (privafox.) By default we change all cookies into session-only. But with twists:
      - persistent cookies are allowed for sites that you provide a password to. The assumption is that if you log into a site the you probably want your shopping cart retained, and that by logging in you realize that the site will keep track of you. But we don't allow 3rd-party cookies.
      - workarounds for the EU cookie consent (in progress). By disallowing cookies by default you will get the "we use cookies to improve your experience" prompt.
      - user-agent is fixed (in-progress). That makes it a lot more difficult to distinguish different users behind the same ip (NAT).
    </plug>
    Both firefox' and chrome's private browsing mode leaves something to be desired. But that's ok.Their developers focus on creating the best browser. We just provide "after-market" customizations. Not for you, but for your less tech-savvy parents.

  • Block all tracking via cookies, analytics, web bugs and trackers:

    Use Firefox in normal mode with the following addons:
    CanvasBlocker
    FlashStopper
    HTTPS-Everywhere
    NoScript
    Privacy Badger
    Random Agent Spoofer
    RefControl
    RequestPolicy Continued
    Self-Destructing Cookies
    ShareMeNot
    uBlock or Adblock Plus

  • Opera already has a built in VPN option for private tabs.
    • It's vital to choose a VPN provider you trust, and who keeps no logs of your internet activity. If you are concerned about privacy then you should never pick a VPN provider who keeps logs.
  • Both Firefox and Chrome have the concept of different profiles/users. If you need to separate your personal ad experience from your professional one, just split your browser in two with a different profile. This means all your plugins/cookies/history get loaded into a different sandbox all together. It can still be separately fingerprinted and tracked, but it does separate it.
  • Obviously they mean secure, not private. Really, no one cares what I do online - I'm rather boring - so I don't care (much) about tracking. But there are times when I'd like to be even more anonymous. And that's easy enough - it's called a VPN.

    Given that I'm only aware of two browsers with a built-in VPN, I have to ask - are they working for that Tor browser (based on Firefox) or for Opera (based on Chromium) ... or have they been in a cave somewhere and never heard of either?
  • Privacy Browser is a web browser for Android designed to address this very issue. https://www.stoutner.com/priva... [stoutner.com] There is a planned feature to do exactly what the submitter requested, "Every single link to non-trusted websites should open, by default, in a Private/Incognito window." https://redmine.stoutner.com/i... [stoutner.com]
  • See https://ffprofile.com/ [ffprofile.com] to create a secured profile. See the github link to contribute with own ideas.

Whom the gods would destroy, they first teach BASIC.

Working...