Researchers From MIT and Harvard University Present a Paper Describing a New System, Dubbed Veil, That Makes Private Browsing More Private (mit.edu) 20
From a blog post on MIT News Office: Veil would provide added protections to people using shared computers in offices, hotel business centers, or university computing centers, and it can be used in conjunction with existing private-browsing systems and with anonymity networks such as Tor, which was designed to protect the identity of web users living under repressive regimes. "Veil was motivated by all this research that was done previously in the security community that said, 'Private-browsing modes are leaky -- Here are 10 different ways that they leak,'" says Frank Wang, an MIT graduate student in electrical engineering and computer science and first author on the paper. "We asked, 'What is the fundamental problem?' And the fundamental problem is that [the browser] collects this information, and then the browser does its best effort to fix it. But at the end of the day, no matter what the browser's best effort is, it still collects it. We might as well not collect that information in the first place."
Ah, Slashdot, I hardly knew ye... 1997 to 2018 (Score:5, Funny)
More curious as to whether posting is possible than caring about this particular subject...
Re: (Score:3)
This is for browser cache, page file, etc (Score:2)
Their approach is targeted to avoid leaving evidence on the user's machine. Sometimes you see these criminal cases where a guy dies from arsenic poisoning and investigators discover that the wife Googled "arsenic poisoning" a week before, and read up on how people can be poisoned with arsenic. If the wife used these techniques, it would be more difficult for investigators to look on her computer and see that she had been researching arsenic poisoning before her husband was poisoned.
PS - doesn't work for Reddit (Score:2, Funny)
PS, these techniques will NOT be effective if, after receiving a subpoena for emails, you post on Reddit "my client is a VERY VIP and I need to wipe out all evidence of her emails" while posting under the same username you use on Twitter.
Page file aka swap. "RAM" can easily be on disk (Score:3)
Your ram disk can very easily appear on disk. Windows calls it the page file, Linux calls it swap.
> Just modify all the necessary paths for Firefox
Also Firefox, and applications in general, are essentially wrappers around system calls. For example, browser doesn't open connections to web servers. It asks the O's to do that. Firefox doesn't know what's happening.
Re: (Score:2)
Against eavesdroppers, yes. Against a compromised (or snooping) target website, no. The latter is the main concern here.
Re: (Score:2)
Huh? The threat model is physical access to the client by e.g. an employer or a detective. It is described as
How useful is this? (Score:2)
It seems potentially interesting for an edge case... but I’d be curious to know how much web browsing actually happens on shared computers which still have individual accounts (excepting family computers).
Re: (Score:2)