Every major browser has an “Incognito Mode”, “Private Browsing”, “inPrivate” or something similar — a switch that supposedly covers your tracks, at least on your computer. But security researchers have found many holes in the armour that privacy modes supposedly provide.
Ars Technica decompiles a paper from Stanford and Carnegie Mellon researchers (direct PDF link) that tests the security of private browsing modes in Internet Explorer, Firefox, Chrome and Safari, and finds them all seriously lacking.
What’s wrong with private browsing? Most significantly, it’s add-ons and plug-ins that betray privacy. Adobe’s Flash has often been cited for cookies that don’t wipe clean, but it’s also browser-specific add-ons that can betray where a browser has been. Those browser that don’t allow add-ons to run in their private modes also don’t protect against “suitably crafted sites (that) could trace visitors between private and non-private sessions”.
All a good reminder that while there are ways to browser without leaving a trace, you shouldn’t count on your browser’s privacy mode to do much more than protect you against the most basic of inquiries into what you’ve been doing.
Private browsing: it’s not so private [Ars Technica]