In association with heise online

09 August 2010, 15:55

Private browsing mode offers insufficient protection

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Secret Teaser According to a recent study, using your browser in privacy mode may leave behind more traces on your computer and on the net than you think. The authors discovered data leaks in the four most popular browsers (Chrome, Firefox, Internet Explorer and Safari) that potentially disclose a user's internet behaviour to others sharing their PC and to web page operators. The study says that private browsing has been implemented differently in each browser. For instance, Safari only covers up local traces; even in private mode, users take their entire cookie collection with them on their travels through the web.

In the browsers tested, web pages which generate SSL key pairs, or offer self-signed certificates for installation, leave traces on a computer that allow intruders to find out about a user's page visits after the private browsing session is closed – as long as the intruder has access to the computer. The reverse is also possible: As self-signed certificates installed during normal browser operation are also available in private mode, web page operators can potentially conclusively identify their visitors.

The authors of the study paid particular attention to Mozilla's open source Firefox browser. They even analysed the source code to locate the points where storage functions may not check the private browsing state. Among other things, Firefox permanently retains various page settings such as the pop-up blocker's exception rules, which allows local attackers to view the visited pages listed under exceptions.

Many browser extensions also appear to be careless when handling users' data: Even in private mode, half of the JavaScript-based Firefox add-ons tested were found to leave behind such items as URL blacklists, which provide information about a user's browsing habits, on the hard disk. In Chrome, 71 of the 100 most popular extensions use the localStorage API to write to disk. However, Chrome leaves it up to users to determine which add-ons can be executed in private mode.

As part of their study, the researchers developed specially crafted advertising banners which allowed them to monitor whether the visitors of a web page were browsing in private mode. They ran their advertising campaign on three types of web pages: Gift shopping sites, news sites and adult sites. The authors found that private browsing was used most frequently by those who visited adult sites – it seems that this function has rightfully earned the nickname "porn mode".

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit