Study: Your Browser's Private Browsing Mode May Not Always Be So Private After All

Your Web browser’s private browsing mode, perhaps not as “private” as you would like to see. A new study, coming out of Stanford University’s Security Lab in the Computer Science Department, says that modern browsers’ private browsing mode may be undermined when visiting certain Web sites or by using certain extensions. Nice.

The study finds that private browsing modes are most often activated when visiting adult Web sites. You probably didn’t need an academic study to know that, but it’s good to see that fact supported by the Academy.

But that’s what makes the results all the more troubling.

You visit whatever Web site using private browsing mode, and you expect that you’re not leaving any unnecessary bread crumbs for your roommate or girlfriend or big brother to find. You don’t want to have that conversation.

Or maybe you do, I don’t know.

The study, written by the department’s Applied Crypto Group, finds that there’s two major flaws when it comes to private browsing modes: Web site security and browser extensions.

Private browsing mode usually works by not saving things like cookies and history files to your hard drive. Think of it like browsing the Web using a live Linux distribution: you turn the computer off and all your data is gone. Woo!

The mode works as advertised unless you come across Web sites that encrypt data—let’s say a shopping site. That data could still be on your hard drive.

Extensions that involve search can cache data without your knowledge.

This covers all the major Web browsers, by the way: Firefox, Safari, Chromium, and Internet Explorer.

Solution? Well, you could invoke private browsing mode after disabling your extensions. That way you know the only thing between interesting Web site and your eyeballs is the browser’s private browsing mode, without any third-party nonsense mucking things up.

You could also buy a secret, second computer and not tell anybody about it. It’s a long way to go, but it’s truly private.