'Private Browsing' Not So Much

Security researchers have revealed that 'private browsing' modes on web browsers, which are designed to remove all traces of the sites a user has visited, can leak information.

A study by Dan Boneh from Stanford University which is due to be presented at the Usenix Security Symposium in the U.S. next week claims that many browser add-ons or website security measures stop the 'private browsing' mode from working properly.

Boneh and his team looked at the private browsing functions on Mozilla's Firefox browser along with Microsoft Internet Explorer, Google Chrome and Apple's Safari, and said all four programs were affected.

We discovered that all these browsers retain the generated key pair even after private browsing ends," the study said.

"Again, if the user visits a site that generates an SSL client key pair, the resulting keys will leak the site's identity to the local attacker."

The study also revealed that the function is more likely to be used by those browsing adult websites than those purchasing 'suprise' gifts for family and friends.

Artwork: Chip Taylor
"We found that private browsing was more popular at adult web sites than at gift shopping sites and news sites, which shared a roughly equal level of private browsing use," Boneh said in the report.

"This observation suggests that some browser vendors may be mischaracterising the primary use of the feature when they describe it as a tool for buying surprise gifts."

Boneh and his researchers believe they are the first to demonstrate that 'private browsing' can be compromised.

Subscribe to the The Advisor Newsletter

Comments