This ongoing research is being conducted by Ruba Abu-Salma, a Ph.D student in Computer Science from University College London (UCL), and Brave’s Chief Scientist, Dr. Ben Livshits. The final findings will be submitted as a paper in the next several weeks.

Private browsing is a privacy-enhancing tool, where the web browser does not record users’ private browsing activities on the local device [1]. It is a special mode that allows users to browse the Internet without saving any information (e.g., cookies, temporary files) about the websites they have visited in private mode.

Prior work has quantitatively (through survey studies) investigated whether users are aware of private browsing, what they use it for, and whether they understand what it does [2, 3, 4, 5, 6]. Most surveyed respondents were either unaware of private browsing, or did not use it. Further, the vast majority of respondents had misconceptions about private browsing — such as incorrectly believing private browsing protects against visited websites, ISPs, and governments. However, prior work has not investigated why users misunderstand the benefits and limitations of private browsing.

In this work, we seek to explore why users misunderstand private browsing by investigating their mental models of private browsing and its security goals. We also study users’ private browsing habits. We do so by conducting a qualitative, interview-based study with users and non-users of private browsing. The value of conducting qualitative research lies in providing a holistic understanding of the phenomenon under enquiry using predominantly subjective qualitative data, which can be later supplemented by quantitative data.

Our Study: Exploring User Mental Models of Private Browsing

We hypothesize that users’ mental models of private browsing are diverse and do not necessarily map to the narrow set of threats against which browsers actually protect. In our study, we build on prior work and conduct a qualitative study to explore users’ mental models of private browsing and its security goals. We also study how people use private browsing.

Typically, a study of this nature [a qualitative user study] involves between 12 and 25 participants [7, 8]. To recruit our 25 participants, we posted flyers and distributed leaflets in London, UK. We asked interested participants to complete an online screening questionnaire. We aimed to recruit a demographically-diverse sample of participants — in terms of gender, age, race, educational level, and employment status — to assess whether participants’ demographics affected the robustness of their mental models. We also assessed participants’ technical background. Further, we provided participants with a list of different web browsers, and then asked which browsers they used. Google Chrome was the most used web browser by our participants, followed by Firefox, Safari, Internet Explorer, and Brave, respectively.

Preliminary Findings

We now present some preliminary findings of our qualitative study. We do not report how many participants mentioned each finding in this post because this is ongoing work. We only describe high-level findings and insights.

What are users’ mental models of private browsing?

Participants drew their mental models of private browsing. We show some of the participant drawings throughout the post, to illustrate participants’ conceptual understanding of the term “private browsing.”

Although all participants mentioned that they had heard of the term “private browsing,” and felt confident explaining it, almost all participants associated private browsing with privacy tools that provide more protection than what private browsing in Google Chrome, Firefox, Internet Explorer, and Microsoft Edge guarantees. For example, some participants associated private browsing with secure browser connections (i.e., network encryption). Others associated private browsing with end-to-end encrypted communications, anonymous communications (using a VPN or Tor), or user authentication. The drawings below explain some of our participants’ mental models of private browsing.