Research by Stanford University to investigate the privacy of the "private browsing" feature of many Web browsers suggests that the tools aren't all that private after all, and that many kinds of information can be leaked by browsers when using the mode. The paper is due to be presented next week at the USENIX security conference.

"InPrivate Browsing" in Internet Explorer, "Incognito mode" in Chrome, and "Private Browsing" in Firefox and Safari all strive to do the same two things: make it impossible for users of the same computer to figure out which sites the browser has been used to visit, and make it impossible for sites to know whether or not a particular user has previously visited them.

To keep browsing private from other users of the same machine, browsers must discard (or avoid creating) any history entries, cached items, cookies, and so on. To prevent sites from being able to track visitors, the browsers must ensure that they don't send any cookies or other identifiable information from non-private sessions when in private mode.

The researchers found that the browsers' protections were imperfect. Browsers did not properly isolate their private sessions from non-private ones, with the result that suitably crafted sites could trace visitors between private and non-private sessions. Sites could also leave persistent indications that they had been visited, allowing visits to be detected by local users.

The big problem: add-ons



The problem got worse when extensions and plugins were considered. All four browsers tested enabled plugins in private mode, and these plugins can themselves store data that allows both kinds of privacy to be defeated.

One example of such a plugin used to be Adobe Flash; Flash has its own cookie system, and it used to be the case that Flash's cookies did not respect the privacy mode of the browser. Cookies set in private mode persisted, and cookies set in public mode were readable from private mode. Fortunately, Flash has since been fixed, but any plugin could contain similar errors.

Internet Explorer and Chrome both disable browser extensions by default in their private mode; Firefox, however, does not, and this provides yet another avenue by which private information can be leaked.

As part of their research, the team also collected information on how often people use private modes. Though Microsoft advertises InPrivate Browsing as a way for people to buy gifts online without any risk that the recipient will find out, the most common use of private browsing was (shockingly) to explore the Internet's seedy underbelly, keeping prurient interests, rather than birthday presents, private. Even this use was relatively rare; only 8 percent of people used private browsing for their online sexual entertainment, with 6 percent using it for gift shopping and general Web browsing.

The use of private browsing also varied wildly between browsers. Internet Explorer users barely bothered—just 2 percent of them use it, even for X-rated sites—whereas some 14 percent of Safari users prefer to keep their dirty/gift-buying habits to themselves.