Ars Technica discusses Web browsers’ “privacy browsing” settings, which consumers use to reduce tracking of the online habits, such as Web sites visited or products browsed. Ars Technica points to a report (pdf) on the issue by Stanford University researchers, “An Analysis of Private Browsing Modes in Modern Browsers,” which includes evaluations of “InPrivate Browsing” in Internet Explorer, “Incognito mode” in Chrome, and “Private Browsing” in Firefox and Safari.
Research by Stanford University to investigate the privacy of the “private browsing” feature of many Web browsers suggests that the tools aren’t all that private after all, and that many kinds of information can be leaked by browsers when using the mode. The paper is due to be presented next week at the USENIX security conference. […]
To keep browsing private from other users of the same machine, browsers must discard (or avoid creating) any history entries, cached items, cookies, and so on. To prevent sites from being able to track visitors, the browsers must ensure that they don’t send any cookies or other identifiable information from non-private sessions when in private mode.
The researchers found that the browsers’ protections were imperfect. Browsers did not properly isolate their private sessions from non-private ones, with the result that suitably crafted sites could trace visitors between private and non-private sessions. Sites could also leave persistent indications that they had been visited, allowing visits to be detected by local users.