Study: Private Browsing isn't So Private

Posted 08/09/2010 at 7:10am | by Paul Lilly

4

Comments

Print

Don't want anyone to know what corners of the Web you've been hanging around? Just fire up your browser's private browsing mode and no one will ever be the wiser. Or so we thought.

According to a study by Dan Boneh from Stanford University, a good many browser add-ons, extensions, and even some website security mechanisms end up thwarting so-called private browsing modes from working properly, and it's not limited to a single browser, either. In fact, Boneh and his research team found that Mozilla's Firefox, Microsoft's Internet Explorer, Google's Chrome, and Apple's Safari browsers were all affected.

"We discovered that all these browsers retain the generated key pair even after private browsing ends," the study said. "Again, if the user visits a site that generates an SSL client key pair, the resulting keys will leak the site's identity to the local attacker."

Ready for the real shocker? According to the study, this is more likely to affect browsing those, ahem, adult websites than the real reason private browsing modes exist, which everyone knows is to shop for birthday gifts and make anniversary plans on the down-low (right?).

"We found that private browsing was more popular at adult websites than at gift shopping sites and news sites, which shared a roughly equal level of private browsing use," Boney said in the report. "This observation suggests that some browser vendors may be mis-characterizing the primary use of the feature when they describe it as a tool for buying surprise gifts."

Smart one, that Boneh guy.

Image Credit: ourkitchensink.com