SecureMac, Inc.

Computer security news. Just for Macs.

Get the latest computer security news for Macs and be the first to be informed about critical updates. Industry news, security events and all you need right at your fingertips. Malware threats change daily, so keep up to date on the latest developments to help ensure your privacy and protection. You can never be too safe.

Behind the Scenes with Private Browsing

Posted on September 24, 2014

As the leading contenders in the web browser industry (such as Google’s Chrome, Apple’s Safari and Mozilla’s Firefox) began battling for the hearts and minds of the public, it was only a matter of time before they took advantage of the growing concern regarding online privacy. “Private browsing” was the solution that was offered to put our minds at ease.

This feature is known by different names depending on the browser you use, but whether it’s Incognito Mode, InPrivate Browsing, or Private Browsing Mode, we’re led to believe that we can simply vanish from the Internet by enabling the appropriate option.

But is this really a cure for privacy-related headaches? In order to determine the answer, let’s take a look at what private browsing actually encompasses, and whether or not there is any validity to the argument that it’s only really useful when browsing… *ahem*… “naughty” websites.

What Is Private Browsing?

Apple is well know for innovation, so it comes as no surprise that they were the first to meet the needs of those who desired privacy online. The concept came about back in 2005 with the release of Mac OS X Tiger, when the bundled Safari browser included the new privacy feature. It took a while before other browser vendors followed suit, but today this is a standard feature found in most modern browsers.

Essentially, the purpose of Private Browsing is to inhibit any web usage information from being stored locally on the computer’s hard drive, protecting against anyone or anything (such as malware) that might be rummaging around in the temporary Internet files on the computer.

This does not stop the normal logging that occurs on the server side of things, however, which typically includes information such as your computer’s IP address (typically assigned by your ISP on a per-household basis), the websites that you visited, and the timestamps for those visits. So if a criminal is doing some illegal on the internet, Private Browsing isn’t going to cover his tracks!

Bugs Can Make Private Browsing Less Effective

Over the years, tech news sites have published stories detailing how bugs and flaws in private browsing modes can continue to leave private data behind during supposedly-anonymous web browsing activities.

In 2010, Dan Boneh of Stanford University led a team to examine exactly what the various private browsing modes covered and discovered that private browsing was “used differently from how it is marketed.” The abstract for the study can be found here: http://crypto.stanford.edu/~dabo/pubs/abstracts/privatebrowsing.html

That year, it was announced at the USENIX Security Conference that there were many exploitable holes in the private browsing features of Safari, Firefox, Chrome, and Internet Explorer. While no actual exploit instructions were given, it was stated that information was still being written to disk. More recently, Mozilla updated Firefox in September 2012 to fix a bug where sites visited in Private Browsing mode were still being stored to disk. Previous versions of Firefox did not contain the bug, which is a good reminder that new browser updates can break existing functionality.

While Private Browsing might catch most of your digital trail and ensure it remains secret, the fact remains that data is left behind in some cases, at a detriment to user security and privacy. Some security and privacy companies have stepped up to address this problem with various tools to clean up leftover internet clutter. PrivacyScan, from SecureMac, is one such tool, and has been highly praised by top technology critics and journalists.

Is There Such Thing as Completely Private Browsing?

While mainstream web browser privacy features may seem limited in the face of server-side tracking, there are ways to browse the Internet with complete anonymity. The best-known example of this is the Tor Project, which is the same security system through which whistleblowers can securely transmit information to Wikileaks, all while remaining completely anonymous.

Tor (an acronym for The Onion Router) works by sending information transmitted over the Internet (including the original IP address) through a series of approximately 3,000 network relays contributed by volunteers. Information sent through the Tor network is encrypted and specifically encoded in a way that prevents eavesdroppers from reading it.

The ‘onion’ part of the name refers to the fact that the encryption is applied in many different layers, with each layer being encrypted once again. This is real private browsing.

The Bottom Line on Browser Privacy

Whether you’re unnerved by the whole ‘Big Brother’ scenario, peeved with malware and other malicious digital attacks, or just plain irritated by advertisers and their so-called “behavioral targeting” technology, online privacy is an important concern.

If you want true Internet anonymity, private browsing mode is not the most effective method and though Tor is an option, it’s geekier to set up than the average web browser and can impact the speed of your internet connection to a large degree. If you’re not leaking state secrets, a combination of surfing the web with Private Browsing mode enabled and regularly running internet clutter cleanup tools, such as PrivacyScan, should keep you covered.

As the feature race continues between Safari, Firefox, Chrome, and other major browsers, private browsing is likely to see continued improvements, but there will still remain a risk that new bugs will expose your private data. As the debate regarding privacy, both online and offline, continues to grow, it can be assured that Internet privacy will continue to remain a popular topic amongst both journalists and consumers.

Join our mailing list for the latest security news and deals