Private mode of browsers does it works ?

Does we trust the private mode browsers?

Stanford researchers have studied the functioning of private browsing modes of browsers. They discovered that they could leak information personal.

We have so private than the incognito mode? According to a team of researchers at Stanford University, the function ” private browsing “implemented in Firefox, Chrome, Safari and Internet Explorer that could reveal more about the surfing habits of Internet users than they think. The private browsing is supposed to allow the browser to surf without recording or cookies, or cached items, or browsing history. A handy feature to leave no trace, at a session of surfing outside of home in a cybercafe for example.

However, the long paper just published by the research team, which will run from August 11 to 13 at the conference Usenix Security, reveals several vulnerabilities of these navigation modes whose implementation varies according to the software.

Thus, when IE, Firefox or Chrome hide the cookies created during a session of surfing classic, Safari leaves appear when private browsing. Similarly, Firefox and Safari extensions turn left off the record, this is not the case with Chrome, which allows users to choose whether to use their extensions. A significant option because they can make navigation less discreet leaving the computer information about the sites visited. As for Internet Explorer, it does have an option to disable the toolbars and extensions at the start of a session “InPrivate”, but ActiveX controls are still functional, according to the study.

Minimal risk

Whether we are reassured all the same: most of the techniques described by researchers to exploit the weaknesses of our local browsers require some technical expertise. The team describes such a procedure to search the DNS cache or virtual memory after the surf session and close the browser, to find sites frequented discreetly.

For all sites encrypted with SSL (Secure Sockets Layer) is a bit simpler: IE, Firefox and Safari keep the SSL key after browsing in a separate system, not deleted by the browser. One might as well go back to the sites visited from these data, the researchers said.

Funny: through a technique home to let them know if a user or not private browsing, the team succeeded in isolating the use they made of this feature. We learn by studying the “private browsing is more popular at sessions surfing adult sites on shopping sites and news of gifts.” Half an unsurprisingly, indeed, but a little dig in the direction of Microsoft, which has made a good publicity prudish on this theme!

The researchers also reported that Safari users are quicker to launch private browsing while surfing X-rated sites, with 14% of sessions masked, against only 2% of users identified in IE8 ” InPrivate “on the same kind of sites.