How Private Is 'In Private' Browsing?
Sep 24, 2010
Whenever a computer user accesses the internet, records of their activity are automatically stored on their PC. This information might include the keywords they have searched for, pages they have visited and even the data they have entered into online forms. For users wishing to keep certain activities away from prying eyes, the most popular internet browsers have now introduced 'In Private' browsing which offers users a way to stop the most obvious traces of activity from being stored.
Microsoft Internet Explorer 8 introduced this in the form of 'Inprivate' browsing, while Google Chrome offers an 'Incognito' mode and the soon to be released Mozilla Firefox 3.1 offers 'Private Browsing'. In Internet Explorer 8, the feature works by either preventing information from being created or by automatically deleting it once the user has finished browsing. For example, 'history' entries, which keep a record of the pages visited, are not created and form data and passwords are not stored.
However, cookies, which provide websites with certain site-specific information about the user such as shopping cart contents, are stored as 'session cookies' meaning that they are cleared when the browser is closed. In Google Chrome, 'Incognito' mode offers similar features, as web pages visited and files downloaded are not recorded, and all cookies are deleted when the Incognito window is closed.
While such features may afford a degree of privacy from other users, both Microsoft and Google have stressed that the modes are not designed to hide user activity from computer forensic experts or security specialists. In fact, after a round of testing, Dutch computer forensic expert Christian Prickaerts deemed the privacy afforded by Internet Explorer 8's 'Inprivate' browsing feature to be purely 'cosmetic', and warned that it should not be confused with anonymous web surfing.
In fact, the security offered by 'Inprivate' mode is mainly aimed at local level internet information, so that data regarding a user's internet activity may still be stored by the visited websites, the Internet Service Provider or the network administrator in the case of internet cafes or corporate workspaces.
In addition, while entries are not made into the browser's 'History' file, details of web pages visited are still left intact in other areas of the computer's registry and 'cache data', which includes images and other information that IE stores to speed up browser times, is also left untouched. Such data is usually easily accessible with computer forensic software, even if it has been deleted manually.
For home users then, the 'In Private' feature offers a useful way to keep information private from other users who are unlikely to deliberately pry, but for internet cafe users the feature should not be considered to offer significant additional security. As such, it should not be considered a replacement for other forms of internet security and the same level of caution should be exercised with regard to the type of data accessed from public locations.
For businesses running corporate networks, it is important to ensure that systems administrators are aware of the feature, since 'In Private' browsing may remove the more obvious traces of wrongdoing. But for the time being at least, the feature offers no significant barrier to a successful investigation if computer misuse is suspected.