Private Browsing Overview:
As day by day the use of internet browsing has been increasing, people are getting aware about their privacy and protecting personal information. No one wants to disclose what sites they are browsing and the local data associated with it, which can be used to retrieve personal sensitive information.
For example, if on a computer system, a user is accessing bank site, it is obvious that he would not want any other user to know his credentials which is stored by the web browser by default (allow by ask). For protecting the history of the websites the user has visited and the local data associated to it, we use private browsing.
How cache is maintained?
Whenever a user visits a website first time, the browser creates a temporary file called cache. It is maintain for speeding up browsing so whenever the user revisits that site again, that page will be loaded from its cache copy rather than downloaded again from the internet. But if you are using a public system then it can give some personal sensitive information to other user as it can store sensitive information such as passwords therefore the cache should be cleared in order to maintain privacy. Basically, Private Browsing hides the browsing history of the user from another user who is accessing the same machine.
Private Browsing is a concept of disabling the browser’s history, removing cookies and not storing the web cache. The browser will not store browsing information (of the session) such as credentials of the user or the sites visited or the data you enter into forms, if private browsing is enabled. Private Browsing doesn’t make you anonymous as your Internet Service Provider (ISP) will still be able to track you. Also, it is a common myth that it will protect user from keyloggers or spywares, but it will not.
The local data associated to a visited website that can be blocked by private browsing are:
- Browsing history –
It is a list of URLs recently visited by the user.
- Cache –
A temporary file that can consist of multimedia files or full web pages. It is used for speed up internet browsing. No cache is saved when private browsing is enabled.
- Cookies –
These are used by websites to maintain user-specific settings, information such as credentials and also for tracking. It can also be used to track user across different websites by third-parties. These are held temporarily in memory and discarded at the end of session when private browsing is enabled.
- Passwords –
The credentials associated with a particular website will not be saved by private browsing.
Note – Bookmarks saved and downloaded files will not be discarded at the end of private browsing session (only if saved in private browsing session). But recent researches have shown that it doesn’t able to fully protect user’s data even when the private browsing mode is enabled. The researchers were able to find enough information about the web pages visited when private browsing is enabled.
How private browsing is not fully private?
There are some research which shows that there are enough left traces even after the private browsing mode is enabled. When a user wants to access a website and he only knows the name of the website then a protocol is run, called Domain Name Service (DNS). The domain name is translated into a 32-bit IP address which is further used by networking devices to carry forward the domain name request and reply.
A special table called DNS cache is maintained for the purpose by the machine, in which a domain name with its corresponding translated IP address is maintained. If a technical user got access to your machine, he can exploit this information to a great extent and can find out what sites have been visited.
Another vulnerability is that the operating system of a machine could write information to your hard drive while using private mode. This can contain images or certain HTML code linked to a website. In both these scenarios, the web browser itself will not delete these information as it doesn’t have the authority to access to these parts of operating system.
To resolve these issues with the current system, MIT researchers developed a technology called dubbed veil. It was proposed to enhance the privacy of the users on public machines. The process involved in the proposed project is as follows:
Veil delivers a web page to machine through “blinding-server”. Whenever a user types a URL, the associated page will get retrieved from blinding-servers. Blinding-server is a proxy which will retrieve the requested web page and encrypt it before transmitting it to the browser. Also, a special garbage code will be injected to the page by which the page will look similar to the user but the HTML code will be modified. By this the source code and the website’s associated browsing history can be hidden.
Support of private browsing in different browsers:
- Google Chrome –
If a user doesn’t want Google chrome to remember the activities like web site searches etc, then Google chrome allows an option called incognito mode for private browsing. By enabling this mode, it will not store site cookies, browsing history etc but files downloaded or bookmarks will be stored. The user has to manually delete these.
Same goes with safari. All temporary files, browsing history, form data etc will be wiped out in safari private browsing mode.
Opera provides an extra level of secrecy as it provides an option of VPN (called Opera VPN, a proxy service) which will encrypt all the traffic operated by browser but notedly only for the traffic of opera. All the traffic is directed through VPN provider SurfEasy.
- Mozilla Firefox:
In addition to erasing browsing history, cookies etc, Firefox has an additional feature called content blocking. It prevents trackers from collecting user’s data.
- Internet Explorer and Edge:
Same implies with Microsoft’s browser Internet Explorer. It doesn’t store temporary files like cookies. In addition, it also disables third-party toolbar while in a private session.