Private browsing (also known as incognito mode or private mode) is a feature in some web browsers that enhances user privacy. In this mode, the browser initiates a temporary session separate from its main session and user data. The browsing history is not recorded, and local data related to the session, like Cookies and Web cache, are deleted once the session ends. The primary purpose of these modes is to ensure that data and history from a specific browsing session do not remain on the device or get accessed by another user of the same device. In web development, it can be used to quickly test displaying pages as they appear to first-time visitors.
Private browsing modes do not necessarily protect users from being tracked by other websites or their Internet service provider (ISP). Furthermore, there is a possibility that identifiable traces of activity could be leaked from private browsing sessions by means of the operating system, security flaws in the browser, or via malicious browser extensions, and it has been found that certain HTML5 APIs can be used to detect the presence of private browsing modes due to differences in behavior. This is usually why some people mistake private browsing for a virtual private network.
Apple's Safari browser was one of the first major web browsers to include this feature, first introduced in April 2005. [1] The feature was subsequently adopted by other browsers, leading to the popularization of the term in 2008 by mainstream news outlets and computing websites during discussions about the beta versions of Internet Explorer 8. [2] [3] [4] Adobe Flash Player 10.1 started respecting browser settings and private browsing modes in relation to storing local shared objects. [5] [6]
Private browsing modes are commonly used for various purposes, such as concealing visits to sensitive websites (like adult-oriented content) from the browsing history, conducting unbiased web searches unaffected by previous browsing habits or recorded interests, offering a "clean" temporary session for guest users (for instance, on public computers), [7] and managing multiple accounts on websites simultaneously. Private browsing can also be used to circumvent metered paywalls on some websites. [8]
In a survey conducted by DuckDuckGo, 48% of participants chose not to respond, prompting lead researcher Elie Bursztein to observe, "Surveys are clearly not the best approach to understand why people use private browsing mode due to the embarrassment factor." Additionally, 18% of respondents indicated that their main use of private browsing modes was for online shopping. [9] [10] [11]
A study by the Mozilla Foundation found that most sessions lasted only about 10 minutes. However, there were periods of increased activation, usually from 11 a.m. to 2 p.m., at 5 p.m., between 9 p.m. and 10 p.m., and a minor peak occurred about an hour or two after midnight. [12]
Private browsing is known by different names in different browsers. [13]
Date | Browser | Synonym |
---|---|---|
29 April 2005 | Safari 2.0 | Private Browsing (Command⌘+Shift+n) |
11 December 2008 | Google Chrome | Incognito (Ctrl+Shift+n or ⌘+Shift+n for Mac) [14] |
19 March 2009 [15] | Internet Explorer | InPrivate Browsing (Ctrl+Shift+p or ⌘+Shift+p for Mac) |
30 June 2009 | Mozilla Firefox 3.5 [16] | Private Browsing (Ctrl+Shift+p or ⌘+Shift+p for Mac) |
2 March 2010 | Opera 10.50 [17] | Private Tab / Private Window (Ctrl+Shift+n or ⌘+Shift+n for Mac) |
18 November 2014 | Amazon Silk [18] | Private Browsing (Swipe from the left edge of the screen, and then tap Settings and select Enter Private Browsing) |
29 July 2015 | Microsoft Edge | InPrivate Browsing (Ctrl+Shift+n or ⌘+Shift+p for Mac) |
13 November 2019 | Brave | Private Browsing (Ctrl+Shift+n or ⌘+Shift+n for Mac) |
It is a common misconception that private browsing modes can protect users from being tracked by other websites or their Internet service provider (ISP). [19] Such entities can still use information such as IP addresses and user accounts to uniquely identify users. [19] [20] Private browsers on iOS, not created by Apple, must adhere to specific standards and regulations to be available on its platform for iPhone and iPad. Specifically, these browsers are required to employ the WebKit framework for rendering web pages. Consequently, third-party browsers cannot use their own rendering engines and must depend on Apple's framework instead. This constraint impacts the range of privacy features that these browsers can provide. [21] This is one of the reasons why some browsers have partly addressed this shortcoming by offering additional privacy features that can be automatically enabled when using private browsing mode, such as Firefox's "Tracking Protection" feature to control use of web trackers (which has since been rolled into a larger "content blocking" function extended outside of private browsing mode), and Opera offering an in-house VPN service embedded within the browser. [22] [9]
Brazilian researchers published the results of a project where they applied forensic techniques (namely the Foremost data carving tool and Strings program) to extract information about the users browsing activities on Internet Explorer and Firefox browsers with their private mode enabled. They were able to collect enough data to identify pages visited and even partially reconstruct them. [23] This research was later extended to include the Chrome and Safari browsers. The gathered data proved that the browsers' private mode implementations are not able to fully hide users' browsing activities and that browsers in private mode leave traces of activities in caching structures and files related to the paging process of the operating system. [24]
Another independent security analysis, performed by a group of researchers at Newcastle University, reported a range of potential security vulnerabilities in the implementation of the private modes across Chrome, Firefox, Internet Explorer, and Safari, including that; [25]
Bugs and security vulnerabilities in extensions themselves may also leak personally identifiable data from private mode. [28]
Implementations of the HTML5 FileSystem API can be used to detect users in private mode. In Google Chrome, the FileSystem API was not available in Incognito mode prior to version 76. To prevent circumvention of paywall policies and evasion of web tracking scripts used to monetize traffic, a number of websites — including The New York Times — have used such behavior to block access to users in private browsing mode, and requiring them to subscribe or log in. Chrome 76 allows the FileSystem API to be used in Incognito mode; explaining the change, Google argued that the ability to detect the use of Incognito mode infringes on users' privacy. However, it was later discovered that the disk space quotas for the API differed between normal and Incognito modes, providing another means by which to detect Incognito users. [29] [8] [30] Despite statements otherwise by Google, this has not yet been patched. Scripts have also been developed to detect private browsing mode on other browsers, such as Firefox. [31]
In December 2023, Google settled a $5 billion consumer privacy lawsuit that alleged its practises allowed it to track users in private browsing mode in various browsers. [32]
Hypertext Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP). It uses encryption for secure communication over a computer network, and is widely used on the Internet. In HTTPS, the communication protocol is encrypted using Transport Layer Security (TLS) or, formerly, Secure Sockets Layer (SSL). The protocol is therefore also referred to as HTTP over TLS, or HTTP over SSL.
A web browser is an application for accessing websites. When a user requests a web page from a particular website, the browser retrieves its files from a web server and then displays the page on the user's screen. Browsers are used on a range of devices, including desktops, laptops, tablets, and smartphones. By 2020, an estimated 4.9 billion people had used a browser. The most-used browser is Google Chrome, with a 67% global market share on all devices, followed by Safari with 18%.
Mozilla Firefox, or simply Firefox, is a free and open source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation. It uses the Gecko rendering engine to display web pages, which implements current and anticipated web standards. Firefox is available for Windows 10 and later versions of Windows, macOS, and Linux. Its unofficial ports are available for various Unix and Unix-like operating systems, including FreeBSD, OpenBSD, NetBSD, and other operating systems, such as reactOS. Firefox is also available for Android and iOS. However, as with all other iOS web browsers, the iOS version uses the WebKit layout engine instead of Gecko due to platform requirements. An optimized version is also available on the Amazon Fire TV as one of the two main browsers available with Amazon's Silk Browser.
A browser war is a competition for dominance in the usage share of web browsers. The "first browser war" (1995–2001) consisted of Internet Explorer and Netscape Navigator, and the "second browser war" (2004-2017) between Internet Explorer, Firefox, and Google Chrome.
A browser extension is a software module for customizing a web browser. Browsers typically allow users to install a variety of extensions, including user interface modifications, cookie management, ad blocking, and the custom scripting and styling of web pages.
A local shared object (LSO), commonly called a Flash cookie, is a piece of data that websites that use Adobe Flash may store on a user's computer. Local shared objects have been used by all versions of Flash Player since version 6.
Mozilla Firefox 4 is a version of the Firefox web browser, released on March 22, 2011. The first beta was made available on July 6, 2010; Release Candidate 2 was released on March 18, 2011. It was codenamed Tumucumaque, and was Firefox's last large release cycle. The Mozilla team planned smaller and quicker releases following other browser vendors. The primary goals for this version included improvements in performance, standards support, and user interface.
Google Chrome is a web browser developed by Google. It was first released in 2008 for Microsoft Windows, built with free software components from Apple WebKit and Mozilla Firefox. Versions were later released for Linux, macOS, iOS, iPadOS, and also for Android, where it is the default browser. The browser is also the main component of ChromeOS, where it serves as the platform for web applications.
Web storage, sometimes known as DOM storage, is a standard JavaScript API provided by web browsers. It enables websites to store persistent data on users' devices similar to cookies, but with much larger capacity and no information sent in HTTP headers. There are two main web storage types: local storage and session storage, behaving similarly to persistent cookies and session cookies respectively. Web Storage is standardized by the World Wide Web Consortium (W3C) and WHATWG, and is supported by all major browsers.
Web tracking is the practice by which operators of websites and third parties collect, store and share information about visitors' activities on the World Wide Web. Analysis of a user's behaviour may be used to provide content that enables the operator to infer their preferences and may be of interest to various parties, such as advertisers. Web tracking can be part of visitor management.
Do Not Track (DNT) is a deprecated non-standard HTTP header field designed to allow internet users to opt out of tracking by websites—which includes the collection of data regarding a user's activity across multiple distinct contexts, and the retention, use, or sharing of data derived from that activity outside the context in which it occurred.
Content Security Policy (CSP) is a computer security standard introduced to prevent cross-site scripting (XSS), clickjacking and other code injection attacks resulting from execution of malicious content in the trusted web page context. It is a Candidate Recommendation of the W3C working group on Web Application Security, widely supported by modern web browsers. CSP provides a standard method for website owners to declare approved origins of content that browsers should be allowed to load on that website—covered types are JavaScript, CSS, HTML frames, web workers, fonts, images, embeddable objects such as Java applets, ActiveX, audio and video files, and other HTML5 features.
HTML audio is a subject of the HTML specification, incorporating audio |speech to text]], all in the browser.
Firefox was created by Dave Hyatt and Blake Ross as an experimental branch of the Mozilla browser, first released as Firefox 1.0 on November 9, 2004. Starting with version 5.0, a rapid release cycle was put into effect, resulting in a new major version release every six weeks. This was gradually accelerated further in late 2019, so that new major releases occur on four-week cycles starting in 2020.
Browser security is the application of Internet security to web browsers in order to protect networked data and computer systems from breaches of privacy or malware. Security exploits of browsers often use JavaScript, sometimes with cross-site scripting (XSS) with a secondary payload using Adobe Flash. Security exploits can also take advantage of vulnerabilities that are commonly exploited in all browsers.
Google Safe Browsing is a service from Google that warns users when they attempt to navigate to a dangerous website or download dangerous files. Safe Browsing also notifies webmasters when their websites are compromised by malicious actors and helps them diagnose and resolve the problem. This protection works across Google products and is claimed to “power safer browsing experiences across the Internet”. It lists URLs for web resources that contain malware or phishing content. Browsers like Google Chrome, Safari, Firefox, Vivaldi, Brave, and GNOME Web use these lists from Google Safe Browsing to check pages against potential threats. Google also provides a public API for the service.
uBlock Origin is a free and open-source browser extension for content filtering, including ad blocking. The extension is available for Firefox and Chromium-based browsers.
A progressive web application (PWA), or progressive web app, is a type of web app that can be installed on a device as a standalone application. PWAs are installed using the offline cache of the device's web browser.
Client Hints is an extension to the existing Hypertext Transfer Protocol (HTTP) that allows web servers to ask the client for information about its configuration. The client can choose to respond to this request by advertising the requested information about itself by sending the data using a specific part of the HTTP protocol called HTTP header fields or by exposing the same information to the JavaScript code being executed on a web page. This can then help the server tailor its responses to the client; for example, a server can choose to send a smaller image if a client advertises that they have a very small screen.