Private browsing

Last updated

The start page for private browsing mode in Firefox. Private Browsing in Firefox 113.png
The start page for private browsing mode in Firefox.

Private browsing (also known as incognito mode or private mode) is a feature in some web browsers that enhances user privacy. In this mode, the browser initiates a temporary session separate from its main session and user data. The browsing history is not recorded, and local data related to the session, like Cookies and Web cache, are deleted once the session ends. The primary purpose of these modes is to ensure that data and history from a specific browsing session do not remain on the device or get accessed by another user of the same device. In web development, it can be used to quickly test displaying pages as they appear to first-time visitors.

Contents

Private browsing modes do not necessarily protect users from being tracked by other websites or their Internet service provider (ISP). Furthermore, there is a possibility that identifiable traces of activity could be leaked from private browsing sessions by means of the operating system, security flaws in the browser, or via malicious browser extensions, and it has been found that certain HTML5 APIs can be used to detect the presence of private browsing modes due to differences in behavior. This is usually why some people mistake private browsing for a virtual private network.

History

Apple's Safari browser was one of the first major web browsers to include this feature, first introduced in April 2005. [1] The feature was subsequently adopted by other browsers, leading to the popularization of the term in 2008 by mainstream news outlets and computing websites during discussions about the beta versions of Internet Explorer 8. [2] [3] [4] Adobe Flash Player 10.1 started respecting browser settings and private browsing modes in relation to storing local shared objects. [5] [6]

Uses

Private browsing modes are commonly used for various purposes, such as concealing visits to sensitive websites (like adult-oriented content) from the browsing history, conducting unbiased web searches unaffected by previous browsing habits or recorded interests, offering a "clean" temporary session for guest users (for instance, on public computers), [7] and managing multiple accounts on websites simultaneously. Private browsing can also be used to circumvent metered paywalls on some websites. [8]

In a survey conducted by DuckDuckGo, 48% of participants chose not to respond, prompting lead researcher Elie Bursztein to observe, "Surveys are clearly not the best approach to understand why people use private browsing mode due to the embarrassment factor." Additionally, 18% of respondents indicated that their main use of private browsing modes was for online shopping. [9] [10] [11]

A study by the Mozilla Foundation found that most sessions lasted only about 10 minutes. However, there were periods of increased activation, usually from 11 a.m. to 2 p.m., at 5 p.m., between 9 p.m. and 10 p.m., and a minor peak occurred about an hour or two after midnight. [12]

Private browsing is known by different names in different browsers. [13]

DateBrowserSynonym
29 April 2005 Safari 2.0Private Browsing (Command⌘+Shift+n)
11 December 2008 Google Chrome Incognito (Ctrl+Shift+n or ⌘+Shift+n for Mac) [14]
19 March 2009 [15] Internet Explorer InPrivate Browsing (Ctrl+Shift+p or ⌘+Shift+p for Mac)
30 June 2009 Mozilla Firefox 3.5 [16] Private Browsing (Ctrl+Shift+p or ⌘+Shift+p for Mac)
2 March 2010 Opera 10.50 [17] Private Tab / Private Window (Ctrl+Shift+n or ⌘+Shift+n for Mac)
18 November 2014 Amazon Silk [18] Private Browsing (Swipe from the left edge of the screen, and then tap Settings and select Enter Private Browsing)
29 July 2015 Microsoft Edge InPrivate Browsing (Ctrl+Shift+n or ⌘+Shift+p for Mac)
13 November 2019 Brave Private Browsing (Ctrl+Shift+n or ⌘+Shift+n for Mac)

Security

It is a common misconception that private browsing modes can protect users from being tracked by other websites or their Internet service provider (ISP). [19] Such entities can still use information such as IP addresses and user accounts to uniquely identify users. [19] [20] Private browsers on iOS, not created by Apple, must adhere to specific standards and regulations to be available on its platform for iPhone and iPad. Specifically, these browsers are required to employ the WebKit framework for rendering web pages. Consequently, third-party browsers cannot use their own rendering engines and must depend on Apple's framework instead. This constraint impacts the range of privacy features that these browsers can provide. [21] This is one of the reasons why some browsers have partly addressed this shortcoming by offering additional privacy features that can be automatically enabled when using private browsing mode, such as Firefox's "Tracking Protection" feature to control use of web trackers (which has since been rolled into a larger "content blocking" function extended outside of private browsing mode), and Opera offering an in-house VPN service embedded within the browser. [22] [9]

Brazilian researchers published the results of a project where they applied forensic techniques (namely the Foremost data carving tool and Strings program) to extract information about the users browsing activities on Internet Explorer and Firefox browsers with their private mode enabled. They were able to collect enough data to identify pages visited and even partially reconstruct them. [23] This research was later extended to include the Chrome and Safari browsers. The gathered data proved that the browsers' private mode implementations are not able to fully hide users' browsing activities and that browsers in private mode leave traces of activities in caching structures and files related to the paging process of the operating system. [24]

Another independent security analysis, performed by a group of researchers at Newcastle University, reported a range of potential security vulnerabilities in the implementation of the private modes across Chrome, Firefox, Internet Explorer, and Safari, including that; [25]

Bugs and security vulnerabilities in extensions themselves may also leak personally identifiable data from private mode. [28]

Implementations of the HTML5 FileSystem API can be used to detect users in private mode. In Google Chrome, the FileSystem API was not available in Incognito mode prior to version 76. To prevent circumvention of paywall policies and evasion of web tracking scripts used to monetize traffic, a number of websites — including The New York Times — have used such behavior to block access to users in private browsing mode, and requiring them to subscribe or log in. Chrome 76 allows the FileSystem API to be used in Incognito mode; explaining the change, Google argued that the ability to detect the use of Incognito mode infringes on users' privacy. However, it was later discovered that the disk space quotas for the API differed between normal and Incognito modes, providing another means by which to detect Incognito users. [29] [8] [30] Despite statements otherwise by Google, this has not yet been patched. Scripts have also been developed to detect private browsing mode on other browsers, such as Firefox. [31]

Associated lawsuit

In December 2023, Google settled a $5 billion consumer privacy lawsuit that alleged its practises allowed it to track users in private browsing mode in various browsers. [32]

See also

Related Research Articles

<span class="mw-page-title-main">HTTPS</span> Extension of the HTTP communications protocol to support TLS encryption

Hypertext Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP). It uses encryption for secure communication over a computer network, and is widely used on the Internet. In HTTPS, the communication protocol is encrypted using Transport Layer Security (TLS) or, formerly, Secure Sockets Layer (SSL). The protocol is therefore also referred to as HTTP over TLS, or HTTP over SSL.

<span class="mw-page-title-main">Web browser</span> Software used to access websites

A web browser is an application for accessing websites. When a user requests a web page from a particular website, the browser retrieves its files from a web server and then displays the page on the user's screen. Browsers are used on a range of devices, including desktops, laptops, tablets, and smartphones. By 2020, an estimated 4.9 billion people had used a browser. The most-used browser is Google Chrome, with a 66% global market share on all devices, followed by Safari with 18%.

<span class="mw-page-title-main">Firefox</span> Free and open-source web browser by Mozilla

Mozilla Firefox, or simply Firefox, is a free and open source web browser developed by the Mozilla Foundation and its subsidiary, the Mozilla Corporation. It uses the Gecko rendering engine to display web pages, which implements current and anticipated web standards. Firefox is available for Windows 10 and later versions of Windows, macOS, and Linux. Its unofficial ports are available for various Unix and Unix-like operating systems, including FreeBSD, OpenBSD, NetBSD, and other platforms. It is also available for Android and iOS. However, as with all other iOS web browsers, the iOS version uses the WebKit layout engine instead of Gecko due to platform requirements. An optimized version is also available on the Amazon Fire TV as one of the two main browsers available with Amazon's Silk Browser.

<span class="mw-page-title-main">Browser wars</span> Competition between web browsing applications for share of worldwide usage

A browser war is a competition for dominance in the usage share of web browsers. The "first browser war" (1995–2001) consisted of Internet Explorer and Netscape Navigator, and the "second browser war" (2004-2017) between Internet Explorer, Firefox, and Google Chrome.

In computing, the User-Agent header is an HTTP header intended to identify the user agent responsible for making a given HTTP request. Whereas the character sequence User-Agent comprises the name of the header itself, the header value that a given user agent uses to identify itself is colloquially known as its user agent string. The user agent for the operator of a computer used to access the Web has encoded within the rules that govern its behavior the knowledge of how to negotiate its half of a request-response transaction; the user agent thus plays the role of the client in a client–server system. Often considered useful in networks is the ability to identify and distinguish the software facilitating a network session. For this reason, the User-Agent HTTP header exists to identify the client software to the responding server.

A browser extension is a software module for customizing a web browser. Browsers typically allow users to install a variety of extensions, including user interface modifications, cookie management, ad blocking, and the custom scripting and styling of web pages.

A local shared object (LSO), commonly called a Flash cookie, is a piece of data that websites that use Adobe Flash may store on a user's computer. Local shared objects have been used by all versions of Flash Player since version 6.

A browser toolbar is a toolbar that resides within a browser's window. All major web browsers provide support to browser toolbar development as a way to extend the browser's GUI and functionality. Browser toolbars are considered to be a particular kind of browser extensions that present a toolbar. Browser toolbars are specific to each browser, which means that a toolbar working on a browser does not work on another one. All browser toolbars must be installed in the corresponding browser before they can be used and require updates when new versions are released.

<span class="mw-page-title-main">Google Chrome</span> Web browser developed by Google

Google Chrome is a web browser developed by Google. It was first released in 2008 for Microsoft Windows, built with free software components from Apple WebKit and Mozilla Firefox. Versions were later released for Linux, macOS, iOS, iPadOS, and also for Android, where it is the default browser. The browser is also the main component of ChromeOS, where it serves as the platform for web applications.

<span class="mw-page-title-main">WebGL</span> JavaScript bindings for OpenGL in web browsers

WebGL is a JavaScript API for rendering interactive 2D and 3D graphics within any compatible web browser without the use of plug-ins. WebGL is fully integrated with other web standards, allowing GPU-accelerated usage of physics, image processing, and effects in the HTML canvas. WebGL elements can be mixed with other HTML elements and composited with other parts of the page or page background.

Do Not Track (DNT) is a formerly official HTTP header field, designed to allow internet users to opt out of tracking by websites—which includes the collection of data regarding a user's activity across multiple distinct contexts, and the retention, use, or sharing of data derived from that activity outside the context in which it occurred.

WebRTC is a free and open-source project providing web browsers and mobile applications with real-time communication (RTC) via application programming interfaces (APIs). It allows audio and video communication and streaming to work inside web pages by allowing direct peer-to-peer communication, eliminating the need to install plugins or download native apps.

Content Security Policy (CSP) is a computer security standard introduced to prevent cross-site scripting (XSS), clickjacking and other code injection attacks resulting from execution of malicious content in the trusted web page context. It is a Candidate Recommendation of the W3C working group on Web Application Security, widely supported by modern web browsers. CSP provides a standard method for website owners to declare approved origins of content that browsers should be allowed to load on that website—covered types are JavaScript, CSS, HTML frames, web workers, fonts, images, embeddable objects such as Java applets, ActiveX, audio and video files, and other HTML5 features.

HTML audio is a subject of the HTML specification, incorporating audio input, playback, and synthesis, as well as speech to text, all in the browser.

Firefox was created by Dave Hyatt and Blake Ross as an experimental branch of the Mozilla browser, first released as Firefox 1.0 on November 9, 2004. Starting with version 5.0, a rapid release cycle was put into effect, resulting in a new major version release every six weeks. This was gradually accelerated further in late 2019, so that new major releases occur on four-week cycles starting in 2020.

Browser security is the application of Internet security to web browsers in order to protect networked data and computer systems from breaches of privacy or malware. Security exploits of browsers often use JavaScript, sometimes with cross-site scripting (XSS) with a secondary payload using Adobe Flash. Security exploits can also take advantage of vulnerabilities that are commonly exploited in all browsers.

<span class="mw-page-title-main">Google Safe Browsing</span> Service that warns about malicious URLs

Google Safe Browsing is a service from Google that warns users when they attempt to navigate to a dangerous website or download dangerous files. Safe Browsing also notifies webmasters when their websites are compromised by malicious actors and helps them diagnose and resolve the problem. This protection works across Google products and is claimed to “power safer browsing experiences across the Internet”. It lists URLs for web resources that contain malware or phishing content. Browsers like Google Chrome, Safari, Firefox, Vivaldi, Brave, and GNOME Web use these lists from Google Safe Browsing to check pages against potential threats. Google also provides a public API for the service.

<span class="mw-page-title-main">Microsoft Edge</span> Web browser developed by Microsoft

Microsoft Edge is a proprietary cross-platform web browser created by Microsoft. Released in 2015 along with both Windows 10 and Xbox One, it was initially built with Microsoft's own proprietary browser engine, EdgeHTML, and their Chakra JavaScript engine. Later on, it was ported to Android and iOS as a fork of Google's Chromium open-source project. In late 2018, Microsoft announced it would completely rebuild Edge as a Chromium-based browser with Blink and V8 engines, which allowed the browser to be ported to macOS. The new Edge was publicly released in January 2020, and on Xbox platforms in 2021. Microsoft has since terminated security support for the original browser. Edge is also available on older Windows versions until early 2023, as well as Linux.

uBlock Origin Web browser extension

uBlock Origin is a free and open-source browser extension for content filtering, including ad blocking. The extension is available for Chrome, Chromium, Edge, Firefox, Brave, Opera, Pale Moon, as well as versions of Safari before 13. uBlock Origin has received praise from technology websites and is reported to be much less memory-intensive than other extensions with similar functionality. uBlock Origin's stated purpose is to give users the means to enforce their own (content-filtering) choices.

References

  1. Trapani, Gina (4 May 2005). "Safari's private (porn) browsing mode". Lifehacker . Retrieved 11 April 2010.
  2. Foley, Mary Jo. "Microsoft to roll out more granular 'porn mode' with IE 8". ZDNet. Archived from the original on 9 October 2008. Retrieved 4 October 2008.
  3. Sadighi, Lalee. "Microsoft's Internet Explorer 8 Goes 'Porn Mode'". Red Herring. Archived from the original on 12 September 2008. Retrieved 4 October 2008.
  4. Kidman, Angus. "Microsoft releases IE8 beta 2: MS porn mode included". APC . Retrieved 4 October 2008.
  5. "Adobe Flash 10.1 supports "private browsing"". The H. Retrieved 14 August 2019.
  6. "Adobe Flash Player Private Browsing May Force Change in Fraud Fight". eWeek . 12 April 2010. Retrieved 14 August 2019.
  7. Paul, Ian (11 March 2014). "Three practical reasons to use your browser's private mode". PCWorld. Retrieved 14 August 2019.
  8. 1 2 Brownlee, Chip (31 July 2019). "Google's Chrome Update Just Unlocked Lots of Newspapers' Metered Paywalls". Slate Magazine. Retrieved 14 August 2019.
  9. 1 2 Bursztein, Elie. "Understanding how people use private browsing" . Retrieved 14 August 2019.
  10. Espiner, Tom. "Private browsing tools still leave data trail". ZDNet. Retrieved 14 August 2019.
  11. "Private browsing: 16 good reasons to use incognito mode". ZDNet. Archived from the original on 22 June 2018. Retrieved 14 August 2019.
  12. Ulmer, Hamilton (23 August 2010). "Understanding Private Browsing". Blog of Metrics. Mozilla Foundation . Retrieved 24 August 2010.
  13. Parchisanu, Daniel (9 November 2018). "How to go incognito in all web browsers: Chrome, Firefox, Opera, Edge, and Internet Explorer". Digital Citizen. Retrieved 9 January 2019.
  14. Porciello, Loris (23 May 2024). "Non farti spiare quando navighi, la funzione Google che ti permette di salvare la tua privacy". OsservatorioIraq (in Italian). Retrieved 31 August 2024.
  15. "Microsoft Announces Availability of Internet Explorer 8" (Press release). Microsoft. 19 March 2009. Archived from the original on 22 March 2009. Retrieved 16 December 2011.
  16. "Mozilla Cross-Reference mozilla1.9.1". Mozilla Foundation . Retrieved 26 May 2009.
  17. Mateu, Roberto. "Opera 10.5 pre-alpha for Labs". Opera Software. Archived from the original on 24 August 2011. Retrieved 22 December 2009.
  18. "Private Browsing for Amazon Silk". Amazon Inc. Archived from the original on 22 December 2014. Retrieved 18 November 2014.
  19. 1 2 Grothaus, Michael (12 April 2019). "Incognito mode won't keep your browsing private. Do this instead". Fast Company. Retrieved 14 August 2019.
  20. "Incognito mode while browsing - Myths Busted - Privacyflake". www.privacyflake.com. Archived from the original on 5 September 2019.
  21. "8 Best Private Browsers for iOS. Our picks for iPhone & iPad users [2024] | Incogni". blog.incogni.com. 2 March 2023. Retrieved 14 March 2024.
  22. Cimpanu, Catalin. "Firefox 63 released with 'always-on' tracking protection". ZDNet. Retrieved 14 August 2019.
  23. R. Ruiz, F. P. Amatte, K. J. B. Park, Tornando Pública a Navegação "In Private". Proceedings of the Seventh International Conference on Forensic Computer Science – ICoFCS 2012, Available online Sep 2012.
  24. R. Ruiz, F. P. Amatte, K. J. B. Park, Opening the "Private Browsing" Data – Acquiring Evidence of Browsing Activities. Proceedings of the International Conference on Information Security and Cyber Forensics (InfoSec2014), Available online Oct 2014.
  25. Satvat, Kiavash; Forshaw, Matthew; Hao, Feng; Toreini, Ehsan (2014). "On the privacy of private browsing – A forensic approach". Journal of Information Security and Applications. 19: 88–100. doi:10.1016/j.jisa.2014.02.002.
  26. Keizer, Gregg (8 March 2019). "How to go incognito in Chrome, Firefox, Safari and Edge". Computerworld. Retrieved 14 August 2019.
  27. Verger, Rob (26 February 2018). "Your private browsing isn't as incognito as you want it to be" . Retrieved 24 September 2020.
  28. B. Zhao, P. Liu, Private Browsing Mode Not Really That Private: Dealing with Privacy Breaches Caused by Browser Extensions. In Proceedings of the 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2015), Rio de Janeiro, Brazil, Available online June 2015.
  29. Tung, Liam. "Chrome's 'more private' Incognito mode: Websites can still detect you're using it". ZDNet. Retrieved 14 August 2019.
  30. Duckett, Chris. "Google to clamp down on Incognito Mode detection". ZDNet. Retrieved 14 August 2019.
  31. Cimpanu, Catalin. "Incognito mode detection still works in Chrome despite promise to fix". ZDNet. Retrieved 25 June 2020.
  32. "Google settles $5 billion consumer privacy lawsuit".