The private browsing modes available on many web browsers, including the ‘Incognito Mode’ on Google Chrome, might not be all that private, new research has found.
Users who rely on a private browsing mode to cover their tracks when using the internet, might want to reconsider.
According to new research, these private browsing modes still leave tracks of your web history.
All of the most popular web browsers offer some kind of private browsing feature. FireFox has its Private Browsing mode, Microsoft Edge has InPrivate, there’s Private Window in Safari and as mentioned, Incognito Mode in Google Chrome.
But shocking new research from the Massachusetts Institute of Technology (MIT) has warned users that their browsing history still remains on their machine, even when using a private browsing mode.
According to the researchers, each time you visit a website the data from the site is loaded into the RAM, displayed and then cached in temporary internet files.
This happens even when visiting in a private browsing mode, the researchers claim.
Your PC may also attempt to modify libraries or access plugins when trying to load a web page, which also leaves a trace.
While a web browser may attempt to remove these records, the researchers found that the success in doing this varies widely.
MIT researchers demonstrated how a version of your web history can be left behind in the RAM on your machine, even when using a private browser.
“The fundamental problem is that [the browser]collects this information, and then the browser does its best effort to fix it”, said MIT’s Frank Wang, who was the lead author of the paper.
“But at the end of the day, no matter what the browser’s best effort is, it still collects it.”
As part of their research the MIT researchers unveiled a new piece of technology called Veil, which solves all the failings found in using private browsing modes.
Veil processes websites differently and uses something called a “blinding server”.
When you visit a website, the relevant webpage is retrieved from a special server which is encrypted both in transit and in your browser’s cache.
The data is only decrypted when you view it.
Using this system means that your computer actually registers you visiting the website in question and no cached data from the site is stored on your machine.
Veil also injects a spoof code into the page so that any traces of data that may reveal you visited a website do not match with any other records.
This isn’t the first time users have been warned about using private browsing modes.
Last year, a Google Chrome developer explained that when using incognito mode, it is still possible for a website to monitor what you are doing.
Darin Fisher, a Chrome developer, said that the company “agonised” over the name for the feature, deliberately avoiding calling it “privacy mode” which may have been misleading.
“When you launch the incognito tab there’s this disclaimer there where we really try to help make it really clear to people that your activity is certainly still visible to the websites you visit and could be visible to your employer, to your school, and to your [internet service provider]of course,” he told Thrillist.