Out-Law News 1 min. read
10 Aug 2010, 10:39 am
Most browsers now offer a private browsing mode, which is designed to leave no traces of the browser's use on the computer being used and to help create anonymity on the internet.
Security researchers from Stanford University and Carnegie Mellon University in the US have prepared a paper on the issue for the Usenix Security conference this week.
It has found that the protections that users expect from other users of the same computer or other internet users or website publishers from finding out what activity they have carried out online is not as great as users would expect.
"Our results suggest that current private browsing implementations provide privacy against some local and web attackers, but can be defeated by determined attackers," the paper said. "Many popular browser extensions and plugins undermine the security of private browsing."
The research said that private mode should stop any person, or 'attacker', from finding out what an internet user has done, either by looking at the computer used or at traces left online.
"While all major browsers support private browsing, there is a great deal of inconsistency in the type of privacy provided by the different browsers," it said. "Firefox and Chrome, for example, attempt to protect against a local attacker and take some steps to protect against a web attacker, while Safari only protects against a local attacker."
"Browser plug-ins and extensions add considerable complexity to private browsing. Even if a browser adequately implements private browsing, an extension can completely undermine its privacy guarantees," it said. "Many widely used extensions undermine the goals of private browsing. For this reason, Google Chrome disables all extensions while in private mode, negatively impacting the user experience. Firefox, in contrast, allows extensions to run in private mode, favouring usability over security."
The paper said that further research is needed to "design stronger privacy guarantees without degrading the user experience".