Find Out Which Sites Users Have Accessed In Private Browsing Modes
Private browsing is a relative new feature that allows users to hide their web activities. The mode blocks that browsing session data os stored in the browser or on the computer's hard drive. This for instance means that no data is written to the cache or the cookie storage.
Users naturally feel safer using that mode, but that should not be the case. Why? Because there are means to find out which sites have been accessed in private browsing mode locally.
You see, one feature of the Windows operating system is a DNS cache, that stores domain name and IP links. Without going into to much details, the DNS cache records information about every website that the user opens in a web browser in Windows.
Curious Windows users just need to list the contents of the DNS cache to find out what websites a user has been visiting in private browsing mode. It may require some additional comparison to find the private browsing mode websites, but that requires just some manual work and can be neglected.
Here is how you can display the contents of the DNS cache:
- Open a command prompt in Windows. The easiest way to do that is to press Windows-R, type cmd and the enter key.
- Now type the command ipconfig /displaydns in the command prompt and hit enter.
- This displays all websites that have been stored in the DNS cache. Please note that this includes everything, which means websites in all web browsers, regardless of whether they have been opened automatically (e.g. by a script on the site) or manually by the user and also other programs that connect to the Internet.
Chance is the list is too large for the command line cache. You can use the command ipconfig /displaydns > dns.txt to save the output in the text document dns.txt. It is then possible to open the document in a text editor, to see all records. Opening it in a text editor has other advantages, like being able to search through the records.
Windows offers an option to flush the DNS cache so that all records are deleted from the cache. This is done with the command ipconfig /flushdns.
Some programs (like CCleaner) offer options to delete the DNS Cache. It is also possible to write a simple batch file to delete it on shutdown. Let me know if you like an example script that does that.
Windows users who regularly work in private browsing mode should consider clearing their system's DNS cache frequently to protect their privacy.
Users will then use a second browser for all their web searching and random browsing. On this browser, a user will never log into any website ever. They will never use this browser to personally identify themselves in any way, period. We ll call this your everyday browser. By splitting up your web activity between two browsers, you ll obtain the utmost privacy and anonymity possible without sacrificing convenience or the ease of use of the websites you need to log in to. That s because the majority of your web usage will be done in your everyday browser, which, by never logging into any website, will make it extremely hard for data firms to identify you and track your activities especially if you fit your everyday browser out with some hardcore privacy extensions. You can go all out with your privacy settings on your everyday browser : Block all cookies, scripts, and trackers, and always use in it incognito mode. That s because you won t be logging into any sites that require cookies or scripts to be enabled to work.
same problem here..i cant see what i visited!
I personally tried to see if I could find sites I went to under “Private Browsing” but it does not work. I went to 3 different sites but when I wrote it to a txt file and viewed them I could not find it in there. Even after I flushed dns and tried again knowing I should have nothing there except for the private information. As a matter of fact I believe all I was seeing were the banners and ads from the sites I went to. The actual site I typed in was not showing up.
Mike
same problem here Mike
how to find out dates with these websites??
When I try to open this a box flashes up very quickly but then dissapears straight away. Whats happening ?
Hi, i’ve tried doing the dns.text but when Note pad opens it there is only the sites I just visited. None of the history on my laptop is being deleted so why can I not see other history? Am I just doing something wrong? After doing command I go and find the file and Note pad opens it? Please help. Kym
Um, any help with retrieval on Linux??
I just don’t use DNS. Simple as that
I use a simpler solution: i disable “DNS client” service completely. The downside of this action is that I give up having a DNS cache (each application that connects to internet is resolving the addresses directly), but I solve some security issues related to DNS resolver.
What about your earlier posting:
https://www.ghacks.net/2009/01/01/private-browsing-not-so-private-after-all/
FL, yes that is another possibility, if the sites make use of Flash cookies. Private browsing is not really that secure, unless you take good care of the temporary data that gets written to the system.
That’s like washing your clothes before burning them. DNS cache on Windows is stored only in memory; it does not survive a reboot.
Ross yes that is right. Still, the option is valid for users who leave the computer on for days for example, or leave it on while they are not at home.
I always do the “ipconfig/flushdns” on command prompt before shutdown :D