Private Browsing Modes Not So Private After All, Report Says

Martin Brinkmann
Aug 7, 2010
Updated • Feb 24, 2015

Cnet's Seth Rosenblatt published a story about privacy risks in private browsing modes of modern web browsers today.

He summarized the findings of a soon-to-be published report of researchers at Stanford University's Computer Science Security Lab. The researchers analyzed the private browsing modes of Google Chrome, Mozilla Firefox, Microsoft Internet Explorer and Apple Safari and came to the conclusion that the modes are not as private as many users think they are.

First problem, the report is not online yet. Cnet linked to an old report that contained limited information on the subject, as it was published in August 2009. Only an abstract of the new report is available on the USENIX website.

We study the security and privacy of private browsing modes recently added to all major browsers. We first propose a clean definition of the goals of private browsing and survey its implementation in different browsers. We conduct a measurement study to determine how often it is used and on what categories of sites. Our results suggest that private browsing is used differently from how it is marketed. We then describe an automated technique for testing the security of private browsing modes and report on a few weaknesses found in the Firefox browser. Finally, we show that many popular browser extensions and plugins undermine the security of private browsing. We propose and experiment with a workable policy that lets users safely run extensions in private browsing mode.

So, what are the findings of the report according to Seth? The private browsing modes of Firefox, Google Chrome, Internet Explorer and Safari are not necessarily as private as developers claim.

Why is that? Because add-ons may undermine the mode. While the browsers do not store data in private browsing mode, add-ons or extensions may very well do so. There are simply no control mechanisms yet to prevent them from doing so.

But that's something that Mozilla has already recognized in February, 2010.

But even if add-ons record activity it may not mean that privacy is compromised. That largely depends on the data that is stored and how it is stored and made accessible in the browser.

Another consideration is that Google Chrome for instance, disables all extensions by default, but gives the user the controls to enable them in private browsing mode.

Lastly, the study did not include the Opera web browser which it should have. What does this all mean for users who use the private browsing mode? That depends: first on the add-ons that they use, and if some store records of private browsing sessions, and second on the dedication and technical knowledge of users who want to spy on someone's web browsing sessions.

Browser developers like Mozilla should consider adding a no-extensions policy to the private browsing mode of Firefox, to prevent data leaks in the mode. A more sophisticated solution, like only enabling extensions that are known not to record data in private browsing mode, should be the ultimate goal though.


Previous Post: «
Next Post: «


  1. Mathieu 'p01' Henri said on August 12, 2010 at 3:19 pm

    @Martin: Opera,Widgets are have NO access whatsoever to the tabs, history, …. therefore they can not record or leak any such data.

    Unite is also completely isolated from the rest of the browser. It’s only effected the Unite services which are essentially widgets with no floating UI but a background process which can respond to HTTP connections.

    A propos NoScript, Opera has something far more powerful just one click away from any site. Simply right-click on any page to ” Edit Site Preferences ” such as how cookies, network, general styling, plugins should work,…. With that you can easily toggle JavaScript, plugins, Frames and IFrames, userJS, userCSS on ANY site or even disable all these things by default and enable some things on the sites you trust.

    1. Martin said on August 12, 2010 at 3:38 pm

      Mathieu, thanks so much for clarifying this, I was always wondering about that. I do know that Opera has similar capabilities what NoScript offers, I think it does not offer what I’m looking for. I’m looking for something that blocks scripts completely on my first visit, and lets me decide which to activate.

      1. Mathieu 'p01' Henri said on August 13, 2010 at 11:01 am

        You can do that by disabling JavaScript by default in the Preferences > Advanced > Content > Enable JavaScript, and simply enable Javascripts on the pages you want.

        Okay, you can’t really cherry pick exactly which scripts you want but the ones you don’t want certainly belong in you Content Blocker list anyways ;)

  2. Chocobito said on August 8, 2010 at 8:17 pm

    So for now Opera have a really full private browsing, according Opera Software Widgets (no extensions) are fully sand-boxed.

    1. Martin said on August 8, 2010 at 11:48 pm

      Opera basically behaves like the other web browsers without add-ons, even though I would like to know if widgets cannot record or store data when the browser is used in private browsing mode. Would also like to know if other services, like turbo or unite may interfere with the mode.

  3. Ocanic said on August 8, 2010 at 2:12 am

    Hi Martin,

    i’m a rss follower, first time i’m visiting this site in a long time.

    You are one of the few people on a influential website that acknowledges the Opera browser as a viable alternative. I wanted to thank you for that.

    1. Martin said on August 8, 2010 at 10:13 am

      Ocanic, thanks for the words. I really like Opera, and would switch immediately if it would support Last Pass (or a comparable service with imports) and NoScript. I always have it installed and like its speed and customizability. That, and the fact that they have been the underdogs for so many years, which just seems unfair considering the quality of their product.

      1. Sujit said on August 12, 2010 at 5:53 pm

        By that statement you just got a new regular reader.

      2. Martin said on August 12, 2010 at 6:19 pm

        Then welcome aboard Sujit ;)

  4. RvdP said on August 7, 2010 at 9:22 pm

    I’m sorry, I misread the article.

  5. RvdP said on August 7, 2010 at 9:21 pm

    Don’t chrome-addons need permission to run in incognito mode? Which is opt-out by default?

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.