What private browsing reveals about you

Martin Brinkmann
Nov 26, 2014
Internet
|
7

This is the third part of a mini series about privacy on the Internet. The other parts are linked below.

Last time we looked at what websites and sites on the Internet know about you when you connect to them. This time we are expanding on that and look at what you may reveal about your device and yourself if you are using private browsing mode.

Private browsing, Google calls this Incognito Mode, blocks information from being recorded locally.

This means that sites you connect to while in private browsing still receive information about you and your device. Your IP address, other information sent during the initial connection process, information that can be retrieved by running scripts or using plugins and also information that you may reveal yourself.

There is also a local DNS cache that will record the sites you visit. It can reveal information to third-parties that have access to the computer locally.

1. Your IP address

ip lookup

Using private browsing mode does not affect remote information. Your IP address for example is used during connections which means that websites and services on the Internet that you connect to see it.

If you connect to our IP script you will notice that it lists your IP address regardless of whether you are browsing normally or in private browsing mode.

The IP address is linked to you. It can be used directly to pinpoint the region you are living in among other things.

Solution

There are several solutions that you can use to hide your IP address. You can use a web proxy server which hides it in the tab you are using, a solution like Tor which provides you with its own browser that you can use to connect to sites or VPNs which you connect to from your local computer.

All share that sites don't see the IP address of the device you are connecting with but the IP address of another server on the Internet.

This won't necessarily anonymize the connection though so keep that in mind.

2. Fingerprinting

browser fingerprinting

Sites that you connect to may retrieve additional information about your computer. The IP address has been mentioned already but it is just one of the many information that browsers reveal when connections are made.

The user agent for example reveals information about the browser that you are using, its version and the operating system.

A test on Panopticlick or reveals additional information. This may include the time zone, screen size, the browser plugins installed, system fonts, supercookie support or HMTL 5 support.

Plugins may reveal additional information that go beyond this.

Fingerprinting itself refers to using these information to create a narrowed down or even unique ID of a system based on the information provided.

Solution

There is not a catch-all solution but you can make it harder for sites to identify your system as a unique device. Plugins can be disabled for example, you may use tools like Chameleon for Chrome or User Agent Switcher for Firefox.

Additional information about methods to protect against fingerprinting are available here.

3. The Windows DNS Cache

windows dns cache

Windows keeps a cache of DNS look ups which occur whenever you connect to sites on the Internet. This is done to speed up consecutive look ups.

What's interesting from a private browsing perspective is that it will cache these entries as well. That's right, every site you visit in private browsing mode is recorded by Windows and anyone who knows where to look for the information can look it up.

Here is how to look it up:

  1. Tap on the Windows key, type cmd.exe and select the result to load it.
  2. Type ipconfig /displaydns to display all cached entries in the command line window.
  3. To export the information use ipconfig /displaydns > c:\users\username\dns.txt
  4. Make sure you replace username with the name of the current user.

The cache records the domain name and other information about the entry. What is not recorded is the path on the site that you have accessed nor date and time when that happened.

Solution

There are two solutions. The first deletes the cache when you run a command, the second disables caching.

To flush the cache, use ipconfig /flushdns on the command line. Some third-party programs such as CCleaner offer that option as well.

To disable caching altogether disable the service DNS Client.

Check out how to flush the DNS cache in Windows for detailed instructions and additional information.

4. Accounts, forms, content production

Accounts are linked directly to you. If you use private browsing mode and sign in to an account on the Internet the site knows that you are the user regardless of private browsing mode.

This may not be an issue depending on the account in question but if you sign in to one that you use regularly as well you reveal the same amount of information than before.

The same can be true for being active on the Internet. If you write a comment on a site you may reveal your email address to that site for example.

Solution

There is no real solution for this. You could keep accounts separate but that works only if you take care of your IP address and other identifying factors as well.

As far as email addresses are concerned, you can use throwaway addresses like Yopmail for those activities.

Now You: Is there anything that we have missed? Feel free to post it in the comments below.

Summary
What private browsing reveals about you
Article Name
What private browsing reveals about you
Description
Private Browsing (Incognito Mode) reveals information about you and the device you are using. Find out what those are and what to do about it.
Author
Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. ilev said on August 4, 2012 at 7:53 pm
    Reply

    Doesn’t Windows 8 know that www. or http:// are passe ?

    1. Martin Brinkmann said on August 4, 2012 at 7:57 pm
      Reply

      Well it is a bit difficulty to distinguish between name.com domains and files for instance.

    2. Leonidas Burton said on September 4, 2023 at 4:51 am
      Reply

      I know a service made by google that is similar to Google bookmarks.
      http://www.google.com/saved

  2. VioletMoon said on August 16, 2023 at 5:26 pm
    Reply

    @Ashwin–Thankful you delighted my comment; who knows how many “gamers” would have disagreed!

  3. Karl said on August 17, 2023 at 10:36 pm
    Reply

    @Martin

    The comments section under this very article (3 comments) is identical to the comments section found under the following article:
    https://www.ghacks.net/2023/08/15/netflix-is-testing-game-streaming-on-tvs-and-computers/

    Not sure what the issue is, but have seen this issue under some other articles recently but did not report it back then.

  4. Anonymous said on August 25, 2023 at 11:44 am
    Reply

    Omg a badge!!!
    Some tangible reward lmao.

    It sucks that redditors are going to love the fuck out of it too.

  5. Scroogled said on August 25, 2023 at 10:57 pm
    Reply

    With the cloud, there is no such thing as unlimited storage or privacy. Stop relying on these tech scums. Purchase your own hardware and develop your own solutions.

    1. lollmaoeven said on August 27, 2023 at 6:24 am
      Reply

      This is a certified reddit cringe moment. Hilarious how the article’s author tries to dress it up like it’s anything more than a png for doing the reddit corporation’s moderation work for free (or for bribes from companies and political groups)

  6. El Duderino said on August 25, 2023 at 11:14 pm
    Reply

    Almost al unlmited services have a real limit.

    And this comment is written on the dropbox article from August 25, 2023.

  7. John G. said on August 26, 2023 at 1:29 am
    Reply

    First comment > @ilev said on August 4, 2012 at 7:53 pm

    For the God’s sake, fix the comments soon please! :[

  8. Kalmly said on August 26, 2023 at 4:42 pm
    Reply

    Yes. Please. Fix the comments.

  9. Kim Schmidt said on September 3, 2023 at 3:42 pm
    Reply

    With Google Chrome, it’s only been 1,500 for some time now.

    Anyone who wants to force me in such a way into buying something that I can get elsewhere for free will certainly never see a single dime from my side. I don’t even know how stupid their marketing department is to impose these limits on users instead of offering a valuable product to the paying faction. But they don’t. Even if you pay, you get something that is also available for free elsewhere.

    The algorithm has also become less and less savvy in terms of e.g. English/German translations. It used to be that the bot could sort of sense what you were trying to say and put it into different colloquialisms, which was even fun because it was like, “I know what you’re trying to say here, how about…” Now it’s in parts too stupid to translate the simplest sentences correctly, and the suggestions it makes are at times as moronic as those made by Google Translations.

    If this is a deep-learning AI that learns from users’ translations and the phrases they choose most often – which, by the way, is a valuable, moneys worthwhile contribution of every free user to this project: They invest their time and texts, thereby providing the necessary data for the AI to do the thing as nicely as they brag about it in the first place – alas, the more unprofessional users discovered the translator, the worse the language of this deep-learning bot has become, the greater the aggregate of linguistically illiterate users has become, and the worse the language of this deep-learning bot has become, as it now learns the drivel of every Tom, Dick and Harry out there, which is why I now get their Mickey Mouse language as suggestions: the inane language of people who can barely spell the alphabet, it seems.

    And as a thank you for our time and effort in helping them and their AI learn, they’ve lowered the limit from what was once 5,000 to now 1,500…? A big “fuck off” from here for that! Not a brass farthing from me for this attitude and behaviour, not in a hundred years.

  10. Anonymous said on September 28, 2023 at 8:19 am
    Reply

    When will you put an end to the mess in the comments?

  11. RIP said on September 28, 2023 at 9:36 am
    Reply

    Ghacks comments have been broken for too long. What article did you see this comment on? Reply below. If we get to 20 different articles we should all stop using the site in protest.

    I posted this on [https://www.ghacks.net/2023/09/28/reddit-enforces-user-activity-tracking-on-site-to-push-advertising-revenue/] so please reply if you see it on a different article.

    1. RIP said on September 28, 2023 at 11:01 am
      Reply

      Comment redirected me to [https://www.ghacks.net/2012/08/04/add-search-the-internet-to-the-windows-start-menu/] which seems to be the ‘real’ article it is attached to

  12. RIP said on September 28, 2023 at 10:48 am
    Reply

    Comment redirected me to [https://www.ghacks.net/2012/08/04/add-search-the-internet-to-the-windows-start-menu/] which seems to be the ‘real’ article it is attached to

  13. Mystique said on September 28, 2023 at 12:13 pm
    Reply

    Article Title: Reddit enforces user activity tracking on site to push advertising revenue
    Article URL: https://www.ghacks.net/2023/09/28/reddit-enforces-user-activity-tracking-on-site-to-push-advertising-revenue/

    No surprises here. This is just the beginning really. I cannot see a valid reason as to why anyone would continue to use the platform anymore when there are enough alternatives fill that void.

  14. justputthispostanywhere said on September 29, 2023 at 3:59 am
    Reply

    I’m not sure if there is a point in commenting given that comments seem to appear under random posts now, but I’ll try… this comment is for https://www.ghacks.net/2023/09/28/reddit-enforces-user-activity-tracking-on-site-to-push-advertising-revenue/

    My temporary “solution”, if you can call it that, is to use a VPN (Mullvad in my case) to sign up for and access Reddit via a European connection. I’m doing that with pretty much everything now, at least until the rest of the world catches up with GDPR. I don’t think GDPR is a magical privacy solution but it’s at least a first step.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.