How Private is Private Browsing?

(This post originally appeared on the ACLU of Northern California's technology blog, Bytes and Pieces.)

'Tis the season for private browsing, or so it seems. Apple's Safari Web browser led the pack in introducing a "private browsing mode" in 2005; in recent months, the other browsers on the market have finally followed suit, with Google's recently-released Chrome and beta versions of Mozilla Firefox and Microsoft Internet Explorer adding similar features.

What does "private browsing" mean, however? For the most part, these "private" modes are designed to protect your privacy only vis-a-vis other users of the same computer, whether you're at an Internet cafe or just trying to avoid letting your partner know what you're doing with their laptop (which earned these features the moniker "Porn Mode"). But do these "private" modes prevent Web sites from identifying you and tracking your actions? If so, how, and how effectively?

Private Browsing and Shared Computers

All of the browsers above offer features designed to protect your privacy vis-a-vis other users of the same computer — preventing others at an Internet cafe, library, or even your home from knowing which Web sites you visited or what information you provided. The mechanism in each browser differs, but the basic concept is the same: none of the sites you visit or the information you provide will be stored in your browser's history or cache, and any cookies that are generated will be deleted when you close the browser.

It's worth noting, however, that private modes offer only partial protection. Certain browser extensions, notably the Flash animation player, generate their own cookies when they are activated — and these cookies are outside of the browser's control. Thus, while a typical user may not be able to retrace your steps, a sophisticated user may be able to do so.

Private Browsing and Internet Sites

Of course, other users of the same computer are far from the only ones who might be interested in your online activities. Web sites and other Internet actors also track behavior for a wide range of purposes. Does private browsing keep their prying eyes away?

One way that Web sites track users is through the use of cookies. All of the new web browsers promise to discard any cookies accumulated while you surf in private mode — but what about the cookies that you've already collected before using private mode? Private mode in new versions of Firefox and Chrome both start "from scratch," ignoring any cookies you may have collected while browsing normally. IE and Safari, however, continues to share any cookies you collected before entering In Private mode.

In addition, sites can use scripts to gather information about Web users. Third-party scripts, which are often used for advertising purposes, pose a particular threat to user privacy, as they allow a single entity to track your behavior across a wide range of Web sites. The only browser to address this situation is the next version of Internet Explorer, which has a feature called "In Private Blocking" that will block scripts that it will block "third-party content that appears with a high frequency across sites you visit." IE users will also be able to subscribe to lists of scripts to block, providing an alternate method of identifying and addressing privacy threats.

However, none of these private browsing modes is capable of making your browsing completely "private" by preventing any site from recording your information. Your browser, and your computer, simply don't have that level of control. Web sites can still track you by using your IP address, they can still send and receive cookies within the context of the private browsing session (and many Web sites won't work at all without cookies), and they can still gather, store, and use data that you generate even while browsing "privately." Having a privacy setting on your browser is nice; having a privacy setting for the Web sites you use would be far better.

Private Browsing and User Control

We shouldn't have to "hide" our data from Web sites if we want to remain private; we should simply be able to tell them "don't record this session" and expect our request to be honored. While private browsing modes that use technical measures to protect personal information add value, they only take us so far. Getting Web sites and online businesses to respect our right to control our own personal information is the only way to truly browse privately.

There's a long road to get there, however, and in the meantime, privacy-enhancing techniques like those seen in some of the new browsers are a welcome feature. We hope you'll take the time to tell Apple, the developers behind Chrome, Microsoft, Mozilla, and other software developers to keep up the good work. And, of course,we hope you'll continue to support our efforts to upgrade the laws to reflect modern technology, so that "private mode" is the default setting on the Internet.

Add a comment (7)
Read the Terms of Use

Eldebug

Dear All

For the sixth day Israel continue their massacre against the people of isolated Gaza. about 440 killed and . martyrs and more than 1750 injured with the support of the United states, immobility of Arab and international communities with only a mere verbal condemnations of unjustified violence against the Palestinian people. This was just a verbal accusation of unjustified violence against the Palestinian people.

Arabs, Muslims and Europeans went out into the streets to demonstrate and express their anger against the inhumane treatment suffered by the inhabitants of Gaza who are subjected to hunger, encroachment, and the violation of the all the principles of Human rights. this violence is not only against Hamas as announced by the Israeli media, but it has also affected the mosques, the Islamic University, houses and a school that depends on the United Nations relief for Palestinian refugees (UNRWA) and the Palestinian government buildings in Gaza; the most populated area in the world which increased the total number of civilians victims . Yesterday the Israeli army announced that Gaza has become a military area while relying on a number of additional troops and tanks to prepare for a new ground military invasion to Gaza.

In addition, Israeli armoured forces attacked the boat ''Dignity'' which came from Cyprus and aimed to break the siege of Gaza
We ask you to help Gaza as soon as possible and immediately stop the Israeli massacre against the unarmed Palestinian people and ending the siege on Gaza, and the opening of the Rafah crossing point. The Egyptian authorities refused to open the crossing point in the absence of the Palestinian Authority, and the presence of international observers, and for fear of Israeli air strikes on the border strip in Rafah point while ensuring the transport of wounded Palestinians to the hospital in Egypt because of the shortage of essential medical tools In Gaza.

in the name of humanity And human rights, we ask you to rescue Gaza from the threat of genocide at the hands of the Israeli army

Vic Livingston

WHEN WILL THE ACLU CONFRONT THE STRONG EVIDENCE THAT AGENCIES OF GOVERNMENT ARE EXERCISING PRIOR RESTRAINT AND OUTRIGHT CENSORSHIP OF POLITICAL BLOGS ON THE INTERNET?

Please consider this account by a mainstream journalist who has encountered what appears to be censorship of his attempts to make political posts:

POLITICAL BLOGGERS, BEWARE: More Signs of 'Big Brother' Censorship

• An urgent call to civil libertarians: Take action now to protect free speech rights

GET POLITICAL w/ VIC LIVINGSTON

Former business reporter, Fox TV Phila., NY Daily News, Phila. Bulletin, St. Petersburg Times

It's happening again. Certain attempted posts to The Washington Post "The Fix" and "44" political blogs once again have elicited a full-screen message (with no identifying logo), reading:

"Your comment has been received and held for approval by the blog owner."

This seems to happen only when this correspondent expresses a political viewpoint that could be considered critical of the current administration.

This writer has been posting to WaPo political blogs for a long time. The site does not "hold" posts for "the blog owner." No foul language was involved here. This appears to be a case of some powerful third party intercepting and censoring internet site posts on a selective basis -- an unconstitutional exercise of "prior restraint" on American mass media.

I've written about this before.

http://www.nowpublic.com/world/parallel-internet-big-brother-screening-c...

OR (if the link is rendered disabled)

members.nowpublic.com/scrivener re: "The Parallel Internet..."

Apparently, my message did not get through to those who so brazenly violate the law of the land. So this time, words need to be followed up by action -- and we're asking all of you who are reading this to "Get Political."

Please help in the fight against unconstitutional infringement of Americans' First and Fourth Amendment rights -- that's right, freedom of speech and the press, and freedom from unreasonable searches and seizures -- because blog posts are being "seized" and held. That's prior restraint, and it's unconstitutional. Read what the U.S. Supreme Court had to say it about:

http://www.law.umkc.edu/faculty/projects/ftrials/conlaw/priorrestraints.htm

Please email Deborah Howell, ombudsman at The Washington Post (ombudsman@washpost.com). Here's a suggested message:

Dear Ms. Powell:

I'm writing to inform you that posts to your paper's political blogs sometimes elicit a full-screen message stating that "your comment has been received and held for approval by the blog owner."

Vic Livingston, writer of the Get Political column at members.NowPublic.com/scrivener, says this has happening to him -- but only when he attempts to post a comment that could be interpreted as critical of the Bush administration.

Vic believes this "held for approval" message does not come from The Washington Post, but is a "spoofed page" inserted into his data stream by a third party "hacker" with an ideological agenda.

This apparent "prior restraint" of constitutionally protected speech also infringes on the right of mass media outlets to freely communicate with their readers.

We are writing on Vic Livingston's behalf, because Vic says his email appears to be subject to interception and often goes unanswered.

We hope that by alerting The Washington Post to this apparent censorship, we can ensure that the right of freedom of speech is protected and treasured and is not debased by those in positions of power.

While you're at it, please consider posting messages to both The Fix (http://blog.washingtonpost.com/thefix) and 44 (http://blog.washingtonpost.com/the-trail).

If you're into politics, these blogs should be on your daily bookmark list.

Thank you all. Now let's get busy and defend our constitutional rights. If they can censor this correspondent, you may be next.

BUT WILL THE ELECTION EVEN MATTER?

Not as long as government-supported extrajudicial "vigilante injustice" targeting squads are "gang stalking" American citizens, making a mockery of the rule of law:

http://www.nowpublic.com/world/american-gestapo-state-supported-terroris...

OR

http://members.nowpublic.com/scrivener

beebs

Another problem is your ISP tracking your surfing sites.

Use Tor and the Tor button with Firefox.
Works for me.

Vic Livingston

MORE EVIDENCE OF GOVERNMENT CENSORSHIP OF POLITICAL BLOGS:

http://my.nowpublic.com/world/fight-censorship-post-blog-washingtonpost-...

TValley

I use NoScript with Firefox. It automatically blocks all scripts until they're manually allowed.

http://noscript.net/

It affects usability for a while at first, as you manually allow all the sites you usually visit, but the plus side is huge. Google Analytics, Doubleclick, and all of them haven't been tracking me for at least 2 years.

It also prevents malicious scripts from sending viruses, etc. through the browser.

Vic Livingston

When you're being monitored by Eschelon or other sophisticated government spyware, using real-time interception and mirroring of a "target" internet connection and the insertion of "spoofed pages" that can be used in conjunction with remote computing software to "hijack" your computer -- your suggestion "solutions" do NOTHING.

What needs to be done: Congress must outlaw these warrantless surveillance programs which, along with warrantless searches and seizures, have turned America into a police state.

ACLU is great when it comes to Guantanamo; but where is the outrage over the end of private communications, even privacy at home, in America?

Does ACLU realize that aggrieved citizens are being BLOCKED at the door by security agents, turned away, told to "write a letter" -- and then their internet emails, even web postings, don't go through, or are taken down after the complainant thinks they've sent a message?

Please, ACLU... have an open door policy and get your own person down at the front desk... because it appears that your organization has been hijacked at the door.

You need a civil liberties CLINIC, a day where people can just SHOW UP and tell their story without being escorted from the building by the "security state" agents who seem to be a permanent presence in your lobby.

Thanks for listening... and please keep this post online. If this mainstream journalist can't get in to tell you about DOMESTIC TORTURE, community stalking sponsored by government, and the nationwide vigilante network that is using official law enforcement communications networks to impose extrajudicial control and punishment... what chance does the average Jane or Joe have to secure your assistance?

Your priority for 2009 should be a campaign against EXTRAJUDICIAL targeting and punishment that makes a mockery of the judicial system. You're battling in court, while civil liberties are being robbed from citizens on the STREET, no judicial system allowed.

So when may I come in to see you? Please leave me a message at My.NowPublic.com/scrivener

I've been trying to get an appointment for TWO YEARS. And I am beginning to wonder: Has ACLU been co-opted by the security state?

Computer Support

That is quite strange actually. If one is operating an online account then it doesn’t mean that he is a computer techie. There might be many people who don’t even know how to install a new browser, so it clearly leaves ‘do it yourself’ kinds of patches for those guys. Obviously on technical grounds, it doesn’t make sense either. Firefox version is also not a problem because it gives the same error in all Firefox versions. To be very frank, it doesn’t look like the software is having any sort of problem.
http://www.askdrtech.com/

Sign Up for Breaking News