Private Browsing Not Safe

By August 02, 2010

The majority of web browsers offer a “private” mode, which purports to leave no trace of a user’s history on a computer. In reality, certain information is still stored, which allows users to go back to previously visited si

tes, or at least find out what they were, warn researchers at Carnegie Mellon University.

This is partly due to plug-ins and extensions, which mitigate the effectiveness of anonymous browsing modes and leave data accessible to a local attack (which controls a user’s computer), or an attack made by hacked internet sites.

To come to these conclusions, the researchers utilized a model that allowed them to evaluate at long-distance the quality and the resistance of these add-ons. Their findings are relevant for the four major browsers: Firefox, Internet Explorer, Chrome and Safari.

There's two steps to the system. The first entails analyzing the source codes stored by the browsers and verifying that they’re all protected when users are in private browsing mode. The second step calls for verifying that the protocols used by the browsers don’t affect the private nature of these source codes while in secure mode.

The result is that weaknesses appear, mainly because of the protocols, which preserve and hide the traces of navigation. At the top of the list, according to the researchers: Firefox, which executes the characteristics of HTML, allowing a site to define personal protocols. These, which are established when the user is in safe mode, are still usable and detectable when navigation is ended.

“A hacker could use this to track what a user did on a site and retrace their browsing history,” the researchers say. This is even possible in secure mode.

Other weaknesses, across all the browsers: when a site uses JavaScript, it can order the browser to produce protocols to securitize exchanges, which are used in both public and private modes, and act to define which security objectives to respect, such as server authentication or the confidentiality of exchanged data. In the case of public and private use, the browser can save the information demanded by the protocol outside of secure navigation.

With this, attackers can track the previously-viewed site. The researchers also call out the SMB (Server Message Block), which allows file sharing over local networks on Windows PCs.

“It can undo the anonymity of the ‘private’ mode,” the researchers say.

When Internet Explorer uses SMB to make a file-sharing request with a server, an initial anonymous connection is attempted. If this fails, Internet Explorer sends all the information necessary to complete the exchange: the user name of the server, as well as the name of the computer and the Windows domain. All this while the browser is in secure mode.

The researchers will present their research at next month’s Usenix Security Symposium in Washington, D.C.

Originally published on L'Atelier France.

Legal mentions © L’Atelier BNP Paribas