Private browsing is a privacy feature in some web browsers. When operating in such a mode, the browser creates a temporary session that is isolated from the browser's main session and user data. Browsing history is not saved, and local data associated with the session, such as cookies, are cleared when the session is closed. These modes are designed primarily to prevent data and history associated with a particular browsing session from persisting on the device, or being discovered by another user of the same device.
Private browsing modes do not necessarily protect users from being tracked by other websites or their Internet service provider (ISP). Furthermore, there is a possibility that identifiable traces of activity could be leaked from private browsing sessions by means of the operating system, security flaws in the browser, or via malicious browser extensions, and it has been found that certain HTML5 APIs can be used to detect the presence of private browsing modes due to differences in behavior.
Apple's Safari browser was one of the first major web browsers to include this feature. The feature has since been adopted in other browsers, and led to popularization of the term in 2008 by mainstream news outlets and computing websites when discussing beta versions of Internet Explorer 8. Adobe Flash Player 10.1 began honoring browser settings and private browsing status in regards to the storage of local shared objects.
Noted uses of private browsing modes include hiding undesirable content from the browsing history (such as visits to adult-oriented websites), performing web searches that are not algorithmically influenced by prior browsing habits or the user's recorded interests, providing a "clean" temporary session for a guest user (such as when using a public computer), and using websites with multiple accounts simultaneously. Private browsing has also been used as a means to circumvent metered paywalls on some websites.
In a survey by search engine DuckDuckGo, 48% of participants declined to respond (leading researcher Elie Bursztein to note that "surveys are clearly not the best approach to understand why people are using the private browsing mode because of the embarrassment factor"), and 18% listed shopping as their primary use of private browsing modes.
A study by the Mozilla Foundation found that most sessions lasted only about 10 minutes, but that there were periods where activation increased, usually around 11 a.m. to 2 p.m., 5 p.m., between 9 p.m. and 10 p.m., and a minor peak about an hour or two after midnight.
Support in popular browsersEdit
Private browsing is known by different names in different browsers.
|April 29, 2005||Safari 2.0||Private Browsing (Command⌘+Shift+n)|
|December 11, 2008||Google Chrome||Incognito (Ctrl+Shift+n or ⌘+Shift+n for Mac)|
|March 19, 2009||Internet Explorer||InPrivate Browsing (Ctrl+Shift+p or ⌘+Shift+p for Mac)|
|June 30, 2009||Mozilla Firefox 3.5||Private Browsing (Ctrl+Shift+p or ⌘+Shift+p for Mac)|
|March 2, 2010||Opera 10.50||Private Tab / Private Window (Ctrl+Shift+n or ⌘+Shift+n for Mac)|
|November 18, 2014||Amazon Silk||Private Browsing (Swipe from the left edge of the screen, and then tap Settings and select Enter Private Browsing)|
|July 29, 2015||Microsoft Edge||InPrivate Browsing (Ctrl+Shift+n or ⌘+Shift+p for Mac)|
|November 13, 2019||Brave||Private Browsing (Ctrl+Shift+n or ⌘+Shift+n for Mac)|
It is a common misconception that private browsing modes can protect users from being tracked by other websites or their Internet service provider (ISP). Such entities can still use information such as IP addresses and user accounts to uniquely identify users. Some browsers have partly addressed this shortcoming by offering additional privacy features that can be automatically enabled when using private browsing mode, such as Firefox's "Tracking Protection" feature to control use of web trackers (which has since been rolled into a larger "content blocking" function extended outside of private browsing mode), and Opera offering an in-house VPN service embedded within the browser.
In 2012, Brazilian researchers published the results of a project where they applied forensic techniques (namely the Foremost data carving tool and Strings program) to extract information about the users browsing activities on Internet Explorer and Firefox browsers with their private mode enabled. They were able to collect enough data to identify pages visited and even partially reconstruct them. This research was later extended to include the Chrome and Safari browsers. The gathered data proved that the browsers' private mode implementations are not able to fully hide users' browsing activities and that browsers in private mode leave traces of activities in caching structures and files related to the paging process of the operating system.
Another independent security analysis, performed by a group of researchers at Newcastle University in 2014, reported a range of potential security vulnerabilities in the implementation of the private modes across Chrome, Firefox, Internet Explorer, and Safari, including that;
- Browser extensions could still record history if they were active in private mode. Although Chrome and Firefox have since required extensions to be enabled on an opt-in basis for their private browsing modes, an installed extension in the normal mode could learn the user's activities in the private mode by measuring the usage of shared computing resources.
- Data erasure by the browser alone is found to be insufficient. For example, the records of visited websites during the private session can be retained in memory for a long time even after the private session is closed. In addition, the visited website records are usually kept by the operating system in the local DNS cache. Furthermore, the modified timestamps of certain profile files saved on the disk may reveal if the private mode was previously turned on and when it was turned on.
- Software bugs present in some browsers were found to seriously degrade the security of the private mode. For example, in some earlier versions of Safari, the browser retained private browsing history records if the browser program was not closed normally (e.g., as a result of a crash), or if the user acted to add a bookmark within the private mode.
- Depending on whether the session is in the private or the normal mode, web browsers typically exhibit different user interfaces and traffic characteristics. This allows a remote website to tell if the user is currently in the private mode, for example, by checking the color of the hyperlinks or measuring the time of writing cookies.
Bugs and security vulnerabilities in extensions themselves may also leak personally identifiable data from private mode.
Implementations of the HTML5 FileSystem API can be used to detect users in private mode. In Google Chrome, the FileSystem API was not available in Incognito mode prior to version 76. To prevent circumvention of paywall policies and evasion of web tracking scripts used to monetize traffic, a number of websites — including The New York Times — have used such behavior to block access to users in private browsing mode, and requiring them to subscribe or log in. Chrome 76 allows the FileSystem API to be used in Incognito mode; explaining the change, Google argued that the ability to detect the use of Incognito mode infringes on users' privacy. However, it was later discovered that the disk space quotas for the API differed between normal and Incognito modes, providing another means by which to detect Incognito users. Despite statements otherwise by Google, this has not yet been patched. Scripts have also been developed to detect private browsing mode on other browsers, such as Firefox.
- Trapani, Gina (4 May 2005). "Safari's private (porn) browsing mode". Lifehacker. Retrieved 11 April 2010.
- Foley, Mary Jo. "Microsoft to roll out more granular 'porn mode' with IE 8". ZDNet. Retrieved 4 October 2008.
- Sadighi, Lalee. "Microsoft's Internet Explorer 8 Goes 'Porn Mode'". Red Herring. Archived from the original on 12 September 2008. Retrieved 4 October 2008.
- Kidman, Angus. "Microsoft releases IE8 beta 2: MS porn mode included". APC. Retrieved 4 October 2008.
- "Adobe Flash 10.1 supports "private browsing"". The H. Retrieved 14 August 2019.
- "Adobe Flash Player Private Browsing May Force Change in Fraud Fight". eWeek. Retrieved 14 August 2019.
- Paul, Ian (11 March 2014). "Three practical reasons to use your browser's private mode". PCWorld. Retrieved 14 August 2019.
- Brownlee, Chip (31 July 2019). "Google's Chrome Update Just Unlocked Lots of Newspapers' Metered Paywalls". Slate Magazine. Retrieved 14 August 2019.
- Bursztein, Elie. "Understanding how people use private browsing". Retrieved 14 August 2019.
- Espiner, Tom. "Private browsing tools still leave data trail". ZDNet. Retrieved 14 August 2019.
- "Private browsing: 16 good reasons to use incognito mode". ZDNet. Retrieved 14 August 2019.
- Ulmer, Hamilton (23 August 2010). "Understanding Private Browsing". Blog of Metrics. Mozilla Foundation. Retrieved 24 August 2010.
- Parchisanu, Daniel (9 November 2018). "How to go incognito in all web browsers: Chrome, Firefox, Opera, Edge, and Internet Explorer". Digital Citizen. Retrieved 9 January 2019.
- "Microsoft Announces Availability of Internet Explorer 8" (Press release). Microsoft. 19 March 2009. Archived from the original on 22 March 2009. Retrieved 16 December 2011.
- "Mozilla Cross-Reference mozilla1.9.1". Mozilla Foundation. Retrieved 26 May 2009.
- Mateu, Roberto. "Opera 10.5 pre-alpha for Labs". Opera Software. Archived from the original on 26 August 2011. Retrieved 22 December 2009.
- "Private Browsing for Amazon Silk". Amazon Inc. Archived from the original on 22 December 2014. Retrieved 18 November 2014.
- Grothaus, Michael (12 April 2019). "Incognito mode won't keep your browsing private. Do this instead". Fast Company. Retrieved 14 August 2019.
- Cimpanu, Catalin. "Firefox 63 released with 'always-on' tracking protection". ZDNet. Retrieved 14 August 2019.
- R. Ruiz, F. P. Amatte, K. J. B. Park, Tornando Pública a Navegação “In Private”. Proceedings of the Seventh International Conference on Forensic Computer Science – ICoFCS 2012, Available online Sep 2012.
- R. Ruiz, F. P. Amatte, K. J. B. Park, Opening the “Private Browsing” Data – Acquiring Evidence of Browsing Activities. Proceedings of the International Conference on Information Security and Cyber Forensics (InfoSec2014), Available online Oct 2014.
- Satvat, Kiavash; Forshaw, Matthew; Hao, Feng; Toreini, Ehsan (2014). "On the privacy of private browsing – A forensic approach". Journal of Information Security and Applications. 19: 88–100. doi:10.1016/j.jisa.2014.02.002.
- Keizer, Gregg (8 March 2019). "How to go incognito in Chrome, Firefox, Safari and Edge". Computerworld. Retrieved 14 August 2019.
- Verger, Rob (26 February 2018). "Your private browsing isn't as incognito as you want it to be". Retrieved 24 September 2020.
- B. Zhao, P. Liu, Private Browsing Mode Not Really That Private: Dealing with Privacy Breaches Caused by Browser Extensions. In Proceedings of the 45th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN 2015), Rio de Janeiro, Brazil, Available online June 2015.
- Tung, Liam. "Chrome's 'more private' Incognito mode: Websites can still detect you're using it". ZDNet. Retrieved 14 August 2019.
- Duckett, Chris. "Google to clamp down on Incognito Mode detection". ZDNet. Retrieved 14 August 2019.
- Cimpanu, Catalin. "Incognito mode detection still works in Chrome despite promise to fix". ZDNet. Retrieved 25 June 2020.
- "How to Turn On Private or Incognito Browsing". wikiHow. Retrieved 31 July 2018.