Browsing in "private mode" isn't as private as users think, a researcher said today.
"There are some traces left behind [by all browsers] that could reveal some of the sites that you've been to," said Collin Jackson, an assistant research professor at the Silicon Valley campus of Carnegie Mellon University. Jackson, along with three colleagues from Stanford University, will present their findings later today at the Usenix Security Symposium in Washington, D.C.
Internet Explorer (IE), Firefox, Chrome and Safari offer private browsing intended to cloak a user from Web sites and erase all browsing evidence from the PC or Mac.
Apple's Safari was the first browser to feature private browsing, followed in 2008 by Google's Chrome, and in the next year, by Microsoft's IE and Mozilla's Firefox . Opera added a similar feature this summer, but was not included in the research.
The tools are designed primarily to prevent Web destinations from being recorded to the browser's history so that someone else with access to the computer -- a spouse, say, or child -- can't see where the browser's been. Chrome, calls its feature "Incognito," while IE dubs it "InPrivate."
"All the browsers are trying to protect you from this local attacker," said Jackson, using the term he and his fellow researchers applied to others who could put hands on the computer's keyboard or otherwise access the machine.
IE, Firefox and Safari, for instance, leave traces of SSL (secure socket layer) encryption keys even when run in private mode, while IE and Safari on Windows preserve self-signed SSL certificates in a "vault" file that could be read by others to track the browser's path across the Web.
Firefox also retains evidence of some certificates, particularly non-standard certificates used by some government agencies, in a file that can be mined by others, the four researchers said in their paper.
Private mode has also been billed by browser makers as a way for users to hide themselves from the prying eyes of sites that try to track habits and histories. In fact, said Jackson, most users see that as the biggest attraction to private mode.
"Some browsers do a better job of protecting you from other types of scenarios, such as Web site tracking," Jackson said. "Safari is very much more willing to reveal you to Web sites than the others."
Safari uses a completely different model than its rivals, one that makes available to sites virtually all public information during private sessions. Jackson declined to criticize Apple for how it handles private mode, insisting that it was "simply different" from the others.
Nor would Jackson name the browser that he and the other researchers believed is best at keeping secrets from others, or other sites. Every browser leaks some information, he noted, and every browser has flaws to fix.
"This is an important feature for users to have, and the fact that it's not perfect is no reason to avoid using it on the Web," said Jackson.
Jackson and the others -- Gaurav Aggarwal, Elie Burzstein and Dan Boneh, all at Stanford -- ran other tests to determine when and for what purpose people used private browsing. Some of the results were surprising, said Jackson; others were not.
Of the latter, their research confirmed what most suspect: Private browsing is used more often when users surf to adult-oriented sites than when visiting gift-buying or news sites. "This observation suggests that some browser vendors may be mischaracterizing the primary use of the feature when they describe it as a tool for buying surprise gifts," the four researchers said in their paper.
Microsoft still uses that gift-buying scenario in its promotional copy for IE8's InPrivate mode. For obvious reasons, browser makers have been reluctant to acknowledge what most users see as the feature's primary purpose -- hiding their surfing of adult sites -- a perception that produced the tongue-in-cheek "porn mode" label for the tool.
More surprising, said Jackson, was that Safari and Firefox users run in private mode more than people using either IE or Chrome. According to the tests, Safari users were twice as likely to run in private mode than Chrome users, and nearly seven times more likely than people using IE.
"I was a little bit surprised at that," Jackson said.
But the researchers had an explanation. "We found that private browsing was more commonly used in browsers that displayed subtle private browsing indicators," their paper stated, pointing out that Safari and Firefox display private browsing mode less prominently than Chrome and IE.
To Jackson, that meant Safari and Firefox users had probably forgotten that they were in private mode, and had simply neglected to turn it off.
The research paper authored by Jackson, Aggarwal, Burzstein and Boneh can be downloaded from the Stanford University site ( download PDF ).