IE8's 'privacy' mode leaks your private data

Information concealed by the InPrivateBrowsing feature of Microsoft's Internet Explorer 8.0 can easily be recovered by forensic experts, a Dutch website has found.

The InPrivate Browsing feature in Microsoft's latest browser is designed to delete a user's browsing history and other personal data that is gathered and stored during regular browsing sessions. The feature is commonly referred to as 'porn mode' for its ability to hide which websites have been visited from nosy spouses or employers.

See also:

Internet Explorer 8.0 Beta 2 review

Microsoft slaps Google with IE8: the porn browser

Forensic experts however found it trivial to retrieve the history, according to a test by Webwereld.nl, an affiliate of PC Advisor in the Netherlands, and Fox IT, a Dutch firm specialising in IT security and forensic research.

"The privacy option in this beta is mainly cosmetic. For a forensic investigator, retrieving the browsing history should be regarded as peanuts," said Christian Prickaerts, forensic IT expert with Fox IT.

To prevent login details, online orders and other sensitive information from leaking out, the privacy feature prevents Internet Explorer 8.0 Beta 2 from storing any cookies. The browser furthermore refrains from storing the browsing history in the Windows registry.

But researchers were able to retrieve data displaying general information about the browser's behavior. Although URLs (Uniform Resource Locators) aren't stored, Prickaerts was still able to restore the browsing history.

"The remaining records in the history file still enable me to deduce which websites have been visited," said Prickaerts.

Even more data is stored in the browser's cache, a feature designed to speed up performance of websites by storing a copy of recently accessed information on a user's hard disk. InPrivate Browsing failed to disable this feature. Users seeking a higher level of privacy could manually delete the cache, but it can later easily be retrieved through commonly available forensic tools.

The shortcomings in InPrivate Browsing put the level of privacy protection in Internet Explorer 8.0 on a par with Firefox 2.0 and 3.0. The open source browser allows users to delete all private data, but does that by merely deleting files. Those too can easily be retrieved. Developers have crafted plugins for Firefox which mitigate the risk of information leaks.

Microsoft's main goal with InPrivate Browsing is to prevent other users of the same computer to gain access to the browsing history, the company said in an email response. The feature isn't designed to protect a user's privacy from security experts and forensic researchers, the company said.

Visit PC Advisor's dedicated Microsoft News Spotlight for the latest news on the software giant

Visit Security Advisor for the latest internet threat news, FREE net threat email newsletters, and internet security product reviews

Visit Broadband Advisor for the latest internet news, reviews, tips & tricks

> Microsoft downloads, details and screenshots
> Buy Microsoft products

Submit to:Digg Slashdot Del.icio.us Reddit

• FREE email newsletters. Get news, reviews and features straight to your inbox
• For videos of the latest products, visit PC Advisor TV
• Sign up for RSS to get the latest news and reviews, direct to your desktop
• Get PC Advisor news, reviews and blogs on your website for free

Latest technology news:

• BBC iPlayer is bandwidth hog, admins warned
• HP announces low cost micro server for small business
• Home working spreads among office workers
• Salesforce.com readies native mobile clients for Chatter social network
• LG shows mobile with dual core Nvidia Tegra 2 chipset