We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
 
74,944 News Articles

IE8's 'privacy' mode leaks your private data

InPrivate browsing, not so private

Information concealed by the InPrivateBrowsing feature of Microsoft's Internet Explorer 8.0 can easily be recovered by forensic experts, a Dutch website has found.

The InPrivate Browsing feature in Microsoft's latest browser is designed to delete a user's browsing history and other personal data that is gathered and stored during regular browsing sessions. The feature is commonly referred to as 'porn mode' for its ability to hide which websites have been visited from nosy spouses or employers.

See also:

Internet Explorer 8.0 Beta 2 review

Microsoft slaps Google with IE8: the porn browser

Forensic experts however found it trivial to retrieve the history, according to a test by Webwereld.nl, an affiliate of PC Advisor in the Netherlands, and Fox IT, a Dutch firm specialising in IT security and forensic research.

"The privacy option in this beta is mainly cosmetic. For a forensic investigator, retrieving the browsing history should be regarded as peanuts," said Christian Prickaerts, forensic IT expert with Fox IT.

To prevent login details, online orders and other sensitive information from leaking out, the privacy feature prevents Internet Explorer 8.0 Beta 2 from storing any cookies. The browser furthermore refrains from storing the browsing history in the Windows registry.

But researchers were able to retrieve data displaying general information about the browser's behavior. Although URLs (Uniform Resource Locators) aren't stored, Prickaerts was still able to restore the browsing history.

"The remaining records in the history file still enable me to deduce which websites have been visited," said Prickaerts.

Even more data is stored in the browser's cache, a feature designed to speed up performance of websites by storing a copy of recently accessed information on a user's hard disk. InPrivate Browsing failed to disable this feature. Users seeking a higher level of privacy could manually delete the cache, but it can later easily be retrieved through commonly available forensic tools.

The shortcomings in InPrivate Browsing put the level of privacy protection in Internet Explorer 8.0 on a par with Firefox 2.0 and 3.0. The open source browser allows users to delete all private data, but does that by merely deleting files. Those too can easily be retrieved. Developers have crafted plugins for Firefox which mitigate the risk of information leaks.

Microsoft's main goal with InPrivate Browsing is to prevent other users of the same computer to gain access to the browsing history, the company said in an email response. The feature isn't designed to protect a user's privacy from security experts and forensic researchers, the company said.

Visit PC Advisor's dedicated Microsoft News Spotlight for the latest news on the software giant

Visit Security Advisor for the latest internet threat news, FREE net threat email newsletters, and internet security product reviews

Visit Broadband Advisor for the latest internet news, reviews, tips & tricks


IDG UK Sites

Samsung Galaxy Note 4 release date, price and specs 2014

IDG UK Sites

What's the best smartwatch? 11 iWatch rivals compared in our wearables round-up

IDG UK Sites

App cloning: the mobile software industry’s hidden shame

IDG UK Sites

Developers get access to more Sony camera features