An analysis of private browsing modes in modern browsers

Authors: G. Aggarwal, E. Bursztein, C. Jackson, and D. Boneh

We study the security and privacy of private browsing modes recently added to all major browsers. We first propose a clean definition of the goals of private browsing and survey its implementation in different browsers. Since there is no data on the use of private browsing, we conduct an experiment to determine how often it is used and on what categories of sites. Our results suggest that private browsing is used differently from how it is marketed. We then describe an automated technique for testing the security of private browsing modes and report on weaknesses found in the Firefox browser. Finally, we show that many popular browser extensions and plugins undermine the security of private browsing. We propose and experiment with a workable policy that lets users safely run extensions in private browsing mode.

In proceedings of Usenix Security 2010.   [BIBTEX]

Full paper: pdf