Recently there has been some disagreement as to what "private mode" means when it comes to various browsers.
Primarily I am referring to...
What does "privacy mode" mean to these browsers? By that I mean, what tactics do/don't they typically take?
They are meant to clear a part of your browser history that is in this so called "private" session and to separate that session from previously existing sessions as well. Things in this session won't be stored after you leave the session.
This is not a 100% foolproof method however:
They will still be able to track you based on your IP-addresss and your screensize, System Fonts, Browser Plugin Details, etc (see: https://panopticlick.eff.org/ ) You just don't store browserhistory including the caches and cookies in your browser after you leave the "private session".
People will still be able to track you, when you are not careful enough with using your known usernames. Think about moderators, your so called "friends", but also people who forget to set their privacy settings on Youtube and Facebook for example. The default setting is that everyone can see what videos you watched and what you shared.
So it doesn't protect from human stupidness, like giving your "Lulzsec" hackerfriends all your personal information:
http://www.foxnews.com/scitech/2012/03/06/hacking-group-lulzsec-swept-up-by-law-enforcement/
So it doesn't work when you threating to blow up a school on twitter. No matter whether your "private modes" is enabled or not. http://www.ajc.com/news/student-arrested-for-threatening-1398649.html
It doesn't protect against geolocation data. For example when you forget to turn off geolocation, when tweeting an image that was originally taken with your mobilephone. Or when you accept to give your geolocation to a service like Google Maps.
Is not a protection against viruses, keyloggers, screenloggers and other malware. And hacker who gains access to your the server or your credentials can still access some of your private information on sites you visited.
In the past there were some problems some cookies - like the Flash Super cookies - still being able to track you in this private mode. This issue has been resolved since then. http://lifehacker.com/5470515/flash-finally-adds-support-for-private-browsing
The "private browsing" mode of different browser can differ WRT a few details, but they share the same goal: to disconnect "private" and "normal" browsing as much as possible. (I believe "private mode" follow the same philosophy in most browsers.)
High level description of what private browsing mode tries to emulate:
You get the idea. There is no real installation of course, it's a very abstract description.
Transient browser state must not be imported, notably:
:visited CSS property)It is difficult to balance the advantages regarding security and privacy of browser extensions and the fact that they might contribute to specific browser fingerprints, as they can make the browser less "standard looking": even if you hide your extensions in user-agent, they change the browser behaviour in ways that are often detectable, making the browser fingerprinting more precise.
For example, running AdBlock/ABP the browser will not download ads (well, anything) from particular locations (domains, directories), depending on the subscribed filter list. A particular filter list could be identified, and this information could be used for browser fingerprinting.
In general the most useful extensions for security and privacy will change the behaviour of the browser:
Be careful that a particular URL may carry identifying information, such as ?SESSIONID=xxx.
Email links often carry such identifying informations to determine if a particular email has been read.
It is not clear what can be done about that in general at the browser level, as URL is usually entirely relevant (there is nothing in most URL that can be striped, such that the striped still refers to the same resource), but some URL carry informations that identify not the resource but the way to was obtained (such as "referer" information).
I guess some query parameters names could be as white-listed (like q=xxx for searches), others black-listed, and the user could have to make some guesses about others.
Of course if such filters were widely used, a counter approach could be easily deployed: the exact same identifying information could be passed not in query parameters, but disguised as a regular URL information: /sessionid_is_xxx/ and would be even harder to filter.
An alternate approach would be to search for the URL in Google (assuming the resource is on the public indexed Web); the complete URL is not found, to remove informations from the URL until a document with (about) the same URL is found on the public Web. Then the simplified URL can be used as a non-identifying URL (if any "path" or "Referer" is embedded in the URL, it identifies the Google Bot).
But I think I am drifting away from the original question...
Many answers have touched upon the 'network' aspect of private browsing modes. Interestingly private browsing modes (aptly called the porn mode) primarily aim to leave no trace of your browsing activity on the host computer.
In a research project at my University, we did a host based forensic analysis of the private browsing modes of various browsers. The results were surprising :)
When we did this research (in 2010), we found that browsers indeed leave various artifacts in the memory which can be recovered by reconstructing the user-space memory of the browser. What could be re-constructed varied from browser to browser.
And once we included the kernel memory into the equation(which is kind of a cheating since browsers can rarely do much to cleanse it), we were able to find the SSL certificates, form passwords, form data, and cookies that were used during the private browsing session. Obviously since we are dealing with RAM memory, all these artifacts are lost on a reboot (unless you are going to do a cold boot attack).
You can read our paper and methodology at http://mocktest.net/paper.pdf (specially section 4.2)
So if you think you can beat the forensic analysts by using private browsing mode (if they have physical access to your computer), you are in denial. I don't claim that your entire session can be reconstructed but vital information leaking out the sites you visited can be found (again differs based on OS/browser).
If you think you can beat your wife from knowing what you browsed - that sounds like a more reasonable(and safe) assumption !!
Private Mode doesn't keep:
HOWEVER:
Primarily, they prevent the persistence of things like website history, cache, and cookies, deleting them when "private mode" ends or not storing them at all. Additionally, there is typically some separation between data (such as cookies) from previous sessions and "private mode".
Specifically (on a high level)...
Internet Explorer 8 InPrivate: frequently asked questions:
InPrivate Browsing prevents Internet Explorer from storing data about your browsing session.
Chrome Incognito mode (browse in private):
- Webpages that you open and files downloaded while you are incognito aren't recorded in your browsing and download histories.
- All new cookies are deleted after you close all incognito windows that you've opened.
- Changes made to your Google Chrome bookmarks and general settings while in incognito mode are always saved.
Firefox Private Browsing - Browse the web without saving information about the sites you visit the following are listed as not being saved
- Visited pages
- Form and search bar entries
- Passwords
- Download list entries
- Cached Web Content and Offline Web Content and User Data
