The Secret’s Out: Reports of the privacy of private browsing have been greatly exaggerated

Sure, surfing the web in “incognito” or “private” mode might seem more secure than doing it with a totally unsecured browser—the phrases imply an air of security—but recent research and an overwhelming amount of anecdotal evidence from security experts indicates that so-called private browsing isn’t nearly as private as it’s cracked up to be. In fact, it’s not really private at all: routers, firewalls, proxy servers, RAM chips or the Domain Name System (DNS) cache all could have a record of your browsing history.

The lesson, of course, is that without appropriate add-on tools or apps, such “secret” browsing methods may not achieve the desired outcome at all. Here’s a primer on how to change the game.

Private Browsing 101

No discussion of private browsing can begin without first explaining what it is. In a nutshell, at least with most browsers, the private or incognito mode is designed to minimize the digital footprints you leave behind when you surf the web.

With the ostensibly confidential mode engaged, your browser won’t record any temporary data on the device you’re using.

Still, because the browser isn’t the only thing that reads the data you send and receive over the internet, it’s impossible to delete this information completely.

The truth is that copies of the data likely reside in a number of spots in the network, from the router to the firewall to any proxy servers or the DNS cache. In short, the information you thought you were protecting by browsing in private/incognito mode actually hasn’t been protected at all, which means your information could be vulnerable to attacks from browser hijackers, or worse.

Understanding misconceptions

One of the biggest problems with private browsing is the fact that users think it’s actually private.

According to a recent study from Avast, 65 percent of 10,000 responding consumers mistakenly believed that incognito/private browsing modes offered by today’s browsers will anonymize their identity and obscure their browsing habits from governments, businesses and advertisers.

What’s more, the same study indicated that 77 percent had misplaced expectations that their browser would alert them to potential web-based threats such as malicious extensions or unauthorized cryptomining.

Juxtapose these numbers with the fact that only 21 percent of private/incognito users consider these browsing modes safe, and it’s clear there’s an information gap at work. In short, users are utterly misinformed and probably putting way too much trust into browser modes that aren’t nearly as safe as they think they are.

Truly private browsing

What, then, can facilitate truly private browsing? In recent months a handful of new apps and browser overlays have hit the market to meet this very need. This technology takes extra steps to make sure data earmarked to be private stays that way.

Take the newest offering from Avast: the Avast Secure Browser. According to reviews, not only does the technology natively protect against web-based attacks such as ransomware, phishing and other malware, it also has features to protect users from mass surveillance, profile building and other invasions of consumer privacy.

The Avast tool also has a “Bank Mode” to lock down financial information, and it ships with Adblock, Anti-Tracking, and Anti-Fingerprinting switched on to keep a user’s online life private.

Other solutions on the horizon—such as a pilot project called Veil developed at the Massachusetts Institute of Technology—set up “blinding” servers that effectively whitewash all identifying data from headers that can be traced back to the original user.

Conclusion

However a browser works to keep data private, one thing is certain: current “private” and “incognito” modes on their own aren’t doing enough. The best solution to this problem is a one-two punch of new technology to sit on top of the browser with a Virtual Private Network (VPN) that is bulletproof enough to withstand common vulnerabilities and attacks.

While reports of the privacy of private browsing have been greatly exaggerated, users find themselves in a situation they can change for the better by adding a much-needed extra layer of privacy protection.

Previously published on Reuters’ Plus.