« Crack a Locked iPhone in Three Taps | Main | Security & Privacy in Google Chrome »
August 29, 2008
IE8 Privacy Feature Is Leaky
People are already figuring out where IE8’s privacy mode falls down:
“The shortcomings in InPrivate Browsing put the level of privacy protection in Internet Explorer 8 on a par with Firefox 2 and 3. The open source browser allows users to delete all private data, but does that by merely deleting files. Those too can easily be retrieved. Developers have crafted plugins for Firefox which mitigate the risk of information leaks.
“Microsoft’s main goal with InPrivate Browsing is to prevent other users of the same computer to gain access to the browsing history, the company said in an e-mail response. The feature isn’t designed to protect a user’s privacy from security experts and forensic researchers, the company said.
The enterprise market won’t be very enthusiastic about this sort of feature, and Microsoft knows it. Making the feature completely bulletproof isn’t going to be a customer priority in that audience.
All the same, the way the company is selling InPrivate Browsing could use some tuning.
It’s innocuous enough at the top of the IE8 beta page:
“Keep Internet Explorer 8 from adding any sites you visit to Browsing History with InPrivate Browsing. Now you can shop for that special gift with confidence knowing your family won’t accidentally find out.”
That makes the feature sound pretty lightweight to me. After the jump, though, the claims get a little stronger:
“Sometimes you don’t want to leave any trace of specific web browsing activity, such as when checking e-mail at an Internet cafe or shopping for a gift on a family PC. InPrivate Browsing in Internet Explorer 8 helps prevent your browsing history, temporary Internet files, form data, cookies, and usernames and passwords from being retained by the browser, leaving no evidence of your browsing or search history.”
Well, from the link at the top of this entry:
“Even more data is stored in the browser’s cache, a feature designed to speed up performance of websites by storing a copy of recently accessed information on a user’s hard disk. InPrivate Browsing failed to disable this feature. Users seeking a higher level of privacy could manually delete the cache, but it can later easily be retrieved through commonly available forensic tools.”
I think the cache qualifies as “evidence of your browsing or search history.”
No scandal here, but Microsoft should tone down the language describing the feature to make it clear that it’s mainly designed to thwart the idlest of curiosity.
Posted by mhall at 1:18 PM | Add Comment
Leave a comment