Private Browsing Mode: Is Secrecy Security?

Is Privacy Mode Safe?

There are plenty of reasonable explanations for why you’d want to browse the web in a private session. Maybe you’re on the hunt for the perfect gift and you want to keep your searches a secret from your significant other, or you’re on a public machine and are afraid you’ll forget to log out of website accounts.

Safari, Google Chrome, Firefox, Opera and Internet Explorer (IE) are all now offering the option of web browsing in privacy, or “incognito”, mode. We are deeply concerned with protecting the safety of intellectual property and personal identifying information, so our obvious question became: What is this secrecy worth in the context of cyber threats? What does privacy mode actually do to protect you?
**This discussion will not address or qualify the patchwork of components that comprise The Electronic Communications Privacy Act (ECPA). We are addressing how private browsing might affect your cyber security risk.**

What is privacy mode?

Here’s what we know privacy mode can do for you:
* Reduce your online footprint by disabling browsing history and web caching – browse without storing local data
* Disable storage of data in cookies and Flash cookies
* Sign you out of all accounts and sessions when you close the browser
* Allow you to sign into multiple site accounts at once within the same browsing session
* Keep your searches “pure” by not having prior search history or your networks influencing recommendations and rankings. Some browsers can even prevent data from passing on to 3rd parties that learn about you during your browser session.

Does It Matter Which Browser I Use?

A whole plethora of factors point to the following: There are caveats, flaws, to the privacy measures of just about every browser out there. Regardless of browser, these sessions were developed and are designed for the local level, in most cases, so that other users of that same computer would have a hard time tracking you.

So, Am I Protected?

Private browsing sessions help to shield against phishing attacks. That said, of course it is not a sure-fire way to block infections as you probably guessed. Frankly, your activity while using the browser including the sites you visit, forms you fill out, and downloads, are likely canceling out most of what browser “privacy” might promise.

Your download history might not stick in a private session, but the files themselves certainly aren’t scanned or mediated by the browser and remain on your machine even after you close out of a session. In many cases, extensions and add-on’s are storing data independent of the core browser. Email, instant messaging, and other such communications within your browsing session are still perfectly viable methods by which an infection might creep its way in regardless of whatever trail you are avoiding leaving behind. Blacklisting of dangerous websites is a reactive process, so your browser would have already had to come across a page and remember it on the list of sites to block. This process has to reset with private sessions if you don’t have software on your machine outside of the browser to screen activity and remember preventative actions, which means repeat effort that leaves a small window of time, again, for infections to make their way in.

All of the protection offered by private browsing sessions is also only intended for your local machine. It is still very possible for your history and behavior to by identified through your IP address. There are search engines such as DuckDuckGo that will at least default to not storing your personal information and thus won’t send any of it to the websites you access through its service. While the websites will still know you visited them via your IP address, at least it won’t send the search phrases you used to those third parties. The closest you might get to actually stripping your IP address from your ID when browsing, though, would be if you went so far as to connect with a network that facilitates anonymity by routing your traffic through a series of computers before connecting you with your intended destination.

Options like Epic Privacy Browser have come into play in recent years claiming to satisfy required info sharing to advertisers while simultaneously masking your IP address. This was exciting and terrifying for competing browsers…until the ad game changed and rendered this method pretty useless: . Search engines started altering their algorithms to flag hidden or masked IP addresses as signs of fraud.

Here’s what this all means: It is just not sufficient to put forth protection only at the browser level, but it can help.

What Else Do I Need If This Isn’t Enough?

Regardless of your workstation solution(s), there is absolutely a bare minimum you should have in place before making contact with the web: Anti-Virus and Anti-Malware. While this is hardly adequate against today’s threat landscape, it will give you some line of defense outside of the browser itself. This is gravely important considering the fact that over 80% of websites place tracking files, sometimes hundreds, on your computer. That’s without even considering your downloads, add-on extensions, and communications activity like email and chat.

For a deeper dive into how you can stay safe when browsing online, not just from the web browser perspective, check out this Guide to Safe Internet Browsing.

With a next-gen perspective we deliver cutting-edge technology with our NOAH Cyber Security Solutions that maintain and monitor systems 24x7x365. At the heart of our solutions is our NOAH Core Protection Suite. This is made up of the tools we consider to be essential to the security of any enterprise.
Achieve awareness of your emerging threats and maintain your business continuity –
Get in touch with us.