| Digg | Slashdot | Fark | Stumble | |
| MIXX | del.icio.us | Newsvine | Technorati | |
HAARLEM, NETHERLANDS - A privacy feature built into the second beta version of Microsoft's Internet Explorer 8 browser isn't
as private as advertised.
The InPrivate Browsing feature in Microsoft's latest browser is designed to delete a user's browsing history and other personal data that is gathered and stored during
regular browsing sessions. The feature is commonly referred to as 'porn mode' for its ability to hide which websites have
been visited from nosy spouses or employers.
Forensic experts however found it trivial to retrieve the history, according to a test by Webwereld, an IDG affiliate in the
Netherlands, and Fox IT, a Dutch firm specializing in IT security and forensic research.
"The privacy option in this beta is mainly cosmetic. For a forensic investigator, retrieving the browsing history should be
regarded as peanuts," said Christian Prickaerts, forensic IT expert with Fox IT.
To prevent login details, online orders and other sensitive information from leaking out, the privacy feature prevents Internet
Explorer 8 beta 2 from storing any cookies. The browser furthermore refrains from storing the browsing history in the Windows
registry.
But researchers were able to retrieve data displaying general information about the browser's behavior. Although URLs (Uniform
Resource Locators) aren't stored, Prickaerts was still able to restore the browsing history. "The remaining records in the
history file still enable me to deduce which websites have been visited," said Prickaerts.
Even more data is stored in the browser's cache, a feature designed to speed up performance of websites by storing a copy
of recently accessed information on a user's hard disk. InPrivate Browsing failed to disable this feature. Users seeking a
higher level of privacy could manually delete the cache, but it can later easily be retrieved through commonly available forensic
tools.
The shortcomings in InPrivate Browsing put the level of privacy protection in Internet Explorer 8 on a par with Firefox 2
and 3. The open source browser allows users to delete all private data, but does that by merely deleting files. Those too
can easily be retrieved. Developers have crafted plugins for Firefox which mitigate the risk of information leaks.
Microsoft's main goal with InPrivate Browsing is to prevent other users of the same computer to gain access to the browsing
history, the company said in an e-mail response. The feature isn't designed to protect a user's privacy from security experts
and forensic researchers, the company said.
The IDG News Service is a Network World affiliate.
Rss FeedRss FeedReceive the latest news, reviews and trends on your favorite technology topics
The Leader in Network Knowledge
Comments (4)
What up with that?By Schratboy on August 29, 2008, 5:35 pmJust the other day it was noted that MS was catching up with security. Apparently, the reality of the situation, yet again, demonstrates that MS and security are...
Reply | Read entire comment
That's why it's called a BETA.By Dan D. on August 30, 2008, 12:44 pmSince Microsoft has become a bit more transparent and started releasing public betas of their high-profile software applications, the term 'beta' seems to have lost...
Reply | Read entire comment
Dan D., perhaps you missed the part where MS said: "The feature By Anonymous on August 31, 2008, 1:32 pmDan D., perhaps you missed the part where MS said: "The feature isn't designed to protect a user's privacy from security experts and forensic researchers, the company...
Reply | Read entire comment
RE: What up with that?By Hans Pedersen on August 31, 2008, 8:56 pmSchratboy, you have got to be some kind of moron if you even pretend to believe what you wrote. What do you expect the InPrivate fuction to do? Format the system...
Reply | Read entire comment
View all comments