We need a better Private Browsing Mode

Many browsers have some type of 'private' browsing. The settings aren't enough, though, to offer real protection.

We need a better Private Browsing Mode

Many web browsers have some variation of “private” browsing mode. In that mode, websites shouldn't be able to read cookies stored on your computer, nor should they  be able to place permanent cookies onto your computer. (They think they can place cookies, but those cookies are deleted at the end of the session.)

Normally, you have two ways to use those modes:

  • Deliberately decide to start a private session. On Firefox for the Mac, it’s File -> New Private Window. Ditto for Safari for the Mac. In Chrome for the Mac, it’s File -> New Incognito Window. The process is similar for Windows, and it is somewhat different on phones and tablets. The problem is that if you click a link in, say, an email, it will open in a regular, non-private window.
  • Set a default that every browser session will be private/incognito. (The method varies widely based on browser and operating system.) This method will handle external link requests by opening them in private/incognito mode. But since everything else will open that way too, you’ll have to manually log into every website you visit. That is a real nuisance. (You can set browsers to block cookies, but that’s bigger nuisance because some authentication-required sites won't work properly.)

Browser makers need new fine-grained security settings that allow users to enjoy the benefits of cookies when they want to, but protect them by default otherwise. The best I can tell, nobody implements this specific logic as an option (or as a series of options):

1. Open every website/link in private mode unless:

1a. The user manually clicked the website name using a bookmark that was manually created with the "not private" attribute checked, OR

1b. The user was not in private mode, and the user manually clicked a link that opens another page on the same website (i.e., same domain), OR

1c. The user manually added the website/domain to a trusted privacy whitelist

2. If the user types the URL into the browser, ask which mode to use, unless it is on the whitelist mentioned in 1c.

3. When a new bookmark is created, tell the user it will be opened in private mode by default unless the user manually checks a box to indicate the site is trusted.

Not perfect, better than nothing

Yes, I know private browsing modes don’t offer real security, but they are better than nothing. For example, third-party extensions can easily bypass it, as an alarming study from Penn State shows.

Chrome’s Incognito Mode doesn't offer strong protection at all. Google says,

Incognito is a mode that opens a new window where you can browse the Internet in private without Chrome saving the sites you visit. You can switch between an incognito window and any regular Chrome browsing windows you have open. You'll only be in incognito mode when you're using the incognito window.

Be careful. Incognito mode only prevents Chrome from saving your site visit activity. It won't stop other sources from seeing your browsing activity, including:

• Your internet service provider

• Your employer (if you're using a work computer)

• The websites you visit themselves

• What you've downloaded

Chrome won’t save a record of the files you download in incognito mode. However, the downloaded files will be saved to your computer’s Downloads folder, where you and any other users of your computer can see and open them, even after you close your incognito tabs.

Firefox’s Private Browsing with Tracking Protection is stronger than Chrome, but it is again an all-or-nothing option. You can’t turn it off for sites you trust, but have it otherwise enabled by default. Firefox says:

We first added Private Browsing to Firefox to give you control over your privacy locally by not saving your browser history and cookies when you close a private window. However, when you browse the Web, you can unknowingly share information about yourself with third parties that are separate from the site you’re actually visiting, even in Private Browsing mode on any browser. Until today.

Private Browsing with Tracking Protection in Firefox for Windows, Mac, Android and Linux actively blocks content like ads, analytics trackers and social share buttons that may record your behavior without your knowledge across sites.

Let's make Private Browsing Mode better: Every single link to non-trusted websites should open, by default, in a Private/Incognito window. C'mon, browser makers, get this done.

Copyright © 2016 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022