Is the private browsing mode secure? Identify Web browser risks

Summary
To prevent websites from collecting user information, browser creators have developed a pattern called "private browsing", which is an optional setting to prevent users from being sent identifiable data, such as cookies. This article analyzes whether the private browsing mode is truly secure and confidential.
In recent years, Web browsing has become less anonymous, largely because a system that tracks users' Web tracking is centered on what we call cookies. Cookies allow the website to record all behaviors of a user. By collecting information about a user's webpage, cookies can be seen as small data miners who send user information to the server.

Cookies can be used to help users, such as recording items in your shopping cart, and help website operators monitor market and network activities. You don't need to be very sensitive to the Internet. You can note that after you visit an online mall, the products you are looking for are displayed on the banners and recommendation links on other web pages.

To prevent websites from collecting user information, browser creators have developed a pattern called "private browsing", which is an optional setting to prevent users from being sent identifiable data, such as cookies. However, there is a gap between this theory and practical application. Many users have the following question: Is this private browser truly private?

Is private browsing truly private?

In theory, private browsing allows individuals to access the Internet without storing local information about their activities. This option is intended to keep the user's browsing history confidential for others who share or use the same machine. To achieve this, the browser must disable the creation or removal of history items, cookies files, and cache items.

The browser calls it "stealth mode" or "stealth mode". It creates an image dressed in a windbreaker And a smart spyware for private browsing. Excluding hype, private browsing is very effective and beneficial for sharing computers with others or using public computers. By prohibiting Viewing History and searching content and passwords used in a session, the private browsing mode can prevent later machine users from seeing possible sensitive information.

Words such as "private", "invisible", and "invisible" are misleading and give users a wrong security awareness. Although private browsing can delete cookies and browsing history from the accessed sites, information remains in the hidden cache, which is a temporary storage space for storing frequently used data. Similarly, data will remain in DNS logs, plug-ins, and Flash cookies. The above issues cannot be solved during private browsing. Perhaps even more disturbing is that browsers do not protect users from being tracked in private and non-private sessions because they fail to isolate the two. Most browsers have plug-ins that have their own tracking systems. Therefore, even if the browser does not disclose cookies, it does not mean that the browser plug-in does not. In addition, if the browser does not disable browser extension (computer programs used to expand the browser function, such as automatically translating all pages into a specific language), when switching back to non-private browsing mode, private browsing information is exposed.

Enabling the private browsing mode does not guarantee that data is not stolen. A user can direct a Security site to a malicious site without any warning. Once this happens, a script is loaded to the machine during browser session, whether or not it is saved in the cookies file, which allows attackers to obtain user personal data. If the script runs when a user logs on to a trusted site, the hacker can obtain the logon credential and other authentication data.

However, many users believe that additional components such as Firefox's no-script plug-in can provide them with additional security. In fact, these additional components can make sessions more vulnerable to threats, this increases browser risks. First, most Firefox plug-ins are unauthenticated or not properly checked by Mozilla. In fact, on its legal statements and restrictions page, Firefox declares that because it does not check all content contained in these plug-ins, it is not responsible for the content or the hazards they may cause. This means that although you are protected, these convenient small security Scripts may collect your data. In addition, because it is open-source, the encoding of many of these additional components may be terrible, which is another potential security risk.

Using these misleading terms, end users believe that they can protect themselves, so they may not pay more attention to it. Although beautifully printed, although sometimes difficult to find, most people do not spend time reading it (TERM ). When used together with some other Web security network browsing measures, such as disabling Java applets, maintaining system patching and using good anti-virus programs, private browsing can provide some security measures, all the above measures should be mandatory security regulations for most enterprises. If implemented in sequence, these measures can be used to support an effective enterprise in-depth defense strategy. However, private browsing cannot replace good security knowledge, or be considered as a security technical guarantee when network security employees access the internet.