The Limitations of Private Browsing

While private and “incognito” modes can reduce your digital footprint online to an extent, there are still ways in which your activity can be tracked by malicious third-parties such as people on your network, the internet service provider, government agencies, and cyber criminals.

NOTE: Private Browsing mode is also known as Incognito Mode in Google Chrome and InPrivate Browsing in Microsoft Edge.

So, What Is Private Browsing?

Web browsers generally store data about your searches and online activity to make it easier for you to revisit websites. Browsers can store web-based content like usernames and passwords to speed up the log-in process or information about your location and preferences (favorite pages or certain features). This can be helpful in the short-term, but you likely don’t want this information shared with other users.

Private browsing first appeared in Apple’s Safari 4.4 browser back in 2005. It didn’t take long for other players like Google and Mozilla to release the feature. Soon, it became a standard component for any modern web browser.

Basically, private browsing creates a separate browsing session that’s isolated from the main one. Any websites you visit within that tab aren’t recorded in your device’s history. So, if you log in to a website in private mode, the cookies aren’t saved when you close the window.

Another consequence is that private browsing tabs can’t access cookies you use in the main session. For instance, if you log in to LinkedIn, and then enter incognito mode, you’ll have to re-enter your credentials. This also allows you to easily access multiple accounts at the same time and will make it more difficult for third-party sites to track your activity while in incognito mode.

Besides, using private or incognito mode, it becomes easier to further check some “soft paywalls” websites such as The New York Times, where you’re granted access to a few pages before being prompted to either log in or subscribe.

NOTE: When private browsing mode was first introduced, websites could avoid this limitation by storing cookies using the Adobe Flash browser plug-in, but now Flash supports private browsing and won’t store data when private-browsing mode is enabled.

The Incognito Mode

Your private browsing mode only blocks your own device from getting information about your web session. Browsers that offer private (or incognito) mode usually warn users it isn’t an efficient security method.

Incognito mode doesn’t stop network administrators from keeping an eye on your activity. It also doesn’t prevent a third party from spying on your browsing habits if you’re using a public hotspot in a restaurant.

So, private browsing is a matter of how browsing activity data is stored on the user’s personal device, and not about its transmission across a network.

Google and Mozilla are completely upfront about this in their browsers. “Going incognito doesn’t hide your browsing from your employer, your Internet service provider or the websites that you visit,” Chrome users are warned each time they open a new incognito window. Microsoft Edge also informs its users about “InPrivate” browsing limitations.

Furthermore, there are several ways to defeat private browsing at local level. If your device is infected with malware that tracks network traffic and DNS requests, incognito mode cannot help you. It also can’t protect the user from “fingerprinting”, in which third parties (usually advertising companies) try to determine unique features of your computer to track its activity across a network.

Unfortunately, fingerprinting attracts less attention than malware, despite its ability to identify individuals with remarkable accuracy. As you browse the internet, third-party sites can squeeze information about your device, your display resolution, the browser, plugins, language, time zone, and so on. Any piece of information might be insignificant by itself, but together, it may be used to create your computer’s profile putting yourself and your organization at risk.

Conclusion: In 2020, anonymous browsing is still work in progress. Currently, not even Tor, a browser developed with the sole purpose of anonymizing traffic is not a completely private and secure solution.