ARN

Privacy feature in IE8 leaks private data

Information concealed by the InPrivateBrowsing feature of Microsoft's Internet Explorer 8 can easily be recovered by forensic experts, a Dutch website has found

A privacy feature built into the second beta version of Microsoft's Internet Explorer 8 browser aren't as private as advertised.

The InPrivate Browsing feature in Microsoft's latest browser is designed to delete a user's browsing history and other personal data that is gathered and stored during regular browsing sessions. The feature is commonly referred to as 'porn mode' for its ability to hide which websites have been visited from nosy spouses or employers.

Forensic experts however found it trivial to retrieve the history, according to a test by Webwereld, an IDG affiliate in the Netherlands, and Fox IT, a Dutch firm specializing in IT security and forensic research.

"The privacy option in this beta is mainly cosmetic. For a forensic investigator, retrieving the browsing history should be regarded as peanuts," said Christian Prickaerts, forensic IT expert with Fox IT.

To prevent login details, online orders and other sensitive information from leaking out, the privacy feature prevents Internet Explorer 8 beta 2 from storing any cookies. The browser furthermore refrains from storing the browsing history in the Windows registry.

But researchers were able to retrieve data displaying general information about the browser's behavior. Although URLs (Uniform Resource Locators) aren't stored, Prickaerts was still able to restore the browsing history. "The remaining records in the history file still enable me to deduce which websites have been visited," said Prickaerts.

Even more data is stored in the browser's cache, a feature designed to speed up performance of websites by storing a copy of recently accessed information on a user's hard disk. InPrivate Browsing failed to disable this feature. Users seeking a higher level of privacy could manually delete the cache, but it can later easily be retrieved through commonly available forensic tools.

The shortcomings in InPrivate Browsing put the level of privacy protection in Internet Explorer 8 on a par with Firefox 2 and 3. The open source browser allows users to delete all private data, but does that by merely deleting files. Those too can easily be retrieved. Developers have crafted plugins for Firefox which mitigate the risk of information leaks.

Microsoft's main goal with InPrivate Browsing is to prevent other users of the same computer to gain access to the browsing history, the company said in an e-mail response. The feature isn't designed to protect a user's privacy from security experts and forensic researchers, the company said.

Nominations for the 2012 ARN IT Industry Awards open on Tuesday, June 12.

More about: Microsoft, Speed

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the ARN comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Whitepapers
Latest Stories
Community Comments
ARN Directory | Distributors relevant to this article
ASI Solutions , Bluechip Infotech , Compucon Computers , Dicker Data , Express Data , Express Online , ICT Distribution , Impact Systems Technology , Leader Computers , NewLease , Synnex Australia , Topstar Computer International , XiT Distribution , Xpress I.T.
rhs_login_lockGet exclusive access to ARN's news, research and invitation only events.
ARN Distributor Directory
Find distributors by name | vendor | location
Channel Deals
/deals/avg/2011-02-25_368_avg-wants-you
AVG (AU/NZ) Pty Ltd

AVG Wants You!

More details »
ARN Vendor Directory
Find vendors by name | category

iAsset is a channel management ecosystem that automates all major aspects of the entire sales,marketing and service process, including data tracking, integrated learning, knowledge management and product lifecycle management.