One of the latest trends in browser security is a private browsing mode. Browsers leave evidence in many forms of where you've been browsing, such as your history, cache and cookies, and these can be used to compromise your privacy. Private browsing is supposed to clean up all these identity droppings, or even prevent them from being stored altogether. The pioneer in this feature was Apple with Safari; there is also such a mode in Google's Chrome, and private modes will be in the next versions of IE and Firefox. Most browsers also include a poor-man's version of this function that allows the user statically to remove any private data; in Firefox, for example, you can do this by pressing Ctrl-Shift-Del.
Now the security consulting firm iSEC Partners has released a study of private browsing features in popular browsers and other Internet software, specifically Adobe Flash. The results are pretty disappointing. iSEC Partners wrote a tool to test the efficacy of these features and released it with the study.
In fact, all of the existing private browsing modes have some form of data which is not cleared when users enter or leave private browsing modes. Although Chrome cleared the only tested type of data it stored, it was surprising to find that [Google] Gears data was not cleared, since Gears is included in the browser. However, this behavior is consistent across all browsers tested...
Both IE8 and Firefox 3.1 left significant data uncleared, but both of the tested products were beta and neither has yet been released. Let's hope this study will press the browser authors to clear this up before the programs go final… (full Story)
No comments:
Post a Comment