Surfing in "Private/Incognito" Mode increases security?

Private browsing modes like Firefox's Private Browsing and Chrome's Incognito mode both disable the cache functions of the browser so that data are not written to the cache while browsing.

Considering that the Cache is where Malware and Spyware often land when surfing the web, it seems to me that not allowing data to even write to the cache would increase one's security/privacy. The malware never lands on the harddrive.

Does anyone know of any articles that speak to this topic? Do you run your browser in Private/Incognito mode by default for this reason?

 

That's not how it works. Downloaded files are saved into your selected directory. Opened files are executed from the temporary folder. In both cases, a cache copy will be made.

Even if what you said is true, an executed file can do much damage to your system, which includes creating multiple copies of itself.

It only increases privacy, which is an aspect of security.

 

I used to use IE's InPrivate Browsing, but I heard that it was just a sham.

Also, don't forget dem index.dat files.

 

So even if malware can't land in cache, it can still perform whatever function it intended to do? It just performs it in RAM or you guys are saying it will land somewhere else on the drive, basically making Private Browsing provide no security advantage whatsoever?

 

Prinvate browsing functionality in all browsers essentially lowered the standard - it is less private than using TOR.

-- Tom

 

what do you mean by lowered the standard?
is it better not to use private/incognito browsing at all?

 

Yes. It provides no security advantage.

 

Hi Konata,

Private/Incognito mode in browsers is a far cry from providing some measure of actual privacy such as the limited level TOR provides. Think of it like marketing hype. Ask yourself the question - does it at least provide a proxy IP address. Probably not. TOR, however, uses encryption to/from all of the TOR network nodes, except for the exit node which must be unencrypted to communicate the http request to the requested web site.

Either use TAILS which hooks into TOR or pay for a service that can provide you the privacy (incognito mode)/security you are looking for such as Xerobank.com. There are other services like Crytohippie, etc. or some trustable VPN services.

I am not saying it is better not to use private/incognito browsing at all, just that you need to understand what you are actually getting vs. what they are pitching at you to make you believe you are getting something (that falls far short of actually providing you of what you are seeking). Cavet Emptor (buyer beware). You should read about the topic "browser fingerprinting" at Wilders and ask yourself if with privacy/incognito mode in your browser does that mode prevent your browser from being fingerprinted - ask the developers of your browser to find out if they have even considered that issue. Get the facts.

Note: privacy and security are two different things. In general, privacy does not increase security. For example, if you want your email to be secure, don't send email in plain text, secure it via some form of encryption like PGP w/private and public keys. Another example, is that when using Firefox 3.6 use it with the Stealther plugin activated with TOR.

-- Tom

 

The only privacy claims the browser makers make about their Private/Incognito modes is that it will prevent History, Cache, Cookies, etc from being stored on the computer past your browsing session. I've never come across a claim that it anonymizes your traffic or prevents browser fingerprinting. The feature is intended and marketed only as a way to prevent debris from accumulating on your computer. Mostly intended for one computer being used by multiple users.

 

Yes, but you can do that on your own by going into Internet Options and ticking "Delete browsing history on exit" and clicking the "Delete" button and then tick the various items that you want deleted on exit. And also by only allowing First-party Cookies and always blocking Third-party Cookies.

However, now that I am using this 30 day trail of Emsisoft Anti-Malware, you ought to see the malware that EAM detects and blocks from the websites that you visit....even when you are in InPrivate mode.

 

Improving Private Browsing Modes: "Do-Not-Track" vs Real Privacy by Design.

-- Tom