On-Prem

Personal Tech

Oh dear... Netizens think 'private' browsing really means totally private

The only thing 'private' was the parts you were leering at, friend


Netizens have the wrong idea about what their web browser's "private" or "incognito" mode actually does.

This is according to researchers at the University of Chicago, in the US, and Leibniz University Hannover, in Germany, who this week declared that folks mistakenly believe that by enabling the incognito browsing mode, they are fully shielded from online tracking and malware.

It's a little like some Tesla owners thinking Autopilot is, judging by the name, fully autonomous driving, rather than super-cruise-control.

The uni study [PDF] showed 460 volunteers a fictional browser called Onyx that used one of 13 different private browsing modes taken from actual browsers, such as Chrome, Firefox, Edge, or Brave. Participants were shown the private browsing windows along with hypothetical scenarios, and asked whether they thought their data would be kept private in this private mode.

As it turns out, a lot of people had the wrong idea about what is and isn't saved. The study found that 56.3 per cent of participants thought that logging into a Google account in private mode would prevent searches from being saved to the account's history, and 46.5 per cent thought that bookmarks saved in private mode would not show up under standard mode. 40.2 per cent mistakenly believed that private mode would prevent a website from tracking their location.

Private browsing isn't: Boffins say smut-mode can't hide your tracks

READ MORE

It gets worse: 27.1 per cent of users believed private mode offered them better protection against malware, and 25.2 per cent said they believed that setting the browser to private mode would obscure their public IP address.

"We found that browsers’ disclosures fail to correct the majority of the misconceptions we tested," the researchers wrote. "These misconceptions included beliefs that private browsing mode would prevent geolocation, advertisements, viruses, and tracking by both the websites visited and the network provider."

While ignorance plays a major part in the problem, the uni brainiacs said that developers aren't helping matters much when they refer to their incognito browsing modes as being a "private" setup that would guard users from tracking or data collection.

"The term 'private' is heavily overloaded, and our results suggest the name 'private mode' implies unintended meanings," the researchers concluded.

"When disclosures claim users can 'browse privately' (Chrome), users may refer back to their broader conceptualization of privacy."

Rather, the eggheads said, browser makers should be more clear on just what their incognito browsing modes do and, more importantly, don't do to cover up users' tracks. ®

Hints'n'tips

If you really want to hide your public IP address, and geo-IP location, try using Tor, or VPN to your own throwaway box using Algo or Outline. If you use a VPN, you'll still be identifiable from your VPN server's public IP address, but you get the added bonus of encrypting all traffic between yourself and the VPN instance. To avoid malware, try using Google's Safe Browsing or Microsoft's Windows Defender Browser Protection. Consider installing an ad-blocker, such as uBlock Origin, to stop malicious scripts, thwart trackers, and prevent bad adverts from loading – but please whitelist ad-supported sites you enjoy reading, such as The Register.

If you have any recommendations, post away in the comments.

Send us news
95 Comments

Microsoft calls AI privacy complaint 'doomsday hyperbole'

Plaintiffs seek termination of permissionless and unpaid AI data harvesting

Google gooses Safe Browsing with real-time protection that doesn't leak to ad giant

Rare occasion when you do want Big Tech to make a hash of it

No App Store needed: Apple caves, will allow sideloading in EU

Think this'll help you escape the fees? Nope – Apple still wants a cut for letting devs install things on user devices

We talk to W3C board vice-chair Robin Berjon about the InterPlanetary File System

The decentralized web is alive and well despite Web3 financial scheming

Airbnb warns hosts who use indoor security cameras they may face eviction

No more creepy snooping? Be my guest

Congress votes unanimously to ban brokers selling American data to enemies

At least we can all agree on something

US and Europe try to tame surveillance capitalism

Trade watchdog argues that browsing and location data are sensitive and deserve to be defended

Chrome users – get an alert when extensions are in danger of falling into wrong hands

Under New Management is an early-warning system for potential poisoning of add-ons with malware

IP address X-posure now a feature on Musk's social media thing

Just a little FYI

IAB Europe's ad consent popups pose privacy problem

Court of Justice of the European Union says consent identifers are personal info, subject to GDPR

Grab shrank its superapp by a quarter in order to survive

Large APKs and disk footprints spell doom in a developing market

Turns out cops are super interested in subpoenaing suspects' push notifications

Those little popups may reveal location, device details, IP address, and more