InfoSecurity: How ‘incognito mode’ does not hide your Internet browsing history

*Experts say it is common knowledge that neither of the private modes browser vendors offer is meant to guarantee privacy from Internet service providers or Web site tracking

Isola Moses | ConsumerConnect

Most consumers have all been there: when using a foreign device, we don’t want to leave traces on or journeying into darker parts of the Net.

Whatever the reason, ‘private browsing’ is there to keep us safe in the cyberspace. Or is it?

CyberNews research showed that your browsing history is as safe from cyberattackers as the Web sites you visit make it to be.

If you are like 90 percent of humanity, you likely use one of the five most popular Web browsers available.

All equipped with the infamous ‘private’ or ‘incognito’ modes. To escort the elephant out of the room, we’re not trying to debunk a myth on perceived privacy various browsers claim to guarantee.

However, the report noted that it is common knowledge that neither of the private modes browser vendors offer is meant to guarantee privacy from internet service providers (ISPs) or website tracking.

Whether ‘private mode’ is on or not, it’s still possible to identify users via IP addresses and user accounts, the report stated.

It also said that ‘incognito’ should, in theory, allow history-free browsing, which means that whatever you’re doing in an Internet café or a device you don’t own, there should be no traces of where you were going. At least in theory.

According to the report, the researchers attempted to find out whether any of that is true by skipping past the browsers and look where it actually matters – Web sites.

Time to live

As it usually is with privacy and the Web, the experts uncovered that no matter what browser or privacy mode a person uses, at least for a short time browsing history is saved on the local machine.

The team of researchers was also reported to have found out that browsing history is saved onto the device for a period ranging from 1 second to 24 hours, depending on the Web site. That’s terrible news if there’s someone keen on learning what browsing habits a user wants to hide.

Whichever browser a person employed is entirely irrelevant. The history is saved in the DNS cache format, and the domain owner controls the time for which the record is kept through the time-to-live (TTL) property of a DNS entry, said the report.

TTL is a vital tool used to reduce workload for authoritative name servers. This, they stated, means that the TTL value cannot be set at zero since that might be a heavy burden for an authoritative name server.

However, if the domain owner of a Web site you does not want to admit using is old-fashioned, your browsing history might stay on the computer for hours, laying there, waiting for someone to exploit it.

Seconds matter

While it was a lot more common for the TTL setting to stand at 24 hours in the past, our research shows that more and more Web sites change ‘hours’ to ‘seconds,’ meaning your browsing history is gone faster than it takes Jared Leto to go to Mars.

Nevertheless, threat actors can still use local DNS cache as a stream of data to aggregate an extensive list of websites a user is visiting.

If the computer is compromised with malware built to ask for DNS cache every 10 seconds, a threat actor can interpret it as a data stream and export it elsewhere.

This stream can be stored for each compromised computer separately in a device-specific text file for an indefinite period of time.

An attacker, for example, could track a victim’s browsing history without an active keylogger even if a victim is surfing the web in ‘private’ mode.

That means that someone willing to eavesdrop can have a way to determine what sites a target has been visiting and to what IP addresses the domains resolve to. With a bit of technical know-how, a threat actor could determine even specific visit times.

If you’re using a computer you do not own, be it in a library, Internet café, or an educational institution, ‘private’ or ‘incognito’ modes do not guarantee that you leave no traces of Web sites you have visited.

What to do

First and foremost, researchers recommend that domain-owners should be aware of the risks that their reliance on TTL creates, and to minimise these risks, the TTL setting should be as low as possible.

Browsing experience, of course, is essential, but security risks should always be kept to a minimum, especially if that’s as easy to guarantee as with changing a single setting.

Second, it is possible to reduce the online footprint left on the device. Computers running on Windows OS allow you to check local DNS cache with a PowerShell command ‘Get-DNSClientCache.’

The history can be cleared manually with a PowerShell command’ Clear-DnsClientCache.’

Another way to buff your online security is by considering using a VPN service. You might want to try NordVPN or Surfshark.

If you are considering ‘vaccinating’ your computer, we have recommendations for the best antivirus protection.

Kindly Share This Story