Researchers at Stanford University’s Science Security Lab compared the anonymity and security of private browsing modes in Microsoft Internet Explorer, Mozilla Firefox, Google Chrome and Apple Safari.
They concluded that, “current private browsing implementations provide privacy against some local and web attackers but can be defeated by determined attackers.”
The private mode is designed to prevent the browser from retaining browsing tracking data.
Private browsing can include visited-site history, cookies, search history, download history, web form data, and temporary files and is colloquially known as "porn mode" because — as the researchers determined scientifically for the first time what many have long suspected — people most often use private browsing to visit pornographic sites.
Despite its most common use, though, the implementation of private browsing has not yet been standardized and can vary from browser to browser, according to CNET.com.
The report also concluded that th risk of add-ons writing to the hard drive or retaining browsing tracks from private browsing sessions varies depending on the add-on.
In Firefox, for example, 16 of the top 32 JavaScript-only extensions allowed writing to the disk that a hacker could then later uncover.
In Chrome, the study determined that 71 of the top 100 extensions use the "localstorage" API, implying that they might pose a risk to Incognito (Google's name for its private browsing feature).
"Incognito mode helps you limit the information that is saved on your computer when you browse. It does not remove all records, as we make clear in our Help Center and whenever a user open a new Incognito mode window," a Google representative said.
Google does allow for users to select extensions to run in Incognito individually.
The researchers determined that an add-on designed to disable extensions automatically in private mode could mitigate the risks posed by add-ons that write to the disk during private browsing, although they stated that "we need to restart Firefox to make sure that appropriate extensions are completely enabled or disabled."
The Adobe Flash plugin used to pose a tracking risk, but it has since been updated, "to be consistent with the browser's privacy mode," the researchers said.
