Skip Navigation

Private and Incognito Browsing

Today, generally all web browsers have a “private” or “incognito” mode. However, this mode should not give you a false sense of privacy, as the name of the mode is a bit misleading. None of the private browsing modes on any of the mainstream browsers are really private.

Page Contents

Video Lecture


Watch at Internet Archive

Terminology

Each browser maker has its own term for a special browsing mode where history and cookies are restricted. In Mozilla Firefox, this mode is enabled when creating a “Private Window.”1 Google Chrome refers to windows opened in this mode as being “Incognito.”2 Not to be outdone, Microsoft has its own marketing term for this mode in Edge, which they call “InPrivate” browsing.3 Despite the differences in terminology, all three browsers do approximately the same thing in their respective “private” windows.

For consistency and to speak generically, I’m going to refer to this special browsing mode as “private browsing mode” regardless of the browser in question. The key functions of this mode are the same across browsers: history and cookies from the private mode session are not saved to disk whenever the private mode is exited. Only the names differ.

Functions of Private Browsing Mode

The primary purpose of private browsing mode is to suppress the normal storage of browsing history and cookies during the private browsing session. When private browsing mode is enabled, the browser still maintains history for the private session. However, this history is not saved to disk when the private session ends but is instead discarded. Similarly, any cookies that websites set while in a private browsing session are available only for the duration of the session, after which they are discarded. Private browsing mode therefore essentially forces any persistent cookies to become session cookies.

Other browser features may or may not be disabled in private browsing mode, depending on the specific browser. While the disk cache would normally be made non-persistent, the exact mechanism for accomplishing this task could vary by implementation. As such, the degree to which forensically recoverable artifacts are ever saved on the disk may vary between browsers.

One side effect of isolating history and cookies within private mode is that history items that have been stored, and cookies that have been set, prior to entering private mode are not available while the private browsing session is active. Therefore, tracking code that the browser encounters during the private session will not be able to access saved data from prior non-private browsing. If the user has logged into a website during regular (non-private) browsing, the login will not carry over into the private window. Although cookies set prior to entering private mode will not be accessible to the website that set them, sites can still set new cookies that will last for the duration of the private session.

Avoiding Overconfidence

As illustrated poignantly in Figure 1, users tend to be overconfident about the privacy offered to them when using a private browsing window. Researchers have found that users tend to believe that a private browsing mode somehow hides their online activities, although the degree to which the users misunderstand private mode capabilities is somewhat dependent on the message the browser shows when entering this mode.4

telling Mr. Incognito

Figure 1: Users can be overconfident about their privacy when using private or incognito browsing modes.5

Unfortunately for the overconfident users, private browsing mode does not hide their online activities. Their Internet Service Provider (ISP) or employer can still track which sites the users visit. While private browsing mode does isolate history and cookies from regular browsing mode, private browsing does not prevent websites from tracking users during private sessions. All the various tracking techniques, including cookies and browser fingerprinting, still function. It is only the temporal scope of history and cookies that will be affected.

Private Mode Isn’t Private

Despite the marketing names, browsing in a Private/Incognito/InPrivate window really isn’t that private. Since all private mode does is disable local history and cookie storage, it does little to improve true online privacy. While there is an anti-forensic purpose in using this mode to avoid the local storage of forensically-recoverable artifacts, the same effect can be achieved by configuring a browser (especially Firefox) properly in normal mode. Nothing about private browsing mode creates anonymity on the Internet, hides the user’s IP address, or protects the user from threats at the platform or operating environment level (including malware).6

There are a number of ways that data can be exfiltrated from private browsing mode, resulting in forensically recoverable artifacts being left on the user’s computer. Perhaps the easiest way for this type of leak to occur is if the user downloads a file while in private browsing mode. Some websites have configured certain kinds of content (for example, PDF files) to be force-downloaded instead of displayed in the browser. By default, most browsers simply save this downloaded content into the user’s downloads directory, which will be easily viewable by anyone with access to the file explorer (or any forensics tool). Another way that users can inadvertently escape the few protections of private browsing mode is by bookmarking a site while in this mode. Bookmarks are usually global and will persist even when private mode is exited.

In addition to user error, there are other ways that information from private browsing sessions can be saved to the user’s computer. If the user has installed browser extensions that are allowed to run in private windows, these extensions could store data about the user’s activities even if private mode is enabled.7 Research also indicates that mainstream browsers typically have information escape vulnerabilities that permit some data leaks from private mode, even if no extensions are used.8

Remote actors, such as websites and browser companies, might also be able to defeat the few protections afforded by private browsing mode. Although it is certainly possible for a browser’s fingerprint to change when private browsing mode is enabled, there is no guarantee that it will for any given fingerprinting tool. Therefore, a website might be able to associate a user with actions taken on the site, even if previously set tracking cookies are unavailable in private mode. Worse yet, browser telemetry may continue to operate in private mode. Google Chrome still transmits every URL a user visits in an Incognito window back to the company via telemetry – a feature which is the subject of an ongoing class action lawsuit.9

Legitimate Uses for Private Windows

Although private browsing mode might be a bit of a misnomer, it does have some legitimate use cases. For starters, a person’s threat model might simply involve hiding browsing history from an unsophisticated adversary, and browsing in private mode might be sufficient for that purpose. An example of this limited form of privacy would be hiding adult website visits from a younger sibling or a roommate. Without employing forensic tools or looking deep within the file system, a casual computer user is unlikely to discover any evidence of private mode browsing.

Private browsing mode is also quite useful for Web designers and developers. Since a private window is less likely to have its content cached, it can be useful when building a Web page and making small changes to layout, structure, or style. Some browsers will eventually stop refreshing some of the content during the development process, so discarding and re-opening a private window can be more convenient than having to close and restart the whole browser.

Another somewhat related use of private browsing mode is testing websites and accessing the same site as a logged-in user and a logged-out user simultaneously. Since browsers separate the cookies received in private mode from those in normal mode, it is possible to see how the site behaves while simultaneously logged in and logged out in the same browser. This capability can be useful outside a testing and development scope if a (poorly designed) site is easier to navigate as a guest than as a logged-in user. Also, if a person has two accounts on the same site, or if a guest is borrowing the user’s computer, a private browsing window provides a way for two separate logins to one site to happen at the same time.

One other useful task that can be accomplished with private browsing mode is separation of browsing activity and accessing a site with a “clean” browser (in other words, without saved cookies being made available). Some websites show different pricing to different users for the same product or service, and some of this pricing information can be based on tracking history. A clean environment might show a better price. In the case of credit card offers, different welcome bonuses and promotions can be obtained by visiting with different browser environments, and private mode can supply such an environment. It is also possible to isolate activities on two different websites that share the same tracking code by opening one of them in private browsing mode; however, the use of separate browsers is probably a better tactic for this purpose.

References and Further Reading


  1. Firefox Help. “Private Browsing – Use Firefox without saving history.” 

  2. Google Chrome Help. “How private browsing works in Chrome.” 

  3. Microsoft Support. “Browse InPrivate in Microsoft Edge.” 

  4. Yuxi Wu, Panya Gupta, Miranda Wei, Yasemin Acar, Sascha Fahl, and Blase Ur. “Your Secrets are Safe: How Browsers’ Explanations Impact Misconceptions About Private Browsing Mode.” Proceedings of the 2018 World Wide Web Conference (WWW ‘18): 217-226. Lyon, France, April 23-27, 2018. 

  5. Image credit: Skeleton Claw. Used with the author’s permission. 

  6. Firefox Help. “Common Myths about Private Browsing.” 

  7. Gaurav Aggarwal, Elie Bursztein, Collin Jackson, and Dan Boneh. “An analysis of private browsing modes in modern browsers.” Proceedings of the 19th USENIX Conference on Security (USENIX Security ‘10). Washington, DC, August 11-13, 2010. 

  8. Kiavash Satvat, Matthew Forshaw, Feng Hao, and Ehsan Toreini. “On the Privacy of Private Browsing – A Forensic Approach.” Journal of Information Security and Applications 19(1): 88-100. February 2014. 

  9. Malathi Nayak and Joel Rosenblatt. Google Must Face Suit Over Snooping on ‘Incognito’ Browsing. Bloomberg. March 13, 2021. 

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.