What’s In a Name? How Web Browsers Are Contributing to Privacy Confusion

by Patricia McGinnis 0

Co-authored by Michael Misasi.Recent media coverage of high profilebreaches of consumer data has heightened consumer awareness of therisks of online activity. Firefox, Safari, and Internet Explorerhave all been (or will be very soon) extended with “Do Not Track”capabilities. Google meanwhile, has just released “Me on the Web”an online reputation monitoring tool for Chrome, which enablesusers to track the appearance of their name, e-mail address, andother personal information on the Internet.

Many consumers don’t know how concerned they should be about theirprivacy because they still don’t know their potential level ofexposure. Web browsers that tout enhanced privacy features are onlyadding to the confusion.

The most popular Internet browsers -Firefox, Safari, InternetExplorer, and Chrome – all offer a “private browsing” feature. Thename itself is the problem; the public’s understanding of “privatebrowsing” is likely to differ from what these features actuallyaccomplish (if anything). In common usage, the word “private” isused to designate things that are personal, safe, confidential, orsecretive; all things decidedly not public. When the term iscombined with “browsing” and applied to the context of onlineactivity, consumers understandably assume that the phrase impliesthat what they do online will not be tracked and recorded.

MM62811Evenmore misleading is Google’s name for Chrome’private browsingfeature – Incognito Mode. The service’s logo even carries with it acatch phrase that tells users, “You’ve gone incognito,” implying atracker’s inability to identify them.

As implemented in these tools however, “private browsing” does notadd any additional level of privacy to Internet activity. What thefeature does aim to accomplish is an increase in privacy withrespect to the local environment. Users might want to leveragethese tools if browsing on a PC in the public library, or if usinga PC at home that is shared with other users. Yes, they all explainthat in the fine print; Mozilla explains the feature as they offerit:

“Private Browsing allows you to browsethe Internet without saving any information about which sites andpages you’ve visited.”1

To clarify, the user is the only onenot saving any information. All the other tools add a disclaimersimilar to Mozilla’s:

“Private Browsing does not make youanonymous on the Internet. Your internet service provider,employer, or the sites themselves can still track the pages youvisit.”

What’s worse is that while there arenuances in how the feature works in each of the browsers, all ofthem leave trace data that is not cleared when the user disablesprivate browsing. Researchers at Stanford published “An Analysis ofPrivate Browsing in Modern Browsers” in 2010 (see link below),concluding, “The most severe violations enable a local attacker tocompletely defeat the benefits of private mode.”

The way major browsers have named their privacy features conveys afalse impression of online anonymity and sets up users for a shockwhen they realize the disconnect between what they expect and whatthey get from these tools. Consumers are confused enough, and”private browsing” isn’t helping!

Click here to read the Stanford research: http://crypto.stanford.edu/~dabo/pubs/papers/privatebrowsing.pdf