Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How private is private browsing


  • Please log in to reply
28 replies to this topic

#1 rp88

rp88

  • Members
  • 3,022 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:15 PM

Posted 01 February 2015 - 09:09 PM

I understand that private browsing is not a means for total anonymity online, that the websites you visit, your ISP or anyone between you and the site (from someone running a wi-fi point you are connecting through to someone running one of the major links within the structure of the internet) can see where you have been, but what about those with physical access to your computer.

Imagine the following scenario: a hacker has physical access, the best forensic tools and as much time as he wants to pick deep into the operating system of a computer, he has the best technology for recovering deleted data but cannot in any way get information from your ISP or other people/organisations which were between you and the sites you visited. Can this hacker find out where you have been?

Lets assume he didn't put a keylogger or any other form of malware onto the computer while you were using it, the first time he ever knew of your existence was the day he got hold of your machine and began his attempts to find what you had been doing in the days, weeks months and years before he gained physical access to the machine.

Let's assume he can bypass the windows password and immediately get full admin rights on the computer, and that he is not restricted in any way by any security feature on the machine. He has full control and abilities, but the data he wants to find was stuff done when the browser (be it FF, chrome or even IE) was in private mode.

Do browsers in private mode leave any traces at all on YOUR system, ignoring the many traces they certainly leave on the machines between yours and the site you are visiting.

Lets consider that the secret browsing was done just by opening a "private mode" window within firefox, chrome or internet explorer and that although flash and all other plugins were disabled the system and browser were otherwise running in their utterly normal states.

Does private browsing leave enough fragments from this that the hacker could then find them by using data recovery methods on the machine? Or does it truly leave no traces on THE machine which is doing it? Are there things cached from time spent private browsing, deleted at the end of the session but not overwritten on the disc? Does windows itself store some sort of log of every page visited even if a browser other than IE was used to visit them? Do searches made when privately browsing get written into some sort of database on YOUR computer, this isn't concerning snooping by ISPs, just snooping by someone with your machine in their hands? Would things that might have been stored while you were private browsing and then erased, but not erased securely, remain readable on the disc days more browsing (both normal and private) later, what about weeks or years?

I would be interested to know how much security private browing offers against someone, of unlimited skill with virtually unlimited time, with physical access to your machine and anything they can discover on it. But so as not to start a discussion about things already well-known i will ignore the presence of private data being stored on OTHER (ISP's, websites, advertising agencies, search engines) people's computrs and servers.
Thanks

Edited by rp88, 01 February 2015 - 09:09 PM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

BC AdBot (Login to Remove)

 


#2 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 35,330 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:03:15 PM

Posted 01 February 2015 - 10:35 PM

You said: "I would be interested to know how much security private browing offers against someone, of unlimited skill with virtually unlimited time, with physical access to your machine and anything they can discover on it."

Answer: Zero

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+

#3 rp88

rp88
  • Topic Starter

  • Members
  • 3,022 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:15 PM

Posted 02 February 2015 - 09:05 AM

Please explain the details of this, how can they see what you did in private mode (without contacting your ISP or some of the websites you visited)?

What if the user uses something like CCleaner to "wipe free space" on their C:\ drive?

Edited by rp88, 02 February 2015 - 09:50 AM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:15 PM

Posted 02 February 2015 - 09:54 AM

Please explain the details of this, how can they see what you did in private mode (without contacting your ISP or some of the websites you visited)?

What if the user uses something like CCleaner to "wipe free space" on their C:\ drive?


There's a domain in Computing called "data forensics", which basically allows you to recover data on pretty much every storage device using a combinaison of manual manipulation of that storage device hardware component and also software recovery. Wiping the free space on a drive would be pretty much useless against that. But it depends of what type of "pass" is used on it as well.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 35,330 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:03:15 PM

Posted 02 February 2015 - 12:58 PM

Unlimited time and unlimited skill with physical access to the machine. To me that says it all, with the abilities of forensics today.

I'm of the mindset, if a human can create it. With enough time and resources another human can find what they seek.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+

#6 rp88

rp88
  • Topic Starter

  • Members
  • 3,022 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:15 PM

Posted 02 February 2015 - 02:06 PM

Do you mean that no type of deletion of data, inclduing those where it is overwritten, is truly proof against a determined enough snooper? If one uses private browsing, then clears history (even though doing so shouldn't be needed) from within the browser, then runs CCleaner to remove temp files and cache files, then uses CCleaner to "wipe free space", then restarts a few times to gwet anything out of the RAM, then continues to use the computer for more browsing (both private and normal modes) for several days, then clears histroy and temp files again how could any trace survive on the computer in question (although there are obviosuly surviving traces on the websites you went to, your ISP and on major links within the internet)? where could it be lurking?
Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#7 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:15 PM

Posted 02 February 2015 - 02:22 PM

What you are asking right now is highly improbable to happen. These are extreme situations with a lot of variables to take into account. I honestly doubt that someone could answer you precisely on that except if we have a certified data forensics expert on BleepingComputer.

Edited by Aura., 02 February 2015 - 02:23 PM.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#8 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:15 AM

Posted 02 February 2015 - 02:33 PM

Private browsing offers no security. Your machine runs the same risk of getting compromised with or without private browsing.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#9 rp88

rp88
  • Topic Starter

  • Members
  • 3,022 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:15 PM

Posted 02 February 2015 - 04:24 PM

"compromised"? this isn't about viruses and infections or about how the hacker might first get his fingers onto the computer, this is about traces of history left on the hard drive or saved into other components of a user's machine. In the case of someone skilled and determined searching across the computer(but not spying on the user while they use it and not looking at ISP or website records) in any way they can what sort of things would be left over from a session of private browsing, if it gives no advantage here when compared to regular browsing why is it such a common feature in browsers?
Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#10 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:15 AM

Posted 02 February 2015 - 04:33 PM

"compromised"? this isn't about viruses and infections or about how the hacker might first get his fingers onto the computer, this is about traces of history left on the hard drive or saved into other components of a user's machine.

 

That's not security. That's privacy.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#11 rp88

rp88
  • Topic Starter

  • Members
  • 3,022 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:15 PM

Posted 02 February 2015 - 04:37 PM

Yes, sorry. Should someone move this to another section of the forum then? I always thought security and privacy were closely linked even though they are separate things and that discussions about the one often contain elements of the other.
Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#12 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:15 AM

Posted 02 February 2015 - 04:47 PM

Private browsing gives you privacy from someone who inspects your computer but has no forensics skills or tools.
 
Here is an example of a trivial forensic analysis:
start cmd.exe and issue this command:
ipconfig /displaydns | findstr example.com
 
Start a private browsing session and go to www.example.com
Close the browser
 
issue the same ipconfig command again:
now you will find www.example.com in your DNS cache.

Edited by Didier Stevens, 03 February 2015 - 09:40 AM.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#13 rp88

rp88
  • Topic Starter

  • Members
  • 3,022 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:15 PM

Posted 03 February 2015 - 09:26 AM

Just did that, my heck i never knew i was making connections to some of the sites being listed, must be content on pages sourcing itself from elsewhere(ns2.google.com , www.digitalartsonline.co.uk , blog.didierstevens.com(that must be something loading within your signature)) . But i couldn't use the findstr thing to specify because i can't seem to use the vertical line symbol, the closest i can get is a vertical line broken into two vertically by holding "alt gr" and pressing the key to the left of the 1 and exclamantion mar key. But wouldn't this be cleared out either after prolonged usage after the private browsing, or by flushing the dns using something like minitoolbox?


thanks

Edited by rp88, 03 February 2015 - 09:30 AM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#14 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:15 AM

Posted 03 February 2015 - 01:11 PM

You can copy/paste the command (with the | character) in your command line prompt.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#15 rp88

rp88
  • Topic Starter

  • Members
  • 3,022 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:10:15 PM

Posted 03 February 2015 - 03:39 PM

Oh, yes, thanks.
So I'm guessing this data can be erased by using minitoolbox to "flushdns", what other hiding places are there on a machine for records of the pages it visited?

Edited by rp88, 03 February 2015 - 03:39 PM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users