This article takes a brief look at what private browsing actually means with popular browsers and software, and how genuinely private browsing could be achieved.
Why Browse Privately?
Over 80 percent of websites use one or more tracking tools (Epic) and reasons for private browsing may be to avoid having your browsing history recorded, perhaps being on a shared or public computer (to avoid being tracked by your browser), or to avoid downloading cookies (to avoid being tracked by websites), or to be able to sign into multiple accounts simultaneously.
Tracking
The different ways that you can be tracked include:
– IP address. This string of numbers, set by the ISP, is a way for each computer using the Internet Protocol to communicate over a network. The IP address is necessary for accessing the Internet so that web servers know where to send the information that’s being requested.
– Cookies. These are text files loaded into a folder on the user’s web browser by the sites they visit. Cookies record details such as users’ preferences, and the last time they visited the website. Session cookies are used when a person is actively navigating a website but tracking cookies can be used to create long-term records of multiple visits to the same site. From the user point of view, cookies can serve a useful purpose (e.g. for logins) or can be used for targeted advertising. Google recently announced an end to its third-party (tracking) cookies within 2 years for its Chrome browser following similar, earlier announcements by Safari (Apple), Mozilla’s Firefox (Mozilla) and Brave.
– Signed-in accounts. The accounts a user is signed-in to (e.g. Google or Facebook) can also track what a user has viewed, liked and more.
– Agent strings. When a user sends a request to a webserver to view a website, the request comes with information about the user attached to the User-Agent HTTP header. This ‘agent string’ contains information such as the browser (type and version) and operating system being used.
Browsers – Private Browsing / Incognito Mode
Different browsers have different names for private browsing mode, e.g. InPrivate browsing (Edge), ‘Private’ for Firefox (Mozilla) and Safari, and Incognito for Google Chrome.
Switching to this browser mode loads a news private window. This means that the new window is not signed to any accounts so can’t be tracked by them, cookies are not used, and any browsing is not added to the browser history. In this mode, however, the user’s IP address can still be tracked.
Do Not Track
‘Do Not Track’ (DNT) is a web browser setting that requests/asks that a web application to disable its tracking of an individual user. For example, switching the ‘do no’ track’ setting sends a signal to websites, analytics companies, ad networks, plug-in providers, and other services a user encounters while browsing. However, due to a lack of consensus (or enforcement) most sites still track users despite the request not to.
Extensions For Browsers
Another option for users to try and maintain private browsing is to use an additional private browsing extension/add-on. Examples include:
– Privacy Badger. This is a free extension that gradually learns to block invisible trackers.
– Ghostery. This is a free, open-source privacy and security-related browser extension and mobile browser app that blocks ads and stops trackers.
– Cookie AutoDelete. This is an extension for erasing cookies for a browser tab when it closes.
– HTTPS Everywhere. This free, open-source browser extension automatically switches thousands of sites from “http” to secure “https” thereby protecting the user from many different types of tracking/surveillance and account hijacking.
Whole Private Browsers/Search Engines
Users can opt for a whole browser that’s designed to be private, anonymous and to guard against tracking. Popular examples include:
– DuckDuckGo. This search engine, which is also available as a Chrome extension, doesn’t save the user’s browser history, forces sites to use encrypted connections, blocks cookies and trackers, and stops a user’s searches being sold to third parties for profiling and advertising.
– Epic Privacy Browser. This is a secure web browser that blocks ads, trackers, fingerprinting, crypto mining, ultrasound, signalling, and offers free VPN (servers in 8 countries).
– Tor. This browser uses a distributed network (randomly selected nodes) to anonymise the user’s IP address. Tor also encrypts traffic. This makes it incredibly difficult for a user’s web traffic to be traced and very difficult for users to be tracked unless they reveal their IP address by enabling some browser plugins, downloading torrents, or opening documents downloaded using Tor.
– Brave. This is a free, open-source web browser, based on Chromium that blocks ads and trackers and allows users to use a Tor in a tab to hide history, and mask location from the sites a user visits by routing a user’s browsing through several servers before it reaches its destination.
VPNs
Many users now opt for a virtual private network (VPN) to allow them to make a secure connection to another network over the Internet, encrypt traffic, and hide their IP address. Since a VPN routes a user’s internet through another computer, where many other users of the VPN are using the same IP address, tracking is made very difficult. VPNs, however, don’t protect a user from being tracked, from cookies, from user-agent strings, or through the accounts they’re logged in to (e.g. Google), or from any VPN’s that keep logs of user activity and could sell those logs to third parties. Also, some services discourage the use of a certain VPN, and VPNs can slow down the user’s Internet connection dues to the re-routing and encrypting through the VPN server.
What Does This Mean For Your Business?
What this all means depends upon what level of privacy, for what purpose, and when users require it. For most daily use, Private/Incognito browsing functions provide a fast way to access a reasonable amount of protection from normal tracking. Additional extensions /add-ons may add a convenient route to greater privacy. For times when users may feel that more security is needed, they may decide to opt for a VPN or for a more complete private browsing solution such as the Tor browser. It may also be the case that some business users, as a matter of preference and security, may choose to only use the private services (e.g. DuckDuckGo, Brave, or Tor), thereby always working with a privacy level that they feel comfortable with. For many businesses, it’s more likely to be a case of a combination of privacy solutions used as and when required in a way that is compatible with daily working practices, authorised, approved, and recommended by the company and other relevant stakeholders. With popular browsers now stopping tracking cookies and news that the next Apple iPhone software update, iOS 14.5 will include an AppTrackingTransparency requirement where whereby all apps will need to request permission to track a user’s activities across other companies’ apps, pressure is now mounting on advertisers to come up with other ways to track and target users and maintain revenue streams.
