Brave Browser: Ousted Mozilla CEO Is Changing the Web Again
http://freerepublic.com/focus/f-news/3390678/posts
Posted on 02/01/2016 5:43:03 PM PST by zeugma
It's possible that you reached this article purely by chance, or you may have Googled 'how to change the default search engine in Microsoft Edge'. However you got here, the fact that you're reading this indicates that you're either interested in Windows 10's Edge, or actively use it -- and this means there's something you need to know.
If you fall into the latter camp and use Edge's InPrivate mode to cover your online tracks, you might want to think about changing your web browser. Edge has already got some stick for its lack of extension support -- "it's coming, it's coming!" Yeah, whatever... so's Christmas -- but now it turns out that InPrivate mode is a privacy nightmare. It is possible to peak behind the curtain and see which sites have been visited when using a browsing mode that should mask this.
There are similar features found in other browser. Chrome has Incognito mode, Safari has Private Browsing, Firefox has... actually, Firefox has Private Browsing too. Whatever the name, what these browsing modes all have in common is that once the browser is closed, there is no record of which sites have been visited. That's not to say that ISPs and law enforcement agencies wouldn't be able to determine the browsing history, but from a local point of view it is as though no browsing has taken place.
But Edge is different.
Somewhat counterintuitively, Edge actually records browsing history in InPrivate mode. More than this, by examining the WebCache file it is a relatively simple task for someone to reconstruct full browsing history, regardless of whether surfing was performed in regular or InPrivate mode. These were the finding of infosec expert Brent Muir.
Over on Forensic Focus, researcher Ashish Singh warns:
The forensic examination of most web browsers has proven that they don't have a provision for storing the details of privately browsed web sessions. Private browsing is provided for a purpose, i.e. privately browsing the web, which is being delivered.
However, in the case of Microsoft Edge even the private browsing isn't as private as it seems. Previous investigations of the browser have resulted in revealing that websites visited in private mode are also stored in the browser's WebCache file.
NOTE: The Container_n table stores web history. There a field named 'Flag' will be available. A website visited in the private mode will have a flag value as '8'. Generally the purpose of storing this information is to retrieve crashed private sessions.
\Users\user_name\AppData\Local\Microsoft\Windows\WebCache
Therefore any skilled investigator can easily spot the difference and get concrete evidence against a person's wrongdoings. Plenty of artifacts are maintained by the browser, which makes examination quite easy. However, there are stages where evidence is not so easy to find. The not-so-private browsing featured by Edge makes its very purpose seem to fail.
Microsoft is aware of the problem, and says:
We recently became aware of a report that claims InPrivate tabs are not working as designed, and we are committed to resolving this as quickly as possible.
As is often the case, there is no indication of quite when this might be fixed, but it will be fixed. At some point. But you can't help but ask how such a fundamental aspect of private browsing could be so fantastically borked. It beggars belief.
I despise Edge and NEVER use it.
Private mode doesn’t really provide privacy in any of the browsers.
If you want internet privacy, your browser is small potatoes. You need a custom router firmware with VPN to company that doesn’t keep logs, and you need to set your DNS servers to an anonymous service like OpenNIC.
Typical Microsoft, IE was garbage so instead of actually catching up with the competition they rebrand and make no other changes. Adblock is at least 6 months overdue, geniuses.
later
From what little I know, you need to use a VPN to browse anonymously.
I tried one via Giganews some time back. So slow.
When I upped to Win 10, I stuck with Chrome as i like that all my devices sync with bookmarks and passwords I use for casual browsing. I never let chrome record financial and other private passwords. Adblock works well in Chrome to keep most ads away.
In Win 10, I set all the privacy options to keep MS nose out of my business, plus I never use MS mail, calendar, Edge, IE and Cortana. I have no interest in nasty sites or controversial sites so the government probably leaves me alone.
 |
 |
|---|
Edge doesn’t work on my win10 laptop - never did. For that matter, IE didn’t work in win8.1 on this Toshiba.
VPN is, by its nature, slow. Security comes at a cost, for sure. I VPN to my home network from all of my mobile devices before I do anything from them. I stream much on my mobile devices, so it’s not a big deal.
The only thing I’ll say is that while VPN is great for point-to-point privacy, for instance if you’re accessing remote data, TLS1.2 certificates using elliptical curve ciphers is as secure as you can get while browsing the Internet. As long as the sites you visit are HTTPS, you’re relatively safe from prying eyes.
And to the point another poster made, if your home network is configured to use your ISP’s DNS or, worse, Google’s DNS, it doesn’t matter what protections you put in place, they know everywhere you’ve gone if you’re using named sites (vs. straight-to-IP).
I upgraded to Win10 late yesterday, and haven’t really played with it. Mostly I just need to figure out how to clear my browser session. I like to clear things before going on to the next thing.
HUH? What kind of VPN are you talking about? I use OpenVPN (software), and Cisco and Juniper (hardware), and they are all transparent with regard to data throughput. Modern commercial VPNs run encryption with negligible overhead for data rates up into the 100Mbps range. Higher rates you're talking pro gear, of course.
If you're using a VPN for gigabit connections I wonder what your use case actually is.
I suggest perhaps your VPN is poorly chosen for your data rate.
> Security comes at a cost, for sure.
This much is true.
Microsoft VPN (IKEv2 with 4096 bit EC certs) from a corporate OC48 WAN to a residential 200 Mbps cable, all Cisco hardware LAN on both sides to MS Hyper-V server infrastructure. Throughput to the servers and encryption overhead is negligible, I agree, but browsing is slow. Could be QoS considerations, but I’ve experienced the same issues across a variety of VPN solutions, at least for 80/443.
I always thought private mode just sent it to a secret folder that sits on the cloud until you need to be investigated and then, instead of thumbing through tens of thousands of web pages you have visited, they can just go to that private folder to see what you have been hiding.
Yeah, that's a possibility. Is it also possible you're getting packet fragmentation due to the encryption wrappers hitting some gear's MTU limit, resulting in multiple transport delays?
I’ve got jumbo frames turned on and tweaked my MTU for streaming, but that’s a good thought. I talked to my network engineers at the office, and they said that 50-150 ms latency is not unheard of crossing over VPNs. Negligible for most traffic, but it’s enough that multiple VPNs in a chain could slow you down appreciably.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.