Private and Incognito Mode Are Not More Secure Nor Actually Private

laptop computer on the table with notepad and coffee cup with Ntrepid logo in foam

Share this post

Private and Incognito Mode Are Not More Secure Nor Actually Private

Over the last year I have frequently been asked why someone would need Passages when they can use “private browsing” or go “incognito” in their existing browsers.


“There is a perception that these tools provide significantly more protection and anonymity than they actually do.”


In Chrome, Safari, Firefox, and Internet Explorer this privacy mode is designed to minimize tracking and storage of potentially sensitive information. In each case the browser will not send any cookies it received before the start of the private session, and it will not store any new cookies past the end of the session. Additionally they don’t store user history, searches, or other activity during the sessions. What they don’t do is prevent the use of many kinds of “supercookies” by websites which will persist past the end of the private session. Also, they don’t do anything to protect the user against browser fingerprints, IP address based tracking, or malware. That is simply beyond what they were created to do.

To see why these privacy modes can’t provide full protection let’s look a bit closer at supercookies and browser fingerprinting. Supercookies are actually a cluster of tools and techniques rather than a single technology. They work by hiding identifying information in places that the browser does not clean. It can be in cached files, history, configurations, or an ever growing list of other places. Because it is a moving target and works by abusing the functionality of the browser and various plug-ins, it is very difficult for those browsers to detect and remove these super cookies. The Passages secure virtual browser can remove them because Passages destroys absolutely everything from every browser session. Even supercookies using techniques we have never seen will be removed.

Browser fingerprinting is even more difficult to defend against. It is a method of identifying a user and their browser based on publicly visible information about its configuration, fonts, and plug-ins. It turns out that just that information can uniquely identify a visitor to most websites among all the other visitors. The browser simply can’t hide this information because websites rely on it to function. Sites need to know what kind and version of browser is being run, what fonts and languages are available, and which plug-ins it can make use of. Passages addresses this because the browser is virtualized in a way that makes all of the browser fingerprints identical. Websites still work normally but they can’t tell any Passages user apart from the next.

All browser companies are quite clear about the capabilities and limitations of their privacy modes, but still many users are confused and assume that they are being protected much more completely.


“Passages actually provides the protection that users think they are getting.”


Passages ensures that all unwanted records, cookies, supercookies, malware, and all other files are destroyed completely at the end of every session. In addition, the user’s IP address is hidden behind one of the shared Passages IPs, so no identifying information about the specific user is revealed. At the same time, all Passages users have effectively the same browser fingerprint making them immune to that method of tracking.

In the Enterprise version of Passages the system does keep the browser’s history, so it is not “private” with respect to the business’ administrators (by design). In the upcoming consumer version the user’s privacy will be complete.

It is critical for users to understand what kinds of protection they are actually getting with all the various tools at their disposal. These privacy modes are quite effective at hiding browsing history from parents, wife, kids, or reducing the “retargeted” ads that follow you around the Internet after you visit a vendor’s website. They are completely inappropriate as a security measure to prevent malware or to avoid targeted web attacks and snipers at the watering hole. They also fail against information gathering techniques like Passive Information Leakage which can reveal tremendous amounts of sensitive information about an organization without ever compromising its perimeter at all.


“For protection against all of these targeted attacks you need to mask the browser’s IP, browser fingerprint, and supercookie-based tracking in addition to the standard cookies.”


Private browsing modes are useful but no substitute for effective protection against targeted attacks, passive information leakage, and other threats based on user identification. It takes comprehensive privacy protections to provide security against these vulnerabilities. Passages provides all this and more.

Up next: Why Passages is more secure than Tor