
Microsoft Edge records browsing history in InPrivate mode - fgeorgy
http://betanews.com/2016/01/30/stop-using-microsoft-edges-inprivate-mode-if-you-value-your-privacy/
======
curveship
I'm betting this isn't a bug but isn't malicious either. Possible scenario:

Product: So Sue, how's the restore-session-after-crash feature going?

Dev: Great, just about done.

Product: So it's working for all sessions now? Fantastic!

Dev: Yep! Well, all sessions except private ones of course.

Product: ... so you haven't finished private sessions yet?

Dev: No, it's just that we don't store anything on disk for them, so there's
nothing to restore.

Product: ...

Dev: ...

Product: Users don't know what "stored on disk" even means. They're going to
be very upset if we lose their work after a crash, just because the session
happened to be private. Maybe even more so.

Dev: But with nothing on disk, that would be impossible.

Product: You devs have such a fixed mindset. If I had a penny for every time
I'd heard one tell me something was "impossible." So store what you need on
disk, and ...

Dev: But history ...

Product ... and flag it so it doesn't show up in history or as a visited link.
Wouldn't that work?

Dev: Well, kind of, but ...

Product: Great! So we have a solution. How long to get that coded up?

[Later] Product: "Impossible" _laugh_ Hah!

~~~
dman
Microsoft makes a huge amount of money from enterprise sales. I would see how
large companies would be worked up if employees could use private mode
browsing to circumvent monitoring. I fear (without any evidence) that private
browsing mode would be a tough feature to push in the enterprise space.

~~~
lreeves
Monitoring in an enterprise environment (for browsing) works on a network
level; even SSL sites are monitored by on-the-fly certificates that are
trusted by the users machine. There's no need to persist history to disk for
an IT team to capture that information.

~~~
TheRealDunkirk
My favorite days are the one where central IT screws up the system, and we get
certificate errors everywhere we go. Uh, do you think they're tracking us and
snooping all supposedly secure communication? Naaaaaah. Luckily, I avoid most
of those days working from home and NOT using the VPN. I SHOULD make sure I
never log into something I care about (like iCloud) while on their network.
The problem is that I can't get reception on my cell phone inside the
building.

~~~
Bromlife
If you don't want your employer to see it, do it on your phone. Everyone
should realise that by now.

------
KaterKarlo
I can't believe how stupid Microsoft is. This is never a bug. You can't be
that amateurish.

They've just started earning some trust and respect from the users and then
this. Also, the Windows 10 privacy nebulosity. Why not just leave the user's
privacy alone? There's still enough business with Windows itself. No need to
be so greedy and try to compete with Google.

How shall I trust Microsoft enough to put my data on Azure? Or by a Windows 10
phone?

So stupid. What the hell did they want to do with private browsing data? Was
it worth it?

~~~
zeta0134
Really? This is an _extremely_ easy bug to write, and given the way Microsoft
APIs tend to work, I'd bet the layering of their code made it difficult to
spot.

You have a process that needs to work for, in its mindset, "all tabs," which
tries to recover them after a browser crash. You have a different flag on
these tabs which is supposed to signal that disk-writing and history are not
stored. Sounds easy, but the reality is that there are probably dozens of
parts of the code that could potentially write recoverable history. Cookies,
cache data for images and resources, the normal history writing functions,
those are all the obvious ones to check. The anti-crash feature? Yeah, I can
see it being missed.

Yes, their security audits _should_ have caught this, but don't call it an
amateurish bug simply because it seems obvious in hindsight.

(Though to be entirely fair, this is also why I won't use Microsoft products.
If a reporter hadn't called them out on it, would it ever have been fixed?)

~~~
dragontamer
The only way security issues are ever fixed is when reporters call them out on
it.

Or do you think Stagefright on Android would have ever been fixed if the
exploit wasn't publicly disclosed? The threat of public disclosure is the only
thing security researchers have as leverage to get a company to do the right
thing.

~~~
odbol_
Oh, Stagefright was fixed? I wonder when someone will tell my phone
manufacturer...

------
moonshinefe
So my question is: did Microsoft do this on purpose, or was it simply a
failure in software design?

I'd like to think the latter, but the fact that Win 10 has had well documented
privacy issues already, and the fact Microsoft is probably the most
experienced and among the most well funded browser development companies in
the world, I get a bit skeptical. A private mode that still writes history
WebCache. Did they really overlook that?

~~~
HappyTypist
Windows is the most used desktop OS and Microsoft has a history of conspiring
with nation state adversaries. It's not implausible that the NSA and GCHQ
would ask Microsoft to slip in a few bugs here and there that makes
surveillance much easier.

Remember: This is the company that took an end-to-end-encrypted communications
platform (Skype) and completely turn it around into a mass surveillance
platform by being the first to join PRISM. It's the same company that builds a
full disk encryption system (BitLocker) that sends your encryption keys back
to Microsoft's servers. And finally, it's the same company that pushed for an
"always on" HD webcam and microphone bundled with an "always online" video
game console.

~~~
Ntrails
>It's the same company that builds a full disk encryption system (BitLocker)
that sends your encryption keys back to Microsoft's servers

Every time someone says that as though it's not the absolute correct thing for
MS to do given it's standard home-user technical level/expectation I'm super
confused. I would expect it to be possible to turn that off, but you can be
damned sure that swathes of their users expect to be able to ring MS when they
forgot their bitlocker key.

>it's the same company that pushed for an "always on" HD webcam and microphone
bundled with an "always online" video game console.

They want you to always be able to use voice and gesture controls with your
console - because if you have to stand up and press a button to turn the
damned thing on then what's the value in half the functionality?

I'm confident MS are actually more interested in their profit margins than
they are by any conspiratorial opportunities with the security services.
Casting the latter as their primary motivation all the time is disingenuous.

~~~
pjc50
_ring MS_

How do you even do this? It was hard enough to report a bug as an MSDN
subscriber. I don't think they have a vast array of consumer support phone
agents, or if they do they keep the number very quiet.

~~~
caskance
Search google for something like "microsoft tech support phone number"?

------
crispyambulance
I could be totally wrong and I'm going to get downvoted for this but...

Regardless of the browser, "private mode" is kind of a misnomer. You're still
hitting the websites and unless you're using Tor, this can be easily logged by
whoever has control of the LAN/router.

The point of "private mode" is to avoid logging to browser history so that
someone can't casually inspect what URL's a user has visited (eg, when hubby
wants to visit websites that wifey doesn't approve of). The problem here is
that MS is storing the browser webcache even in private mode and it is
relatively easy to get to it?

If so, the solution is to publicize this issue and microsoft will likely fix
the problem. Then hubby will need to worry about wifey interrogating the
router.

It just seems like an oversight and not a big deal in terms of privacy and
security.

~~~
nicky0
Doesn't have to be Tor, any VPN should do.

~~~
Someone1234
PPTP/MS-CHAP won't do. It is the most common/popular VPN protocol and
trivially decrypted[0]. I'd stick to L2TP/IPSec, SSTP, or OpenVPN.

PS - L2Tp/IPSec can be a "nightmare" to NAT traverse. OpenVPN is best for
mobile applications.

[0] [https://github.com/moxie0/chapcrack](https://github.com/moxie0/chapcrack)

------
userulluipeste
If you don't fancy what Microsoft is doing lately, support an alternative. If
*nix can not fit the bill because of a dependence of some sort on Windows,
support ReactOS. ReactOS is supposed to launch a major version these days
(from 0.3.X to 0.4) and then aim for beta stability. The chance of ReactOS
becoming real lies in our collective support.

~~~
moonshinefe
Our collective support of using Windows NT4.0-Windows 2000 graphical
interfaces? I apologize for being abrupt, but nobody is going to use this
operating system in this day and age.

~~~
reitanqild
Not everyone are end users or gui designers.

It is not for me but it might be an option for a lot of companies that depend
on older software for industrial automation etc.

Smooth GUIs doesn't matter too much there.

~~~
ricardobeat
Neither does private browsing?

------
saspiesas
The response from Microsoft makes it look like this is a bug, not just related
to tab.

This is... horrendous, how did they get such a basic feature that broken?

~~~
mel919
Microsoft being a software company is amazing. There are plethora of issues
with MS core products like Edge, OneDrive, Store not to mention the release of
Windows 10 mobile in alpha state for some of their phones. It's just mind-
boggling how broken software can a software company ship and show no signs of
caring at all beside the generic responses.

~~~
Laaw
I was thinking about this earlier, and while I've been in the industry ~8
years, I've only worked at two companies, and they've both had some pretty
fundamental dysfunctions from a strategy/leadership/management perspective
(e.g. projects building software that no one likes/uses, major flaws in
delivered products, huge delays/delivery slips), that I want to see what a
"successful" company looks like.

But then I thought some more, and I don't know if any companies actually do
this correctly.

Do companies exist that can deliver on projects at a fairly steady clip with
teams that build solid products generally on time and within budget? Or are we
all just floundering around, making buggy apps that take forever to release
and don't solve any problems, except for the lucky few who can get everything
to harmonize out of sheer statistical happenstance?

~~~
TeMPOraL
The few companies I worked in and with, and all the code I've seen, points to
the latter case - most of us are delivering utter disasters, thanks to the mix
of technical errors, management errors, shifting priorities, internal politics
and time constraints.

~~~
oneJob
Agreed and same. It's my opinoin that this issue is underdiscussed and that
the mess that is often delivered is rationalized by "methodology" and "it's
not our fault our requirements force us to deliver this".

But whatever the reason or rational, every time a story breaks about another
security exploit or privacy exploit I read that as a condemnation on our
profession.

In other professions, part of the certification process is gaining a basic
level of understanding of the ethics one is judged against when associating
one's work with that of the larger trades group, guild, or association. Often
it is well understood that, to some extent, the topic is simply being paid lip
service. But,it is also understood that those ethics draw a bright line which
those the association serves will not tolerate when openly crossed. Take for
instance investment professionals. Everyone knows insider trading happens and
it's not uncommon to put profit before fiduciary duty, but when those lines
are openly or egregiously crossed it is not tolerated under threat that the
understanding between the client and advisor that minor infractions will be
tolerated will no longer be honored.

The software engineering profession lacks this basic ethical covenant with its
customer. Just look at the utter lack of product warranties. Sure there are
SLAs, but there are virtually no warranties. And it shows.

As software begins to function more and more as the linchpin of our society,
this issue will morph from technical debt to an Achilles heel. We complain
about anachronistic laws. What about anachronistic code? We complain about
absurd laws. What about absurd code? It's just as dangerous.

------
cwyers
Private mode in a web browser isn't security, and the idea that Microsoft
slipped this in at the insistence of the NSA, which has much better tools to
track what websites a computer visits that doesn't require access to the local
machine, is laughable.

------
nchelluri
To me the neatest thing about this is that since all the major browsers are
evergreen (self-updating), while yes, this is a bug and one that seems like
the kind that provokes further investigation, it should be fixed and delivered
really soon and be a non-issue in a few days. (I think. If this self updating
stuff works as well as I think it does.)

~~~
creshal
Assuming it is a bug, and not a "feature".

~~~
nchelluri
> “We recently became aware of a report that claims InPrivate tabs are not
> working as designed, and we are committed to resolving this as quickly as
> possible.”

~~~
supergreg
But is the fix to stop the browser from writing to the cache or to make it
impossible for the user to find out it does?

------
dhekir
I recently had a bug in Firefox Android which leaked information: after
closing a Private Browsing window, if I went to Settings -> Apps, then "Show
Cached Processes", then chose Firefox and clicked Stop, to remove it from
Android's cache, after opening Firefox again, it would display the closed
Private Session from before. Strangely enough, the private session only showed
up if I removed Firefox from the cached applications, otherwise it would
behave normally (that is, the closed session would not be readily accessible
from Firefox).

I was going to report it, but by then version 44 was already available, and it
fixed that bug.

But, well, if even Mozilla can make such mistakes, Microsoft surely can too.

------
toni
I think the current best option for privacy-conscious users working with
Windows 10 is to install Windows 10 LTSB version[1]. It doesn't contain
Cortana, Store, all those fancy widgets, universal apps, IE Edge, and forced
updates.

[1] [https://technet.microsoft.com/en-
us/library/mt598226%28v=vs....](https://technet.microsoft.com/en-
us/library/mt598226%28v=vs.85%29.aspx)

~~~
babuskov
"The current best option for privacy-conscious users working with Windows 10
is..." to re-partition the hard drive and install another operating system.

~~~
arca_vorago
With the state of lower level persistent backdoors, I'd almost consider any
HDD that windows touched to be comprimised and change hdd completely...

~~~
castell
Don't forget Windows updates can update your CPU microcode. It's probably best
to buy a device that doesn't come with Windows preinstalled. E.g. you can buy
Lenovo notebooks that are 100$ cheaper and come with a DOS clone instead.

------
makecheck
This is why I hate sites like Facebook exposing a thousand "settings" to
"control" my privacy; any one of them is just a small bug away from not doing
what it claims to do. And the more stuff that's going on, the less likely it
is that I may notice when something has slipped through that shouldn't have.

These privacy mechanisms should be far simpler, vetted for security, and
ubiquitous. Consider the physically separate "secure element" chip on your
phone that stores data in a way that nothing else can possibly reach, for
example. It should be accepted practice in the software industry that your new
app doesn't just get to invent some way of storing potentially-sensitive
information; there should be a clear place to toss it in a vault under user
control, where the user can see _everything_ you have stored even if your
application isn't open (e.g. OS X Keychain).

And yes, this is an argument again for open-source software. Proprietary
secrets be damned, there's nothing special about a web browser anymore. The
code should be visible so as many people as possible can ensure it is correct.

------
rplnt
> private tabs

I wonder if it has something to do with the fact that they are tabs. Either
way, I really miss private tabs in chrome-ish browsers. They were better for
regular use than a separate window I think.

~~~
mateuszf
What is missing in todays browsers is handling multiple profiles/sessions per
browser window. I'd like to open my three gmail accounts in three separate
tabs without them knowing about each other. That would simplify a lot of
scenarios.

~~~
datamoshr
As far as I'm aware Brendan Eich's new Brave[1] browser is able to do just
this.

[1]: [https://www.brave.com/](https://www.brave.com/)

~~~
Sir_Cmpwn
I skipped to the FAQ and wow, this is not a win at all for people who desire
privacy (i.e. the people interested in this HN comment thread, in theory).

[https://www.brave.com/FAQ.html](https://www.brave.com/FAQ.html)

------
mc808
As far as I can tell, browsers can't prevent the virtual memory system or
other parts of the OS from logging/caching as they see fit, which means the
private browsing feature is snake oil in every browser unless the only concern
is keeping "chlamydia symptoms" out of the search bar drop-down and history
list.

~~~
arrrg
Surfing behavior not being visible to other users is exactly the reason – the
by far most important and absolutely towering reason – for private browsing to
exist. Everything beyond that is nice to have but ultimately not really
useful, not for what private browsing is actually used for by (most) actual
people.

It’s not some side benefit, it’s the primary reason for private browsing to
exist at all, at least as far a product manager (who actually understands and
cares about what users actually want from their browser – so not actually a
bad one) might be concerned.

That’s why I can absolutely understand how this kind of bug can creep in. The
most important aspect of this feature (from the point of view of most people
actually using the feature) is not that browsing leave absolutely no trace
anywhere, the most important aspect is that browsing leave absolutely no trace
where _other users of the PC can see it_ †.

I’m consequently a bit confused why everyone is unpacking the big conspiracy
guns. This seems like an easily understandable and completely plausible bug to
me.

~~~
Raphael
Shouldn't other users have separate OS accounts?

~~~
arrrg
Oh boy. The filter bubble is real! (That’s not meant to be disparaging. We are
all in our own isolated bubbles, clueless about a great many things and the
details of how people behave.)

People often don’t use separate OS accounts (it’s often just not necessary)
and even if they do they will often still share the PC from time to time (even
if just for a brief moment) or just show something off for some other people.

During all those occasions the browser history could be visible, even if
people aren’t really prying (autocomplete, frequently visited websites, …).

------
bottled_poe
Whether or not it was intentional, it certainly demonstrates that privacy is
not high on the priority list at Microsoft.

------
KirinDave
I just thought I'd add some color on why people are using Edge, despite the
fact that it has a feature paucity compared to Chrome and Firefox and IE. I
definitely want the InPrivate bug fixed, but I'm still using Edge at this
moment.

1\. For desktop users, most of us aren't using Edge most of the time. Desktop
systems are powerful and features matter more. The only time we use Edge is
when some saved feature or history element is there.

2\. For Windows Mobile, all 30 people using the platform have no choice but to
use Edge. This bug is pretty important for them, as inPrivate mode has many
more implications on a mobile device.

3\. For Tablet and Surface Book customers, generally regarded as the "leading
edge" customers & Microsoft's most robust product and software line? We use
Edge and will probably keep doing so. Why? _Because it 's te only browser that
gives a damn about efficiency._ Chrome is quite fast, but is a monster on
battery life. Firefox is quite slow (even without plugins). Edge gets very
good speeds, generally good performance and compatibility, and doesn't trigger
a battery dump spiral.

This is not a unique aspect of the Windows platform (Chrome can roast
batteries on Mac OS X as well, and mobile/portable Linux's Power management
story is not great either). but it's exacerbated by the new form factors
Microsoft is shipping in its Surface line which can easily get >10h battery
life with canny apps.

------
drglitch
I think some benefit of the doubt is allowed here - intern dev Alice codes the
in private mode. Intern dev Brian creates the restore tabs on crash feature
and integrates it hastily to make the (clearly rushed, if you ever used edge
for more than 5 minutes) release. QA you say? But the history tab IS blank!
Why would QA ever look into some internal db file? (sigh)

~~~
aikah
> intern dev Alice codes the in private mode

yes, blame the intern...

let's blame all the telemetry snooping in Windows 10 on a bunch of interns too
? it's like Microsoft can't hire professionals to develop its two main
products . There is no benefit of the doubt, they know what they are doing.

------
FroshKiller
Internet Explorer had a similar hole in its respect for users' privacy for
years: the index.dat file. No matter whether you used InPrivate or cleared
your web history, the browser--for years and across several versions--stored
all your URLs and search queries for faster autocomplete.

------
yodon
What I find ironic is I gave up on using Edge because it did such a poor job
restoring previously opened tabs in normal mode. I really wanted to like Edge,
but the only way I could get it to reliably re-open tabs was if I manually
killed the Edge process in task manager. Any time Windows gracefully shut Edge
down, like for a Windows reboot, I'd loose all my open tabs and have to hunt
back through weeks of browsing history to re find and re open them. I'll cut
Microsoft some slack for having a bug in leaking info in private mode in a new
codebase. I refuse to cut them slack for being unable to reliably restore tabs
in the normal case.

------
Spooky23
Chrome for iOS has the same issue.

Load an incognito tab, hit the button to return to the main screen, kill the
app, then re-launch Chrome.

If you need forensically safe ways to surf, browser "porn mode" isn't your
ticket.

~~~
KirinDave
Chrome doesn't properly instruct the keyboard on Android, ironically. If you
visit one website over and over in Incognito mode, the keyboard will start
prompting the URL in every field.

For some OEMs, it's hard to even figure out how to clear this data out. I've
seen, well... awkward moments during software pitches of mobile products on
Android.

------
Bud
I also love Microsoft's response to the report:

"We recently became aware of a report that claims InPrivate tabs are not
working as designed, and we are committed to resolving this as quickly as
possible."

Hee. You "recently became aware"? Dudes. This was coded in. It doesn't seem
very likely that this was accidental or that you were unaware. The browsing
history is getting directly written into the main web cache file, along with a
special code that specifies it's from private mode. You just accidentally
missed this?

------
kozukumi
Amazing how even when starting a new browser from scratch in the past couple
of years they still cannot do it right. I thought Microsoft was a software
company?

I don't want to hate on Microsoft but they are making it hard not to. Edge
could, no it should have been excellent but it has been out for 7 months now
and the updates are minimal.

~~~
Piskvorrr
Oh well. New MSIE, same as the old MSIE, in all but the name. (I do distinctly
remember the very same marketing campaign running for IE8 like the current one
for Edge. Oh, the visuals were different, all right.)

------
its2complicated
Seriously, does it even matter? Your ISP knows all, the NSA knows all, the
free email service providers know all. There is no privacy. Having said that,
I still don't like that they know I look at porn. :)

See you back inside the Matrix...

------
jhasse
"Chrome has Incognito mode, Safari has Private Browsing, Firefox has...
actually, Firefox has Private Browsing too."

This is surprising because? I would rather switch Chrome and Firefox in this
sentence.

~~~
kenips
Probably was referring to the naming of private mode on these browsers?

~~~
jhasse
Ah okay, didn't think of that ;)

------
oblio
In a somewhat related note, Chrome on iOS just updated to WKWebView or
something and just said it does not suppor Do Not Track anymore, due to iOS
limitations...

------
maaarghk

        or you may have Googled 'how to change the default search engine in Microsoft Edge'
    

what time is the super bowl?

------
akerro
What a coincidence.

------
kelvin0
Why would anyone want to use Edge? There are alternatives on all platforms,no?

~~~
nacs
Many people don't even know what a browser is and will just use whatever is
bundled with the OS.

Also, IE is often used to download Chrome / Firefox after a fresh install..

------
ck2
and Chrome seems to persist local storage incognito mode

------
amlgsmsn
>I can't believe how stupid Microsoft is. This is never a bug. You can't be
that amateurish.

Apple had a similar bug in Safari.

>Safari's Private Browsing Mode Saves URLs In an Easily Accessible File

[http://lifehacker.com/safaris-private-browsing-mode-saves-
ur...](http://lifehacker.com/safaris-private-browsing-mode-saves-urls-in-an-
easily-a-1691944343)

Google had a similar bug on Chrome in Android

>Chrome for Android’s incognito mode saves some of the sites you visit

[http://news.softpedia.com/news/incognito-mode-in-chrome-
for-...](http://news.softpedia.com/news/incognito-mode-in-chrome-for-android-
saves-some-browsing-history-492859.shtml)

I find it curious that a huge deal is made out of Microsoft's missteps with
over-the-top comments being modded up and same with the articles, but similar
or worse things by, say Google or Apple are simply papered over and buried.

It's Slashdot all over again.

~~~
frik
Slashdot was/is a community of open source nerds.

HN was a community of Silicon Valley startup founders. Though because of its
title, more and more nerds switched over from Reddit/Slashdot/Digg. Until
early 2015 HN was mainly inhabited from Linux and MacOS people. But Microsoft
invaded HN around their Build 2015 conference in May 2015. Nowadays a lot of
sock puppets and fanboys with MSFT background are on HN and try to downvote
everything slightly not so pretty. Nowadays "Show HN" is already a bit off-
putting with cynical comments and harsh critics. HN certainly needs better
voting-ring and paid sock puppet detection - hint: they are only active in
certain timezones and mainly on a weekdays.

The question is what HN want to be. I visit HN for startup news and
occasionally open source news. Who in the right mind would use vendor lock-in
mediocre expensive licensed software for a startup? Although, I am okay with
Windows 7, I hate Win8/10 with a passion because MSFT turned to a mean company
again (bad ModernUI, don't care about consumer anymore at all, privacy debacle
of Win10, turns everything to SaaS, evil license changes). And therefore would
welcome to see less MSFT sock puppets and less FUD on HN. Remember HN used to
be a group of very intelligent people, burn them once and we will remember
that forever, burn them twice... you know, better stop that right now.

~~~
Locke1689
You have an account only 947 days old.

While I can attest that HN has always had a significant amount of startup
stuff, that was nowhere near the entirety of the site.

I remember when the front page was filled entirely with Erlang articles, for
example, and I'm damn sure no more than a tiny fraction of HN was using or
considering Erlang for production at that time.

~~~
dang
> that was nowhere near the entirety of the site

Nor is it now. Speaking of Erlang, there have been three Joe Armstrong
articles on the front page in the last week.

------
bronlund
Of course.

------
frogpelt
Privacy concerns aside, it seems apparent to me that if you're trying to hide
your behavior, you're probably not being successful.

Someone probably knows or can pretty easily find out what you've been doing.

~~~
jasonkostempski
Most browsers tell you you're not hiding from network monitors, ISPs, and such
when you start a "private" session. Edge doesn't mention it. Even with that
message, I'm sure plenty of people still think they're being stealthy.
However, Edge does specifically say it will delete "cookies, history or
temporary files" when all InPrivate tabs are closed, but they are not.

------
volcrado
Oh, really? This can't be a bug, but looks more like it was planned. Looks
like Microsoft wants to hit Google hard in their own game, well bad idea :)

