Hacker News new | past | comments | ask | show | jobs | submit login
How Browsers’ Explanations Impact Misconceptions About Private Browsing [pdf] (blaseur.com)
55 points by nailer 8 months ago | hide | past | web | favorite | 23 comments



There's a site [1][2] that shows just how bad fingerprinting can get. You enter your name in private mode, close your browser then visit the site again and it has remembered you.

It would be great to know exactly what percentage of visitors had your same fingerprint. It uses clientjs [3] which I guess let's the "tracker" choose how strict to be.

While it uses a different library, this site [4] can show just how unique you are amongst other visitors. Again that fingerprint will not change even if you close your browser ,wipe your history, restart your computer, etc.

1. https://www.nothingprivate.ml/

2. https://github.com/gautamkrishnar/nothing-private

3. https://github.com/jackspirou/clientjs

4. https://amiunique.org/fp


Since I roll with JS disabled everywhere except a few sites I trust, I get an eternal "Loading... please wait...". Fingerprinting defeated, or just defeated fingerprinting 'test'?


Of course they need to use JavaScript to fingerprint you to test JavaScript fingerprinting. As far as the whether they keep the information for themselves, since it’s client side, you could potentially audit that.


I was under the impression that browsers could be fingerprinted in other ways that didn't require JS.


EFF's Panopticlick is a good resource, too: https://panopticlick.eff.org


From 4.5.1

> A surprising 56.3% of participants believed that even while a user was logged into a Google account, their search queries would not be saved while in private mode. The large majority of participants (144) believed this to be the case because private mode does not save search histories, conflating the browser’s local history with Google’s.


Thinking aloud (and replying to self) wouldn't the user have to explicitly log into Google Search after launching the Private Browsing window for this to happen?

It should be obvious that after explictly signing in to Google Search after launching the Private window, Google will now record your history.

I started a new Private window in a logged-in Chrome and searched without logging in to Google again, nothing new showed up on https://myactivity.google.com/myactivity


Yes people are just so stupid they think that in private mode what they do is secret as opposed to just not saved on their local machine.


I first read your comment as: Google associates your browsing history with your Google account when your not logged in and using private browsing.

They can definitely tell it’s the same user who just opened a new private tab, but they’re not saving that, right?


How are Panopticlick and Evercookie doing these days?


> but they’re not saving that, right?

If you are logged into your Google account in the "private" session, your private session will carry session-level data (i.e Google's cookies) that will persist until the last private window is closed and that data can and will be associated with your account.

So if you are logged in to Google, even in a private window, they will be tracking you through and and all of their properties. If you don't want to be tracked as you in private windows, don't log in as you in private windows.

This part isn't Google (or anyone else in their position)'s doing, it is by browser design. Browsers do what they can to make it difficult to detect the difference between normal and "private" windows so Google can reliably detect is that at the start of the private session you have no Google cookies, which is the same behaviour if you had moved to using a fresh new browser (in private mode or not). It is currently possible to work out that you are in private mode in many browsers using various tricks (some browsers/versions disable cookies in private mode in a manner detectable via navigator.cookieEnabled, some disable all local storage options in a way that can be detected by exceptions firing when you try use them, some disable service workers, ...) but none of these tricks are 100% reliable (even, I suspect, if you try use them all) and may all become 100% unreliable at a later date. If they can't reliably detect you are in a private window, then they can't reliably turn off tracking of your logged-in activity in private windows.

> They can definitely tell it’s the same user who just opened a new private tab

This is a slightly different matter. Here the link may contain information that can be used to pollute the private island. So they know opening that advert link in a private window was done by you because the URL contains a code that was only given out to use (in a non-private window). But again, if they can't reliably detect the privacy settings they can't be expected to do anything about them.

> Google associates your browsing history with your Google account when your not logged in and using private browsing.

This could partly be the case, though not in a practically avoidable manner. This is the problem because people will assume that Google and their ilk can't continue to track you, not that it is difficult to know they should stop tracking you, when you do something like right-click-open-in-private-tab. The trick is to never log into your account in a private window and never follow links from non-private windows in private ones (without verifying they don't carry personal/session data first), but try explaining that to the average user who barely knows what a cookie is.


"so they know opening that advert link in a private window was done by you because the URL contains a code that was only given out to use (in a non-private window)"

Nope. See, people are idiots and in this case that helps us. They absolutely will paste that URL (with the code in it) into an email to grandma, or their Slack channel, or Hacker News.

Now, Google _could_ try to figure out what happened here, and guess if it's still you to fill out the profile - but that would always be somewhat inaccurate, and it's also evil, so between those two factors it's not a huge surprise that they don't do this.

One thing Mozilla has done more recently in Firefox is make available a "Facebook container" extension, which isolates Facebook inside its own session. So whenever you follow a Facebook bookmark, or tab-complete it in the URL bar, or whatever, you get a tab that's inside this special session where it's logged into Facebook, but your other tabs aren't. So Facebook can't correlate your non-Facebook activity to Facebook activity. None of this works if you use the "Login with Facebook" feature on other websites, but too bad, might as well have labelled that "I hate privacy" when it was invented anyway.


> people ... will paste that URL (with the code in it) into an email to grandma, or their Slack channel, or Hacker News. Now, Google _could_ try to figure out what happened here,

In all those other cases the is likely to be a significantly larger delay between the link being generated and it being followed. So while it isn't 100% reliable they could correctly guess if it is you, or someone else you have passed the link to, significantly more often than not. Especially because, of the potentially many signals they get from a given link, the person or was initially generated for is likely to be the first to follow it.


Also if you query google from your account recipe for beef stew, open a private window and query again how to take over the world logically if anyone at google wants to know who sent the second query they don't even have to ask your isp who your ip address is associated with you already told them. This correlation gets worse as the chance that the ip is a different user increases over time.


...right? ...RIGHT?!

Nah, they're probably saving it.


I would expect that enabling the privacy mode of a browser also sets the DNT header and therefor at least suggests to google not to save the search history. If google honors this is another matter.


> I would expect that enabling the privacy mode of a browser also sets the DNT header

It does not; and since private mode disables the existing cache and cookies, there would be little point anyway (and even with DNT off cookies stored by tracking services will disappear as the private mode is ended). Though if you usually have DNT on, the header will still get sent in private mode.

More generally, I suspect having DNT on is a good way to radically increase the uniqueness of your browser's fingerprint, as it is likely a minority of users have it on; personally I ignore it entirely and just use ublock + privacy badger and similar solutions (that includes noscript - efficient fingerprinting is much much harder without JS).


DNT is not about reducing the fingerprint, but transmitting the intention not to be tracked.

It might be necessary to establish legislation that forces web server operators to respect this intention and deactivate any server side logging or tracking. But that is not going to happen because the government likes having access to this kind of information.


you think dnt increases your uniqueness but disabling js doesnt? (youre right tho that w/o js a lot of tricks are off the table)


"private mode" from an advertising company that collaborates with the NSA? It's the very definition of oxymoron.


I’m curious about Brave browser’s fingerprinting protection. Does that really works ? Let’s say I combine that with a VPN, private browsing, tracking protection, and other protections provided by the browser except disable scripts, would google still be able to track me ?


A quote I read a while ago: "Good UI is like a joke,if you have to explain it then it's bad"

I've always felt browser security and privacy UI should be more obvios and verbose with the ability to view increased verbosity as needed. Ideally an average user should be able to view messages pertaining to privacy and security relates events on the page in plain english with increasing verbosity and this format would be a cross-browser standard.


It doesn't handle screen rotation, so I have two identities? Mr portrait and Mr Landacape




Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: