Sometimes, things aren’t what they may seem. Microsoft’s Edge browsing just told you, you’re in “InPrivate Browsing” mode, but a new study shows that may not actually be the case. If they want to keep recently viewed sites private, most users select the InPrivate mode for browsing and continue on their merry way, confident the browser has not saved any information of their whereabouts. However, a recent study from Forensics Focus sheds light on a potential loophole in the Microsoft Edge browser privacy features.
In the post by Ashish Singh, he says;
…in the case of Microsoft Edge even the private browsing isn’t as private as it seems. Previous investigations of the browser have resulted in revealing that websites visited in private mode are also stored in the browser’s WebCache file.
What this investigation has revealed is by searching a users hard drive, through the WebCache file, information contained in the Container_n table, which stores Tab and web history, it lists a field named “Flag” and any websites visited in Private mode will have a value of “8” associated with them. This would give any person skilled enough to search through a computer for browsing history, strong evidence of previous browsing history.
Complicating this matter further is how Windows 10 and Microsoft Edge syncs your account across multiple PCs and your browsing history. Say a person starts an InPrivate session on one PC, logs out and shortly after logs into another computer, owned by another person. Using the same Microsoft account, Microsoft Edge will sync their previous browsing history to that PC, as well. The issue that can arise here, is that if an investigation was launched looking for information regarding InPrivate mode sessions, the investigator would not be able to separate who the original suspect was or who the information actually belonged to. Because the InPrivate information is stored on the PCs hard drive, whoever the owner of that PC is would could be considered the wrongdoer.
The Verge reached out to Microsoft for comment, where they replied:
We recently became aware of a report that claims InPrivate tabs are not working as designed, and we are committed to resolving this as quickly as possible.”
With this comment from a Microsoft spokesperson, in seems they are working to quickly rectify this issue. With out any solid information or a timeline on when this will be addressed, we will just have to sit and wait. In the meantime, you may want to think twice about those InPrivate browsing sessions and the places you visit.