Blog for hpHosts, and whatever else I feel like writing about ....

Saturday, 19 June 2010

Internet Explorer 8: Is "InPrivate browsing" really private?

We've all seen the adverts on TV and splashed on the web, telling us we can hide our browsing habits, by utilizing IE8' "InPrivate" browsing facility. But how private is this mode really? Will it for example, stop a suspicious spouse from spying on you? Will it prevent your employer or IT dept, finding out you're going to Facebook when you're meant to be working?

You'd be forgiven if you'd said yes to any of those questions, but I'm afraid I've got bad news for you.

Microsoft implemented files in the IE package some years ago, known as index.dat files (originally called "Mm256.dat" and "Mm2048.dat"). When asked what these were for, Microsoft told everyone they were solely to improve performance when using IE, however, many of us have been suspicious about their real intentions. The purpose of these files however, is not the point of this article, so I'll leave that for some other time.

Microsoft describes "InPrivate Browsing" mode as;

"When checking e-mail at an Internet café or shopping for a gift on a family PC, you don't want to leave any trace of specific web browsing activity. InPrivate Browsing in Internet Explorer 8 helps prevent your browsing history, temporary Internet files, form data, cookies, and usernames and passwords from being retained by the browser, leaving no evidence of your browsing or search history."


This however, isn't strictly true. Sure, you can delete the history, cookies and even Temporary Internet Files, but what Microsoft has NOT told you is that just like regular mode, EVERY website you visit, whether in "InPrivate" browsing mode or not - is recorded in the index.dat files.

I've just confirmed this using my test machine, by browsing to baidu.com, a website the machine has never been to before, then checking the contents of the index.dat files with Index.dat Suite.

You can confirm this yourself, by following the steps below;

1. Download Index.dat Suite, Index.dat QV or any other index.dat file viewer
2. Load up the program, have it find the files, then view the file stored in your profiles Temporary Internet Files\Content.ie5 folder
3. Check for the presence of baidu.com*
4. Close the program
5. Load IE8 and go to InPrivate Browsing mode
6. Surf to baidu.com*
7. Close IE8 and repeat steps 2-3

* You can use any website you like, aslong as it's one you have NOT ever been to before, I used baidu.com as I used my test machine for confirming this. You can of course, always delete the index.dat files themselves, prior to confirming the InPrivate behaviour

This brings a number of questions of course, the first and most important being, given Microsoft know this is the case, that these are being recorded, why are they telling everyone "InPrivate" is private? We know that's not actually true. The second, and this is one we've been trying to get them to answer truthfully on for years, is why these files are actually there - and more to the point, why more of them were introduced in IE8.

You can read all about index.dat files if you'd like to, in an article I wrote in 2005;

The truth about the index.dat files: What, why and where?
http://mysteryfcm.co.uk/?mode=Articles&date=01-11-2005

1 comment:

spg SCOTT said...

These adverts really annoy me...

There is that one that you mention, which as another way of looking at it tells everyone that no one will ever find out what they are doing...and for most people in my age range, that means parents ;)

Then there is the one in the coffee shop where she say about the 'dodgy download'...
-Surely the block should have acted on the site load, not the download...
-I have seen the site load before the alert comes up before now...which begs the question, what is the point of it? The page still loads...

-Scott-