Considering that you are on the Internet right now, the odds are that, if you're not in an open-plan office, either your previous or next visit will be to a porn site. And when you do so, you may do it in your browser's "privacy mode," in order to cover your digital footsteps. But maybe you should hold off for a minute on that. A very important new study explains that the authors "show that many popular browser extensions and plugins undermine the security of private browsing." The long and the short of it? If you are on the internet looking at porn, you are not safe. And worse, the study details exactly what portion of you people in private browsing are looking at porn. With bar graphs. We spoke to an author of the study to get more vital information about porn safety.
(You can read the study, by Dan Boneh, Gaurav Aggarwal, Elie Burzstein, and Collin Jackson in this PDF.)
As it turns out, the only self-restraint Safari users know about is of an auto-erotic nature. The study strikes an appropriately sober tone in the results section:
We found that private browsing was more popular at adult web sites than at gift shopping sites and news sites, which shared a roughly equal level of private browsing use. This observation suggests that some browser vendors may be mischaracterizing the primary use of the feature when they describe it as a tool for buying surprise gifts.
And with that, the scientists christened "buying surprise gifts" as a euphemism for masturbation.
You may have some questions–serious questions couched in irony–about this study, and what it means for your completely unironic porning, and also, I guess, your secretive news browsing. But fret not!
I contacted Dr. Aggarwal, a man who can now call himself one of the world's foremost experts on sneakily watching porn, and he was generous enough to write back to me about his study.
Dr. Aggarwal cited a few reasons why he undertook this study: "People are concerned about their data on various websites and whether their browsing activities are being tracked by websites. Private browsing is also marketed as a special browsing mode that provides privacy against ‘local' attacker [i.e. somebody using your computer while you're away from it, even though you like, totally told them not to, and they still did it anyway. Why doesn't anybody listen to me? I can't wait until I move out of the house and get my own place without mom and dad always going through my things!] and also to some degree against tracking websites."
And so "we wanted to study private browsing, define its threat model and analyze how good it is at providing privacy."
Should we be concerned about their revelations?
"The most alarming [security weaknesses] in my opinion are browser extensions [basically, plugins and add-ons]. Most of these extensions are oblivious of private mode and can store URLs of sites being visited on disk."
Okay, so these things are inadequate now...but surely some day in the future, private browsing will be truly private, a vast wonderland where the vast, guiltless porn horizon stretches as far as the eye can see, right? Right??? Dr. Aggarwal???
"It is not possible to guarantee that no state would be saved on disk in private mode – all browsers fail in one way or the other," he wrote.
Or not.
"We need a better browser architecture for handling extensions," he wrote. "Browsers need to agree on the goals for private browsing that are consistent with user's expectation and the way this mode is marketed."
Great. Lower your expectations people, and know that someone on the internet could be watching you right now, but only if you're important enough to them. So, from now on, when you get on the internet, just ask yourself: "Am I as important as Ben Quayle?"
Photo from the First Goatse Flickr pool by Scott Perry.
To be clear, a "browser extension" refers to the application, not something happening to the user.
"Trojan" and "plugin" are also rich veins.
Engorged veins.
This could be fixed in a few ways. The simplest would be a "disable extensions in private mode" option. Power users could get a checklist: e.g. private mode turns off Undo Closed Tabs but keeps AdBlock.
If you want to drive it on the developer side, add an optional private mode feature to the API; extensions with a private mode automatically switch to it, those without one switch off. Developers could circumvent this pretty easily, though.
It's true nobody has done much on this front yet, but private browsing is still new to this browser generation. I think it will become more robust in time.
The elephant in the room is still Flash itself.
My big worry is that Flash can store its own cookies. http://www.schneier.com/blog/archives/2009/08/flash_cookies.html
Chrome already does this:
"Because Google Chrome does not control how extensions handle your personal data, all extensions have been disabled for incognito windows. You can reenable them individually in the extensions manager."
The solution: BetterPrivacy - it gives you really good control of so-called "local shared objects" (LSOs)... also known as "Flash cookies".
Do people really turn on private browsing to view goatse?
I could sort of understand he they were going to goatkcd.
*if*
Love it when one refreshes the Tumblr feed and someone's posted a way-porny picture without a SFW click-through thumbnail and no NSFW warning!
-YOU PEOPLE KNOW WHO YOU ARE-
I know people who do this deliberately. And I kind of love them for it.
I thought all those iPhone havers were getting so much action they wouldn't need porn. Also, nice two fer with the uncut vids post just below.
A sock on the door also offers a great solution for private browsing.
I don't check pr0n sites at work, but I do stay on Facebook somewhere about 95% of the time. Is private browsing doing anything for me in re: my employer spying on me? (sorry for the earnest question.)
pr0n***
sigh...
You misspelled pR0n.
What's a cowboy doing on the internet, anyhow?
I'd be fired in a minute if I looked at porn at work. Forget it. At a previous job they simply kept a record of websites visited by each computer, since all the DNS stuff went through their servers anyhow.
"unironic porning"? What the hell is that?
Um, do you not know you have some female readers, some of whom are not obsessed with porn? I can't even remember the last time I looked at porn. It doesn't exist for me. It is destructive to my female psyche and I find nothing pleasurable about it. Especially since I left my jack-ass of a husband.
Just bouncing off the front page, they also have readers who aren't Korean, comic book fans, bear enthusiasts (fewer of those), Peruvians, Kanye listeners, New Yorkers, or female bosses/employees of same. For many (if not most) Awl readers, the mix of material is part of the fun.
That said, "naughty pictures are bad for my delicate female psyche" is a bit... Victorian? I mean, it's perfectly understandable if you find the topic distasteful and decide to skip the article, but I don't think that preference has anything to do with your gender.
Well, I guess The Awl IS technically bear porn...