Private browsing (also known asincognito mode orprivate mode) is a feature in mostweb browsers that enhances user privacy. In this mode, the browser initiates a temporarysessionseparate from its main session and user data. Thebrowsing history is not recorded, and local data related to the session, likeCookies andWeb cache, are deleted once the session ends. The primary purpose of these modes is to ensure that data and history from a specific browsing session do not remain on the device or get accessed by another user of the same device. Inweb development, it can be used to quickly test displaying pages as they appear to first-time visitors.
Private browsing modes do not necessarily protect users from beingtracked by other websites or theirInternet service provider (ISP). Furthermore, there is a possibility that identifiable traces of activity could be leaked from private browsing sessions by means of the operating system, security flaws in the browser, or via maliciousbrowser extensions, and it has been found that certainHTML5APIs can be used to detect the presence of private browsing modes due to differences in behavior. This is usually why some people mistake private browsing for avirtual private network.
Apple'sSafari browser was one of the first major web browsers to include this feature, first introduced in April 2005.[1] The feature was subsequently adopted by other browsers, leading to the popularization of the term in 2008 by mainstream news outlets and computing websites during discussions about thebeta versions ofInternet Explorer 8.[2][3][4]Adobe Flash Player 10.1 started respecting browser settings and private browsing modes in relation to storinglocal shared objects.[5][6]
Private browsing modes are commonly used for various purposes, such as concealing visits to sensitive websites (like adult-oriented content) from the browsing history, conducting unbiased web searchesunaffected byprevious browsing habits or recorded interests, offering a "clean" temporary session for guest users (for instance, onpublic computers),[7] and managing multiple accounts on websites simultaneously. Private browsing can also be used to circumventmetered paywalls on some websites.[8]
In a survey conducted byDuckDuckGo, 48% of participants chose not to respond, prompting lead researcherElie Bursztein to observe, "Surveys are clearly not the best approach to understand why people use private browsing mode due to the embarrassment factor." Additionally, 18% of respondents indicated that their main use of private browsing modes was foronline shopping.[9][10][11]
A study by theMozilla Foundation found that most sessions lasted only about 10 minutes. However, there were periods of increased activation, usually from 11 a.m. to 2 p.m., at 5 p.m., between 9 p.m. and 10 p.m., and a minor peak occurred about an hour or two after midnight.[12]
Private browsing is known by different names in different browsers.[13]
| Date | Introduced with/included in | Synonym | Activation | |
|---|---|---|---|---|
| macOS | ||||
| 29 April 2005 (2005-04-29) | Safari 2.0 | Private Browsing | ⌘ Cmd+⇧ Shift+N | |
| 11 December 2008 (2008-12-11) | Google Chrome | Incognito[14] | Ctrl+⇧ Shift+N | ⌘ Cmd+⇧ Shift+N |
| 19 March 2009 (2009-03-19)[15] | Internet Explorer 8 | InPrivate Browsing | Ctrl+⇧ Shift+P | ⌘ Cmd+⇧ Shift+P |
| 30 June 2009 (2009-06-30) | Mozilla Firefox 3.5[16] | Private Browsing | Ctrl+⇧ Shift+P | ⌘ Cmd+⇧ Shift+P |
| 2 March 2010 (2010-03-02) | Opera 10.50[17] | Private Tab / Private Window | Ctrl+⇧ Shift+N | ⌘ Cmd+⇧ Shift+N |
| 18 November 2014 (2014-11-18) | Amazon Silk[18] | Private Browsing | Swipe from the left edge of the screen, then tap Settings and select Enter Private Browsing | |
| 29 July 2015 (2015-07-29) | Microsoft Edge | InPrivate Browsing | Ctrl+⇧ Shift+N | ⌘ Cmd+⇧ Shift+P |
| 13 November 2019 (2019-11-13) | Brave | Private Browsing | Ctrl+⇧ Shift+N | ⌘ Cmd+⇧ Shift+N |
It is acommon misconception that private browsing modes can protect users from beingtracked by other websites or theirInternet service provider (ISP).[19] Such entities can still use information such asIP addresses anduser accounts to uniquely identify users.[19][20] Private browsers oniOS, not created byApple, must adhere to specific standards and regulations to be available on its platform foriPhone andiPad. Specifically, these browsers are required to employ theWebKit framework for rendering web pages. Consequently, third-party browsers cannot use their own rendering engines and must depend on Apple's framework instead. This constraint impacts the range of privacy features that these browsers can provide.[21] This is one of the reasons why some browsers have partly addressed this shortcoming by offering additional privacy features that can be automatically enabled when using private browsing mode, such as Firefox's "Tracking Protection" feature to control use of web trackers (which has since been rolled into a larger "content blocking" function extended outside of private browsing mode), andOpera offering an in-houseVPN service embedded within the browser.[22][9]
Brazilian researchers published the results of a project in which they appliedforensic techniques (namely the Foremost data carving tool and Strings program) to extract information about the user's browsing activities on Internet Explorer and Firefox browsers with their private mode enabled. They were able to collect enough data to identify pages visited and even to partially reconstruct them.[23] This research was later extended to include the Chrome and Safari browsers. The gathered data proved that the browsers' private mode implementations cannot fully hide users' browsing activities and that browsers in private mode leave traces of activities in caching structures and files related to thepaging process of theoperating system.[24]
Another independent security analysis, performed by a group of researchers atNewcastle University, reported a range of potential security vulnerabilities in the implementation of the private modes across Chrome, Firefox, Internet Explorer, and Safari, including that:[25]
Bugs and security vulnerabilities in extensions themselves may also leak personally identifiable data from private mode.[28]
Implementations of theHTML5 FileSystem API can be used to detect users in private mode. In Google Chrome, the FileSystem API was not available in Incognito mode prior to version 76. Toprevent circumvention ofpaywall policies and evasion ofweb tracking scripts used to monetize traffic, a number of websites — includingThe New York Times — have used such behavior to block access to users in private browsing mode, and requiring them to subscribe or log in. Chrome 76 allows the FileSystem API to be used in Incognito mode; explaining the change, Google argued that the ability to detect the use of Incognito mode infringes on users' privacy. However, it was later discovered that the disk space quotas for the API differed between normal and Incognito modes, providing another means by which to detect Incognito users.[29][8][30] Despite statements otherwise by Google, this has not yet been patched. Scripts have also been developed to detect private browsing mode on other browsers, such as Firefox.[31]
In December 2023, Google settled a $5 billion consumer privacy lawsuit that alleged that its practices allowed it to track users in private browsing mode in various browsers.[32]