Private browsing isn't so private

Advertisement (Why?)

Which websites are you browsing while you are working? Make sure you answer this question honestly, because if not your employer may know that you're lying, thanks to new software offering from forensic software company Paraben.

The software, which is roughly $34,000 for 100 computers, is able to analyze large capacity hard disks and find images that match the criteria of a pornographic image. The software also contains a real time monitor which can instantly alert a system administrator to suspicious activity on workstations.

With the rise of private browsing features in many of the leading browsers, is this software still effective? You may surprised to note that WebWereld, a security firm in the Netherlands, reported that recovering website history from browser, even with such features enable, is 'trivial' and not as difficult as some may think.

The privacy features of Internet Explorer can fail to delete the browsing cache and while the private browsing feature of Mozilla's Firefox does delete the cache, it is easily recoverable by forensic tools such as the offering from Paraben.

Private browsing is a feature designed to keep one's surfing habits private from other users of that computer, not security experts and forensic researchers. While it is easy to be swept away by the claims of privacy, it is important to remember what a difficult thing 'true' privacy is to achieve.

(1 reply) #1 s3n4te on 09 Nov 2008 - 20:49

Does the system detect procrastination as well?

#1.1 KevinRGood on 10 Nov 2008 - 16:05

LoL!!!

(1 reply) #2 Haddaway on 09 Nov 2008 - 20:52

There are Firefox extensions that enable web content to download directly to RAM, avoiding a disk cache altogether.

#2.1 Patchou on 09 Nov 2008 - 21:00

Haddaway said,

Your data will go to "RAM" as long as Windows does not decide that you're short on memory and dumps everything in the page file.

(1 reply) #3 thealexweb on 09 Nov 2008 - 21:05

At 34 grand per 100 computers most companies will not bother.

#3.1 +what on 09 Nov 2008 - 21:49

thealexweb said,

Yeah, as long as the work gets done I don't think many companies would be willing to spend $340 per machine for something like this, especially in the current climate.

(1 reply) #4 Sawyer12 on 09 Nov 2008 - 21:09

Well how does this differ from normal web filtering software like Websense?

#4.1 Nauge on 09 Nov 2008 - 21:57

Dont think there is any difference. Not like the traffic is encrypted at the clients machine...

(1 reply) #5 +tunafish on 09 Nov 2008 - 21:12

nothing really new, if its on a computer it can be recovered unless ofcourse you overwrite it many many many many times.

#5.1 Xinok on 10 Nov 2008 - 02:20

This isn't really true. It's only theoretically possible to recover overwritten data, but has never actually been proven to work.

http://en.wikipedia.org/wiki/Data_recovery...verwritten_data

Although Gutmann's theory may not be wrong, there's no practical evidence that overwritten data can be recovered. Moreover, there are good reasons to think that it cannot.

So a single overwrite of the data should suffice.

(1 reply) #6 stevehoot on 09 Nov 2008 - 21:42

Um, most companies don't rely on local data anyway - they use proxies. The network I manage at work, it's not possible to browse without going through the proxy (default gateway doesn't have a route for the net).
And when you think that the cost is very high for this software.... why bother?

#6.1 barteh on 09 Nov 2008 - 22:12

indeed, such as ISA server.
Sounds to me like they have over spent developing the software.

(3 replies) #7 +TCLN Ryster on 09 Nov 2008 - 22:06

Am I the only one who thinks that a system that promises to leave no traces on your system would work much better if it didn't write to a cache in the first place, rather than rely on a 'cache, then delete' method? Is there some technical reason that says downloaded content HAS to be put into a cache? Why can't it just be downloaded straight to the browser and not stored?

#7.1 Tikitiki on 10 Nov 2008 - 00:07

Computers don't work that way...

#7.2 Mikeyx11 on 10 Nov 2008 - 11:10

Tikitiki said,

That's why we change the computers to work that way

#7.3 +TCLN Ryster on 10 Nov 2008 - 11:54

No kidding, if they did I wouldn't have had reason to comment.

It's perfectly possible to download something straight into RAM without touching the hard disk. If they "don't work that way", then its because the software has been programmed to not work that way. There's no fundemental rule of "Computers" that says something has to be downloaded to disk rather than memory.

Last edited by TCLN Ryster on 10 Nov 2008 - 12:00

(1 reply) #8 Soldiers33 on 09 Nov 2008 - 22:20

whats the point of this?

#8.1 excalpius on 10 Nov 2008 - 02:29

To sell product. No one actually needs this software.

#9 gollux on 09 Nov 2008 - 22:35

Hmm, Transparent Proxy with logging would probably take care of detecting where anyone foolish enough to try "Private Browsing" at work has privately browsed. Also, if they're wasting enough time privately browsing, their productivity suffers enough to bounce them into "Pink Slip" land anyway.

Where you need this is for rooting out overpaid executives with too much time on their hands and too much political power within the organization. They're usually the ones with enough time on their hands to pornsurf while the company goes to hell.

#10 Ledward on 10 Nov 2008 - 00:24

This is so useless. Which firm has time to sit down and analyse their entire network when all they have to do is analyse the logs on their proxy?

#11 bdfortin on 10 Nov 2008 - 00:50

What about Safari? I mean, it was the first browser to have the feature, after all.

#12 redvamp128 on 10 Nov 2008 - 01:50

Nothing is safe if the network has logs enabled -- Private Browsing is not possible...Not sure if they fixed the bug in Safari or not- The bug in question is that it does not track what the computer goes to though it does still accept cookies and even after private data clearing it is still there.

(1 reply) #13 cork1958 on 10 Nov 2008 - 02:23

Whoa!
Somebodies on low quality dope!!

#13.1 redvamp128 on 10 Nov 2008 - 02:29

One would think private browsing would also include the removal of cookies -- Big companies who use server logging can tell you if people are going to questionable sites.

#14 SoulEata on 10 Nov 2008 - 05:47

But can it detect anything under Chrome?

(1 reply) #15 Neo Razgriz on 10 Nov 2008 - 10:50

Can cyber-forensic agents recover data that has been Guttman-wiped?

#15.1 Xinok on 10 Nov 2008 - 16:49

Read my comment above:

http://www.neowin.net/news/main/08/11/09/p...e#comment680482

#16 gollux on 10 Nov 2008 - 18:10

Reality Check. Unless you are overwriting your page file, free space and file slack areas with something like BCWipe and clearing file names of deleted files, none of these "Private Browsing" schemes truly work. Forensics can tell when wiping has been done, the system is too clean. Since you have no control over any sort of traffic analysis and logging, you are living in fantasy land if you think that any number of magics can make your llama porn habit undetectable.

Forensics knows you were surfing llama porn and your system's too clean, well you were destroying evidence and they know to keep a stiff watch on you by other means. You try playing around with evidence eliminators and forensics knows these things leak like a seive so it's really just a waste of time.

The only reason for using any of these schemes is for you to try to hide your llama porn habit from your non-tech savvy parents, partner or boss. But then your boss is able to hire people who can figure out what you're doing, so that moves it back into being only useful for rubes in the home. Your kids probably can figure out how to get into your llama porn stash anyway and have been doing so for years now.

#17 redvamp128 on 10 Nov 2008 - 21:45

Actually even with with wiping-- should your company have the server logs enabled-- they can tell what IP addresses you are going to-- for example... right now even if you are using chrome-- or any other browser the server logs if enabled (which in most business applications have enabled) it would show you are hitting up this IP address ... 209.124.63.219 (www.neowin.net) ... Even if you clear your cache or use private browsing-- still would show up--- most home Internet providers only do pass through monitoring if you goto certain sites-- in other words they take random samples of where you go. Or so that is what my provider states on the form I had to sign in order to get internet. Now should you constantly hit up certain sites-- File Share/ Known Warez sites/ or Music Sharing sites. Then the log will be turned on. But should you be trying to do these things at work-- any good network administrator can set traps to detect unwise behavior and or block them. Yes some may say that using anon browsing -- may be the trick-- most administrators know these sites and well that is a red light on possible shaky internet behavior.

#18 redvamp128 on 10 Nov 2008 - 21:49

Oh and to those people who say my Ip is dynamic and changes daily-- They still can track you by your mac address of your network card.. unless you change that daily as well.

#19 m-p{3} on 11 Nov 2008 - 13:45

Even if Firefox doesn't have a built-in pr0n mode, using it in Sandboxie for a short session help to keep the "browsing" separate from normal sessions.

Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!

Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.

Neowin.net