Most people already know the ” incognito mode ” of the browser, which we also refer to as ” private browsing “, but the reality is that incognito and deprived has little . Opening a tab using this mode only deletes the history and cookies once you close it.
Its only use for many, has become almost a meme: incognito mode is the way to watch porn. So much so that Microsoft Edge could get to activate it automatically when you enter sites like Pornhub. Researchers at MIT and Harvard University want to change that and make private browsing more private .
Incognito mode only tries to erase some of the information that you already collected while navigating
While most modern web browsers have a private browsing mode, the only thing this does is to stop saving the user’s browsing history. However, the data accessed during these sessions can still end up in the computer’s memory , from where a motivated attacker can retrieve them.
The motivation behind this research is that private browsing modes are full of leaks , as Frank Wang, a graduate scientist at MIT and lead author of the research, explains:
The fundamental problem is that the browser collects information and then does its best to solve this. But at the end of the day, no matter what the best effort of the browser, it still collects that information. It would be better if we did not collect that information in the first place.
Meet ‘Veil’
To make private browsing more private, researchers have created a system called ‘Veil’. What this system will do is add protections to users who use shared computers in offices, hotels, business centers, universities, etc.
Veil makes sure that any information that the browser loads in memory remains encrypted until it is displayed on the screen . The user will have to enter the URL in the Veil website instead of in the browser bar, this is so that a special server transmits the version of the requested website translated to the Veil format.
Any browser can show the Veil page, but it is the only site where the encrypted information associated with the data of the page you want to see can be deciphered. The temporary information that is saved when that session ends is harder to track than the incognito mode of the browser .
In addition to this Veil adds a lot of random code and without meaning to the page to drastically modify the source file, this does not alter what the user sees, but it makes it much more difficult for an attacker to find out which page the user visited .
And, if these two measures still do not make the user feel really safe, Veil offers a third more difficult to hack: the Veil server can open the page by itself and take a screenshot . Only the capture will be sent to the user, so no type of executable code goes through your computer.
The only detail that prevents the adoption of Veil is as simple as activating the private browsing that you already know, is that it requires developers to create a version for Veil of their websites .
Making a Veil version of a website is not really the complicated part because the researchers already offer a compiler that does the conversion automatically , but someone else has to make the effort or find out that this exists first, plus there is the cost of Keep the Veil servers that encrypt and decrypt the data.
Veil can offer a private browsing mode that does not depend on the browser , but requires that website managers offer compatible versions of their pages and are willing or able to maintain their own servers, or rely on volunteers or non-profit organizations. Something perhaps complicated, but that has already been done many times on the Internet.