Private browsing isn’t that private after all, but MIT researchers have an answer

Alan Martin February 26, 2018

Some people clearly put a lot of faith in the little private eye mascot for Chrome’s incognito mode.

Private browsing isn’t that private after all, but MIT researchers have an answer

Incognito, of course, lets you browse the internet without creating a history, should you be doing something that only the computer will judge you for – but that doesn’t mean it leaves no trace whatsoever. The Chrome browser tells you this every time you boot into it, reminding you that your actions could still be visible to your ISP, your employer or school, the websites you visit, and – of course – anyone with line of sight view of your screen.

But there are other ways too – browsers have various leak vectors wide open to give away your identity: the file system, the browser cache, the DNS cache as well as “on-disk reflections of RAM such as the swap file.” These files can remain on your computer for days, and even if browsers knew where they were stored, they wouldn’t necessarily have the authority to delete them.

This is of particular interest to researchers at MIT, who have come up with a solution to make private browsing more, well, private. Their solution is a new framework called Veil.

“Veil was motivated by all this research that was done previously in the security community that said, ‘Private-browsing modes are leaky — Here are ten different ways that they leak,’” said MIT graduate student Frank Wang, the first author on the paper.

READ NEXT: How to access the dark web

“We asked, ‘What is the fundamental problem?’ And the fundamental problem is that [the browser] collects this information, and then the browser does its best effort to fix it. But at the end of the day, no matter what the browser’s best effort is, it still collects it. We might as well not collect that information in the first place.”

How does it work?

The full 15-page paper provides a lot of detail of how Veil works, but the basic gist is that everything loaded into your computer’s memory is encrypted until the moment it appears on-screen. To get a website to display in this manner, you don’t type in the URL, but visit the Veil website and type the URL in there – a blinding server transmits a version of the requested page that has been translated into Veil format.

This looks like an ordinary webpage, and is visible in any browser, but hidden within is a bit of code that executes a decryption algorithm. From there, it is loaded into memory for as long as it remains on screen. Ordinarily, this would provide an opportunity for the determined snooper, but Veil has other fail-safes in place. The blinding server drops a bit of meaningless code to every webpage served, for example. No two transmissions of the same page will look the same on a code-level, and the researchers think that anyone picking up the stray decrypted code would be able to link it to a specific page.

If that still doesn’t seem thorough enough, Veil offers an even more secure solution: the user can request a picture of the website, so no executable code ends up on their computer. If you click anywhere on the image, the browser records the coordinates clicked and returns it to the blinding server which sends an updated image if your action triggered anything – for example, clicking an internal link.

All of these safety measures don’t seem to enormously affect device performance, either. “Experiments show that Veil’s overheads are moderate: 1.25x–3.25x for Veil with encrypted client-side storage, mutated DOM content, and heap walking; and 1.2x–2.1x for Veil in DOM hiding mode,” the paper reads.

What’s the catch?

It seems like a clever solution to a problem that the security-conscious will care deeply about, but there are a couple of hitches. The first is that the framework requires web developers create a Veil-friendly version of their website. The researchers have created a compiler that automates the process, but all the same, it’s hard to imagine websites hostile to privacy taking the time to do so unless user demand becomes overwhelming. Still, the researchers are optimistic that those who wish to be known for their privacy credentials will embrace it.

What’s slightly more of an issue is who pays for the maintenance of the blinding servers. These could potentially be hosted by a network of volunteers, or at the expense of a for-profit company. Alternatively, websites could host their own Veil-enabled versions of websites themselves – which might prove appealing to companies that want to trumpet their privacy credentials over their rivals.