With the jump to Windows 10, Microsoft also hoped to say goodbye to their old Internet Explorer browser, one often berated by the tech savvy. In Edge, they included many features that were already staples among rival browsers, one such feature being the InPrivate browsing mode. It has come to light, however, that InPrivate may not be as private as it seems.
Researcher Ashish Singh found that the history of websites visited while using the InPrivate mode can be found by examining the WebCache file on the user’s hard drive. In fact, the browsing history of InPrivate can be found in the same “Container_n” table that stores browsing history from conventional tabs. As a result, if an attacker were able to access the table, they would be able to access the entire browsing history of a user, whether their browsing was done InPrivate or not. Singh wrote in Forensic Focus that “The not-so-private browsing featured by Edge makes its very purpose seem to fail.” The fact remains that this process would be difficult to perform by a regular user or attacker, and anyone wishing to uncover this ‘private’ browsing history would likely need to be skilled in the field and have local access to the target’s hard drive.
Edge is far from the first browser to employ a private browsing mode that is not fully secure and private browsing does often not ensure security. Private browsing features are a privacy feature first-and-foremost, and that one cannot fully protect against the most dedicated of attacks is perhaps unsurprising. The Verge has reported that Microsoft is investigating the results of Singh’s research into Edge “and we are committed to resolving this as quickly as possible.”