Do you think your girlfriend/boyfriend is cheating on you? Are your children visiting webs and you don’t know anything about?
Many features we find in modern software are very useful, but sometimes, is complicated to know what they actually do.
InPrivate Browsing is of this kind. The name itself drives to confusion. If you haven’t read about it, you might think is a sort of protection over your privacy on Internet.
To complicate the things a bit, the browser even comes with two new modes with similar names, InPrivate Browsing and InPrivate Filtering.
This is what Microsoft tell us about InPrivate Browsing:
“InPrivate Browsing in Internet Explorer 8 helps prevent your browsing history, temporary Internet files, form data, cookies, and usernames and passwords from being retained by the browser, leaving no evidence of your browsing or search history.”
The key point is no leaving traces so there is no possibility someone discover what you are browsing. It seems like the ideal mode to use in a shared PC.
As we can see it doesn’t enhance your personal security but at least prevents others to obtain your browsing history from the computer.
I am going to test if it really does what it claims.
First we are going to erase any evidence, on Internet Explorer go to Tools tab:
Select Delete…, a list of check boxes will appear:
These way the browser history disappears. Just pressing Ctrl + H to see it:
Okay, now I am going to use two programs to try to look for traces.
As you may notice these programs are free. We are now to navigate using InPrivate mode for a web to see if we can find traces. I have chosen BBC site, but it really doesn’t matter.
Here we see how the history browsing looks:
Google appears because is the Home Page but there is no traces of bbc.co.uk at least here.
Using Recuva to find deleted files
Recuva is an awesome tool to find erased files. So, if Internet Explorer has tried to erase his traces just deleting the files we are going to find it.
Before using this software we need to prepare the operating system to show us every file that is in the computer. For this we go to the Control Panel, Appearance and Personalization and select Folder Options. Once you are there select the view tab, check Show hidden files, folder, and drives and uncheck Hide protecting operating system files.
Temporary internet files are stored in a system folder so we need to show these sort of files.
Recuva starts a Wizard when you first open it. We select to look for other files so it will look for all kind of files. You have to select where to find for the files. Temporary files are stored for Windows XP:
%USERPROFILE%\Local Settings\Temporary Internet Files
For Windows Vista, 7:
%userprofile%\AppData\Local\Microsoft\Windows\Temporary Internet Files
If you find this complex you can select the “I’m not sure” option and the software will look everywhere.
The next windows ask if you want to select Deep Scan, you have to check it. This way there are more chances that you find what we are looking for.
Once it’s completed, you have to order the files by date:
Indeed, as you can see is easy to know that someone has been at bbc.co.uk, and you can recover every file that was deleted from the temporary folder.
Maybe, you think that this is not important but it is not complicated to delete those files without leaving traces but Internet Explorer have chosen the generic and more easy way.
Using Index.dat analyzer
Index.dat are files used by Internet Explorer to store information about your browsing objects.
What exactly does this mean?
Index.dat is the method that Internet Explorer uses to control temporary internet files. This way knows if a file is from one web page or another. This file works as a database that informs the program when a web was accessed and every file that was part of that site.
The history also is saved in a index.dat file.
First time you run the program it will look for every index.dat in your system.
If you delete the Browsing History, as we did at the beginning of this article, the information of these files are erased.
But what happens after our test?, remember that Internet Explorer only shows that someone has visited Google.com.
If we select the following file:
%userprofile%\AppData\Local\Microsoft\Windows\Low\Temporary Internet Files\Content.IE5\index.dat
This appears because I typed bbc.co.uk and not www.bbc.co.uk, this is important because if the web page use this sort of links more traces appears. Looks what happens with cnn.com:
I have even found more traces on other file:
%userprofile%\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
I get this last trace because Internet Explorer delete this in a very slow way. It finally gets deleted, but in one case it takes more than a minute to do it.
So InPrivate is not so private after all and you can easy know what have browsed.