research-article

Free access

Your Secrets Are Safe: How Browsers' Explanations Impact Misconceptions About Private Browsing Mode

Authors:

Blase UrAuthors Info & Claims

WWW '18: Proceedings of the 2018 World Wide Web Conference

Pages 217 - 226

https://doi.org/10.1145/3178876.3186088

Published: 23 April 2018 Publication History

All formats PDF

Abstract

All major web browsers include a private browsing mode that does not store browsing history, cookies, or temporary files across browsing sessions. Unfortunately, users have misconceptions about what this mode does. Many factors likely contribute to these misconceptions. In this paper, we focus on browsers» disclosures, or their in-browser explanations of private browsing mode. In a 460-participant online study, each participant saw one of 13 different disclosures (the desktop and mobile disclosures of six popular browsers, plus a control). Based on the disclosure they saw, participants answered questions about what would happen in twenty browsing scenarios capturing previously documented misconceptions. We found that browsers» disclosures fail to correct the majority of the misconceptions we tested. These misconceptions included beliefs that private browsing mode would prevent geolocation, advertisements, viruses, and tracking by both the websites visited and the network provider. Furthermore, participants who saw certain disclosures were more likely to have misconceptions about private browsing»s impact on targeted advertising, the persistence of lists of downloaded files, and tracking by ISPs, employers, and governments.

References

[1]

Gaurav Aggarwal, Elie Bursztein, Collin Jackson, and Dan Boneh. 2010. An analysis of private browsing modes in modern browsers Proc. USENIX Security Symposium.

Digital Library

[2]

Devdatta Akhawe and Adrienne Porter Felt. 2013. Alice in Warningland: A large-scale field study of browser security warning effectiveness Proc. USENIX Security Symposium.

Digital Library

[3]

Hazim Almuhimedi, Florian Schaub, Norman Sadeh, Idris Adjerid, Alessandro Acquisti, Joshua Gluck, Lorrie Faith Cranor, and Yuvraj Agarwal. 2015. Your location has been shared 5,398 times!: A field study on mobile app privacy nudging Proc. CHI.

Digital Library

[4]

Bonnie Brinton Anderson, Anthony Vance, Jeffrey L Jenkins, C Brock Kirwan, and Daniel Bjornn. 2017. It all blurs together: How the effects of habituation generalize across system notifications and security warnings. In Information Systems and Neuroscience.

[5]

Apple. 2017. Safari for Mac: Use private browsing windows in Safari. (March 30,. 2017). https://support.apple.com/kb/ph21413?locale=en_GB

[6]

Apple Safari. Accessed July 7, 2017. Private browsing mode (landing page). (. Accessed July 7, 2017).

[7]

Rebecca Balebako, Jaeyeon Jung, Wei Lu, Lorrie Faith Cranor, and Carolyn Nguyen. 2013. “Little brothers watching you”: Raising awareness of data leaks on smartphones Proc. SOUPS.

Digital Library

[8]

Brave. Accessed 2017. Brave browser. (. Accessed 2017). https://brave.com/

[9]

Cristian Bravo-Lillo, Lorrie Cranor, Saranga Komanduri, Stuart Schechter, and Manya Sleeper. 2014. Harder to ignore: Revisiting pop-up fatigue and approaches to prevent it Proc. SOUPS.

[10]

Cristian Bravo-Lillo, Saranga Komanduri, Lorrie Faith Cranor, Robert W. Reeder, Manya Sleeper, Julie Downs, and Stuart Schechter. 2013. Your attention please: Designing security-decision UIs to make genuine risks harder to ignore. In Proc. SOUPS.

Digital Library

[11]

Aaron Brown. 2015. Watching porn on your internet browser's private mode isn't very private at all. textitExpress. (November 20,. 2015). http://www.express.co.uk/life-style/science-technology/620887/Porn-Online-Private-Incognito-Browser-Mode

[12]

Lorrie Faith Cranor, Pedro Giovanni Leon, and Blase Ur. 2016. A large-scale evaluation of U.S. financial institutions' standardized privacy notices. ACM Trans. Web Vol. 10, 3 (2016), 17:1--17:33.

Digital Library

[13]

DuckDuckGo. January 2017. A study on private browsing: Consumer usage, knowledge, and thoughts. (. January 2017). https://duckduckgo.com/download/Private_Browsing.pdf

[14]

EFF. Accessed 2017. Panopticlick: Is it possible to defend against browser fingerprinting? https://panopticlick.eff.org/self-defense. (. Accessed 2017).

[15]

Serge Egelman, Janice Tsai, Lorrie Faith Cranor, and Alessandro Acquisti. 2009. Timing is everything?: The effects of timing and placement of online privacy indicators Proc. CHI.

Digital Library

[16]

Alicia Eler. 2012. 5 ways to keep Your Google browsing private. textitReadWrite. (April 3,. 2012). https://readwrite.com/2012/04/03/5_ways_to_keep_your_google_browsing_private/

[17]

Steven Englehardt and Arvind Narayanan. 2016. Online tracking: A 1-million-site measurement and analysis Proc. ACM CCS.

Digital Library

[18]

Adrienne Porter Felt, Alex Ainslie, Robert W Reeder, Sunny Consolvo, Somas Thyagaraja, Alan Bettes, Helen Harris, and Jeff Grimes. 2015. Improving SSL warnings: Comprehension and adherence Proc. CHI.

Digital Library

[19]

Adrienne Porter Felt, Robert W Reeder, Alex Ainslie, Helen Harris, Max Walker, Christopher Thompson, Mustafa Embre Acer, Elisabeth Morant, and Sunny Consolvo. 2016. Rethinking connection security indicators. In Proc. SOUPS.

[20]

Xianyi Gao, Yulong Yang, Huiqing Fu, Janne Lindqvist, and Yang Wang. 2014. Private browsing: An inquiry on usability and privacy protection Proc. WPES.

Digital Library

[21]

Google Chrome. 2017 a. Google Chrome privacy notice. (April 25,. 2017). https://www.google.com/chrome/browser/privacy/

[22]

Google Chrome. Accessed July 7, 2017 b. Incognito mode (landing page). (. Accessed July 7, 2017).

[23]

Marian Harbach, Markus Hettig, Susanne Weber, and Matthew Smith. 2014. Using personal examples to improve risk communication for security & privacy decisions. In Proc. CHI.

Digital Library

[24]

Chris Hoffman. 2012. How private browsing works, and why it doesn't offer complete privacy. How-To Geek. (June 30,. 2012). https://www.howtogeek.com/117776/htg-explains-how-private-browsing-works-and-why-it-doesnt-offer-complete-privacy/.

[25]

Balachander Krishnamurthy and Craig Wills. 2009. Privacy diffusion on the web: A longitudinal perspective Proc. WWW.

Digital Library

[26]

Pedro Giovanni Leon, Justin Cranshaw, Lorrie Faith Cranor, Jim Graves, Manoj Hastak, Blase Ur, and Guzi Xu. 2012. What do online behavioral advertising privacy disclosures communicate to users' Proc. WPES.

Digital Library

[27]

David Meyer. 2016. Opera makes major push for private browsing. textitFortune. (September 19,. 2016). http://fortune.com/2016/09/20/opera-vpn-privacy/

[28]

Microsoft Edge. Accessed July 7, 2017. In-Private mode (landing page). (. Accessed July 7, 2017).

[29]

Mozilla. Accessed 2017 a. Add-ons: private-browsing. MDN web docs. (. Accessed 2017). https://developer.mozilla.org/en-US/Add-ons/SDK/High-Level_APIs/private-browsing

[30]

Mozilla. Accessed July 7, 2017 b. Private browsing - Use Firefox without saving history. (. Accessed July 7, 2017). https://support.mozilla.org/en-US/kb/private-browsing-use-firefox-without-history

[31]

Mozilla Firefox. Accessed July 7, 2017. Private browsing mode (landing page). (. Accessed July 7, 2017).

[32]

Nick Nguyen. 2015. The Mozilla Blog: Firefox now offers a more private browsing experience. (November 3,. 2015). https://blog.mozilla.org/blog/2015/11/03/firefox-now-offers-a-more-private-browsing-experience/

[33]

Opera. {n. d.}. Free VPN in Opera browser. Surf the web with enhanced privacy. (. {n. d.}). http://www.opera.com/computer/features/free-vpn

[34]

Opera. Accessed July 7, 2017. Private browsing. (. Accessed July 7, 2017). http://help.opera.com/Mac/12.10/en/private.html

[35]

Yohko Orito, Kiyoshi Murata, and Yasunori Fukuta. 2013. Do online privacy policies and seals affect corporate trustworthiness and reputation. International Review of Information Ethics Vol. 19, 7 (2013), 52--65.

[36]

Kiavash Satvat, Matthew Forshaw, Feng Hao, and Ehsan Toreini. 2013. On the privacy of private browsing: A forensic approach. Computing Science, Newcastle University.

[37]

Florian Schaub, Rebecca Balebako, Adam L Durity, and Lorrie Faith Cranor. 2015. A design space for effective privacy notices. In Proc. SOUPS.

[38]

Chris Smith. 2014. Even Eric Schmidt has no idea how privacy works on one of Google's top products. (December 17,. 2014). http://bgr.com/2014/12/17/eric-schmidt-on-google-chrome-incognito-mode/

[39]

Christopher Soghoian. 2011. Why private browsing modes do not deliver real privacy. Center for Applied Cyber security Research, Bloomington (2011).

[40]

Daniel J Solove. 2005. A taxonomy of privacy. U. Pa. L. Rev. Vol. 154 (2005), 477.

[41]

Andreas Sotirakopoulos, Kirstie Hawkey, and Konstantin Beznosov. 2012. On the challenges in usable security lab studies: Lessons learned from replicating a study on SSL warnings. In Proc. SOUPS.

Digital Library

[42]

Joshua Sunshine, Serge Egelman, Hazim Almuhimedi, Neha Atri, and Lorrie Faith Cranor. 2009. Crying wolf: An empirical study of SSL warning effectiveness Proc. USENIX Security Symposium.

Digital Library

[43]

Janice Y Tsai, Serge Egelman, Lorrie Cranor, and Alessandro Acquisti. 2011. The effect of online privacy information on purchasing behavior: An experimental study. Information Systems Research Vol. 22, 2 (2011), 254--268.

Digital Library

[44]

Blase Ur, Pedro Giovanni Leon, Lorrie Faith Cranor, Richard Shay, and Yang Wang. 2011. Smart, Useful, Scary, Creepy: Perceptions of Online Behavioral Advertising Proc. SOUPS.

Digital Library

[45]

Anthony Vance, Brock Kirwan, Daniel Bjorn, Jeffrey Jenkins, and Bonnie Brinton Anderson. 2017. What do we really know about how habituation to warnings occurs over time?: A longitudinal fMRI study of habituation and polymorphic warnings Proc. CHI.

Digital Library

[46]

Shomir Wilson, Florian Schaub, Rohan Ramanath, Norman Sadeh, Fei Liu, Noah A. Smith, and Frederick Liu. 2016. Crowdsourcing annotations for websites' privacy policies: Can it really work? Proc. WWW.

Digital Library

[47]

Meng Xu, Yeongjin Jang, Xinyu Xing, Taesoo Kim, and Wenke Lee. 2015. Ucognito: Private browsing without tears. In Proc. CCS.

Digital Library

[48]

Bin Zhao and Peng Liu. 2015. Private browsing mode not really that private: Dealing with privacy breach caused by browser extensions. In Proc. DSN.

Digital Library

Cited By

Liu XLi WHou QYang SYing LDiao WLi YGuo SDuan HChua TNgo CKa-Wei Lee RKumar RLauw H(2024)From Promises to Practice: Evaluating the Private Browsing Modes of Android Browser AppsProceedings of the ACM Web Conference 202410.1145/3589334.3645320(1561-1572)Online publication date: 13-May-2024
https://dl.acm.org/doi/10.1145/3589334.3645320
Radivojevic KClark NKlempay ABrenner P(2024)Defending novice user privacy: An evaluation of default web browser configurationsComputers & Security10.1016/j.cose.2024.103784(103784)Online publication date: Feb-2024
https://doi.org/10.1016/j.cose.2024.103784
Kanamori SIkeda MKameishi KHasegawa A(2024)Japanese Users’ (Mis)understandings of Technical Terms Used in Privacy Policies and the Privacy Protection LawHCI for Cybersecurity, Privacy and Trust10.1007/978-3-031-61379-1_16(245-264)Online publication date: 1-Jun-2024
https://doi.org/10.1007/978-3-031-61379-1_16
Show More Cited By

Index Terms

Your Secrets Are Safe: How Browsers' Explanations Impact Misconceptions About Private Browsing Mode
1. Security and privacy
  1. Human and societal aspects of security and privacy
    1. Usability in security and privacy
  2. Systems security
    1. Browser security

Recommendations

Private Browsing: an Inquiry on Usability and Privacy Protection
WPES '14: Proceedings of the 13th Workshop on Privacy in the Electronic Society

Private browsing is a feature in web browsers to prevent local users from gaining information about browsing sessions. However, it is not clear how well people interpret private browsing's functionalities and what are the privacy gains from using it. ...
Exploring the protection of private browsing in desktop browsers

Desktop browsers have introduced private browsing mode, a security control which aims to protect users' data that are generated during a private browsing session by not storing them in the filesystem. As the Internet becomes ubiquitous, the existence of ...
Web security in a windows system as PrivacyDefender in private browsing mode

Recently, due to the advance and development of Internet technology and its development, web browsers have become essential applications. A web browser is not only used to surf the Internet, but also plays an important role as a portable operating ...

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences

WWW '18: Proceedings of the 2018 World Wide Web Conference

April 2018

2000 pages

ISBN:9781450356398

General Chairs:
Pierre-Antoine Champin
Universitè Claude Bernard Lyon 1, France
,
Fabien Gandon
Inria, Université Côte d'Azur, CNRS, I3S, France
,
Lionel Médini
Université Claude Bernard Lyon 1, France
,
Program Chairs:
Mounia Lalmas
Spotify, UK
,
Panagiotis G. Ipeirotis
New York University, USA

Copyright © 2018 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

IW3C2: International World Wide Web Conference Committee

In-Cooperation

SIGWEB: ACM Special Interest Group on Hypertext, Hypermedia, and Web

Publisher

International World Wide Web Conferences Steering Committee

Republic and Canton of Geneva, Switzerland

Publication History

Published: 23 April 2018

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

WWW '18

Sponsor:

IW3C2

WWW '18: The Web Conference 2018

April 23 - 27, 2018

Lyon, France

Acceptance Rates

WWW '18 Paper Acceptance Rate 170 of 1,155 submissions, 15%;

Overall Acceptance Rate 1,899 of 8,196 submissions, 23%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

26
Total Citations
View Citations
3,472
Total Downloads

Downloads (Last 12 months)1,294
Downloads (Last 6 weeks)197

Reflects downloads up to 19 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Liu XLi WHou QYang SYing LDiao WLi YGuo SDuan HChua TNgo CKa-Wei Lee RKumar RLauw H(2024)From Promises to Practice: Evaluating the Private Browsing Modes of Android Browser AppsProceedings of the ACM Web Conference 202410.1145/3589334.3645320(1561-1572)Online publication date: 13-May-2024
https://dl.acm.org/doi/10.1145/3589334.3645320
Radivojevic KClark NKlempay ABrenner P(2024)Defending novice user privacy: An evaluation of default web browser configurationsComputers & Security10.1016/j.cose.2024.103784(103784)Online publication date: Feb-2024
https://doi.org/10.1016/j.cose.2024.103784
Kanamori SIkeda MKameishi KHasegawa A(2024)Japanese Users’ (Mis)understandings of Technical Terms Used in Privacy Policies and the Privacy Protection LawHCI for Cybersecurity, Privacy and Trust10.1007/978-3-031-61379-1_16(245-264)Online publication date: 1-Jun-2024
https://doi.org/10.1007/978-3-031-61379-1_16
Nisenoff ABorem APickering MNakanishi GThumpasery MUr BCalandrino JTroncoso C(2023)Defining "broken"Proceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620440(3619-3636)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620440
Guo WWalter JMazurek MCalandrino JTroncoso C(2023)The role of professional product reviewers in evaluating security and privacyProceedings of the 32nd USENIX Conference on Security Symposium10.5555/3620237.3620381(2563-2580)Online publication date: 9-Aug-2023
https://dl.acm.org/doi/10.5555/3620237.3620381
Herbert FBecker SSchaewitz LHielscher JKowalewski MSasse AAcar YDürmuth M(2023)A World Full of Privacy and Security (Mis)conceptions? Findings of a Representative Survey in 12 CountriesProceedings of the 2023 CHI Conference on Human Factors in Computing Systems10.1145/3544548.3581410(1-23)Online publication date: 19-Apr-2023
https://dl.acm.org/doi/10.1145/3544548.3581410
Shusas ESkeba PBaumer EForte A(2023)Accounting for Privacy Pluralism: Lessons and Strategies from Community-Based Privacy GroupsProceedings of the 2023 CHI Conference on Human Factors in Computing Systems10.1145/3544548.3581331(1-12)Online publication date: 19-Apr-2023
https://dl.acm.org/doi/10.1145/3544548.3581331
Rajan SSharma N(2023)Electronic and Remote Voting Systems: Solutions to Existing Problems – An Experimental Approach to Secure Voting Platforms on EndpointsBig Data Intelligence and Computing10.1007/978-981-99-2233-8_13(178-193)Online publication date: 1-May-2023
https://doi.org/10.1007/978-981-99-2233-8_13
Balendra UMaqsood S(2023)User Motivations of Secure Web BrowsingHCI for Cybersecurity, Privacy and Trust10.1007/978-3-031-35822-7_28(419-434)Online publication date: 23-Jul-2023
https://dl.acm.org/doi/10.1007/978-3-031-35822-7_28
Do YMoon SChang M(2022)ParaSight: Enabling Privacy-preserving Sensing Data Sharing via Device-to-device Utterance-based CommunicationExtended Abstracts of the 2022 CHI Conference on Human Factors in Computing Systems10.1145/3491101.3519757(1-6)Online publication date: 27-Apr-2022
https://dl.acm.org/doi/10.1145/3491101.3519757
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

HTML Format

View this article in HTML Format.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Media

Figures

Other

Tables

View Table of Contents