It’s possible that you reached this article purely by chance, or you may have Googled ‘how to change the default search engine in Microsoft Edge’. However you got here, the fact that you’re reading this indicates that you’re either interested in Windows 10’s Edge, or actively use it — and this means there’s something you need to know.
If you fall into the latter camp and use Edge’s InPrivate mode to cover your online tracks, you might want to think about changing your web browser. Edge has already got some stick for its lack of extension support — “it’s coming, it’s coming!” Yeah, whatever… so’s Christmas — but now it turns out that InPrivate mode is a privacy nightmare. It is possible to peak behind the curtain and see which sites have been visited when using a browsing mode that should mask this.
There are similar features found in other browser. Chrome has Incognito mode, Safari has Private Browsing, Firefox has… actually, Firefox has Private Browsing too. Whatever the name, what these browsing modes all have in common is that once the browser is closed, there is no record of which sites have been visited. That’s not to say that ISPs and law enforcement agencies wouldn’t be able to determine the browsing history, but from a local point of view it is as though no browsing has taken place.
But Edge is different.
Somewhat counterintuitively, Edge actually records browsing history in InPrivate mode. More than this, by examining the WebCache file it is a relatively simple task for someone to reconstruct full browsing history, regardless of whether surfing was performed in regular or InPrivate mode. These were the finding of infosec expert Brent Muir.
Over on Forensic Focus, researcher Ashish Singh warns:
The forensic examination of most web browsers has proven that they don’t have a provision for storing the details of privately browsed web sessions. Private browsing is provided for a purpose, i.e. privately browsing the web, which is being delivered.
However, in the case of Microsoft Edge even the private browsing isn’t as private as it seems. Previous investigations of the browser have resulted in revealing that websites visited in private mode are also stored in the browser’s WebCache file.
NOTE: The Container_n table stores web history. There a field named ‘Flag’ will be available. A website visited in the private mode will have a flag value as ‘8’. Generally the purpose of storing this information is to retrieve crashed private sessions.
Therefore any skilled investigator can easily spot the difference and get concrete evidence against a person’s wrongdoings. Plenty of artifacts are maintained by the browser, which makes examination quite easy. However, there are stages where evidence is not so easy to find. The not-so-private browsing featured by Edge makes its very purpose seem to fail.
Microsoft is aware of the problem, and says:
We recently became aware of a report that claims InPrivate tabs are not working as designed, and we are committed to resolving this as quickly as possible.
As is often the case, there is no indication of quite when this might be fixed, but it will be fixed. At some point. But you can’t help but ask how such a fundamental aspect of private browsing could be so fantastically borked. It beggars belief.