I'm betting this isn't a bug but isn't malicious either. Possible scenario:
Product: So Sue, how's the restore-session-after-crash feature going?
Dev: Great, just about done.
Product: So it's working for all sessions now? Fantastic!
Dev: Yep! Well, all sessions except private ones of course.
Product: ... so you haven't finished private sessions yet?
Dev: No, it's just that we don't store anything on disk for them, so there's nothing to restore.
Product: ...
Dev: ...
Product: Users don't know what "stored on disk" even means. They're going to be very upset if we lose their work after a crash, just because the session happened to be private. Maybe even more so.
Dev: But with nothing on disk, that would be impossible.
Product: You devs have such a fixed mindset. If I had a penny for every time I'd heard one tell me something was "impossible." So store what you need on disk, and ...
Dev: But history ...
Product ... and flag it so it doesn't show up in history or as a visited link. Wouldn't that work?
Dev: Well, kind of, but ...
Product: Great! So we have a solution. How long to get that coded up?
I actually wouldn't be surprised that a similar scenario occurred during development. There are stupid decisions made constantly. Even the place I work, our Chief Security Officer in charge of security asked me to remove all authentication from all printers with email function so that it won't affect user's workflow... on top of that, I'm told to allow users to type in the "From" field as well.
I'm about to scan my butt to the CEO and type in the CSO's email address in the From field just to prove my point....
If you don't have some sort of card + short-pin access to the scanner (or something else that's minimally interrupting), auth is an incredibly annoying thing. I mean, what's the threat vector here? Scanned butts? I think people will survive.
Everyone's supposed to have some fancy alphanumeric-with-special-characters password and sit there in front of the machine copying it in slowly from their LastPass. No, thank you.
Considering we're in healthcare business... I can see problems. We are working towards implementing a badge-in option but wont begin testing until this summer.
This explanation made me giggle and cry a little. It also made me think of the quote from Scott Hanselman, "We're not nearly as organized as we'd need to be to be as evil as you might think we are."
Microsoft is thought of as this hugely evil company, but I don't know, maybe they are just as disorganized as every other company I've worked with and the product owner doesn't understand their customers all the time. The key is some comapanies I've worked for pivot fast and fix things they see as a mistake. Others try to bury and hide it.
Are they going to kill my pappy this time? I don't think so, but we'll see.
I actually think that Hanlon's Razor goes too far. Allow me to present Kibwen's Corollary to Hanlon's Razor: "never attribute to stupidity that which is adequately explained by apathy".
When you try to open closed tab back (ctrl+shift+T), Chrome does not open it. I thougt this is a good way of handling history in private mode, you close the tab and everything is gone. However when I tried same thing on Firefox, I saw that Firefox happily opens the closed tab back, which surprised me. So I think while trying to find a balance between usability and privacy, browser vendors choose different paths.
Chrome fires up a separate thread for each tab. So any information about that tab is lost once the tab, (and thus sandbox) closes. No information specific to the tabs is stored in the window unless explicitly done (like bookmarking). Thus, the session history is stored inside that sandbox, so it's gone once it's closed.
Firefox is maintaining a window with tabs within it. So it can still keep your session info for each tab stored at the window level and restore it even after a tab is close.
While Chrome does forget about the history of the closed tab, cookies are shared across incognito tabs/windows and aren't wiped until all incognito tabs are closed. You can still be tracked and associated with anything you visited in that closed tab if you have other tabs open.
Exceeeeept, Edge doesn't restore those sessions or evidently do anything with this data, suggesting a regression on how the tab history is handled.
I mean, good story. 6 years ago it might have even been realistic for ms. These days, the middle level product manager who did that would rapidly find themselves on a high speed track to a new employer.
The Edge team isn't a bunch of faceless goons. Heck, a lot of them are really active in the browser development community and you can see they're trying really hard.
As much fun as it is to carry on the Slashdot tradition and make fun of every bug at MS as indicative of a toxic and stupid culture, maybe that's not entirely appropriate anymore.
I mean, it's not like Firefox and chrome haven't had bugs in this vein before. Hell, neither can fully protect repeatedly visited private urls on Android either.
> As much fun as it is to carry on the Slashdot tradition and make fun of every bug at MS as indicative of a toxic and stupid culture, maybe that's not entirely appropriate anymore.
But betanews wouldn't have very much to write about....
I don't know if this is the case, but I definitely understand how it could happen.
Chrome's Incognito mode has the exact behavior of not supporting things like session restore and closed tab reopening. It's kind of annoying for those of us who occasionally use Incognito windows like a convenient transient separate profile (specifically "give me a different cookie jar because some site's login is broken"), but I think the loss of functionality is worth it given what the mode is actually /for/.
It makes me wonder though if it'd be worthwhile having a mode that gives you a separate cookie jar but keeps the browser settings otherwise identical (bookmarks, suggest, etc). I suspect the distinction is too subtle for most people however.
I used to use it for that but now with chrome profiles I've setup a new person for that called Mr Debug. It's good in that I can enable different extensions, ones that I wouldn't have enabled normally and disable the ones that interfere with dom inspections (looking at you Evernote).
Microsoft makes a huge amount of money from enterprise sales. I would see how large companies would be worked up if employees could use private mode browsing to circumvent monitoring. I fear (without any evidence) that private browsing mode would be a tough feature to push in the enterprise space.
Monitoring in an enterprise environment (for browsing) works on a network level; even SSL sites are monitored by on-the-fly certificates that are trusted by the users machine. There's no need to persist history to disk for an IT team to capture that information.
My favorite days are the one where central IT screws up the system, and we get certificate errors everywhere we go. Uh, do you think they're tracking us and snooping all supposedly secure communication? Naaaaaah. Luckily, I avoid most of those days working from home and NOT using the VPN. I SHOULD make sure I never log into something I care about (like iCloud) while on their network. The problem is that I can't get reception on my cell phone inside the building.
thats looking at it from the best possible way. The way windows 10 has gone so far I really doubt which is which. Maybe they knew and didn't want people to find out. They also don't seem to give a shit about what people actually want.
I can't believe how stupid Microsoft is. This is never a bug. You can't be that amateurish.
They've just started earning some trust and respect from the users and then this. Also, the Windows 10 privacy nebulosity. Why not just leave the user's privacy alone? There's still enough business with Windows itself. No need to be so greedy and try to compete with Google.
How shall I trust Microsoft enough to put my data on Azure? Or by a Windows 10 phone?
So stupid. What the hell did they want to do with private browsing data? Was it worth it?
Really? This is an extremely easy bug to write, and given the way Microsoft APIs tend to work, I'd bet the layering of their code made it difficult to spot.
You have a process that needs to work for, in its mindset, "all tabs," which tries to recover them after a browser crash. You have a different flag on these tabs which is supposed to signal that disk-writing and history are not stored. Sounds easy, but the reality is that there are probably dozens of parts of the code that could potentially write recoverable history. Cookies, cache data for images and resources, the normal history writing functions, those are all the obvious ones to check. The anti-crash feature? Yeah, I can see it being missed.
Yes, their security audits should have caught this, but don't call it an amateurish bug simply because it seems obvious in hindsight.
(Though to be entirely fair, this is also why I won't use Microsoft products. If a reporter hadn't called them out on it, would it ever have been fixed?)
>Really? This is an extremely easy bug to write, and given the way Microsoft APIs tend to work, I'd bet the layering of their code made it difficult to spot.
The only way security issues are ever fixed is when reporters call them out on it.
Or do you think Stagefright on Android would have ever been fixed if the exploit wasn't publicly disclosed? The threat of public disclosure is the only thing security researchers have as leverage to get a company to do the right thing.
It's more obvious now, but I think it has been quite a process from day one and still a lot of customers don't understand how they pay for the services google provides.
EDIT: Quote
> But Google is planning to scan e-mail and add advertisements that it thinks are relevant to the messages. Additionally, the Gmail privacy policy warns that messages, even if "deleted" by a user, may still be stored in the system, even long after users have closed their account--something that some privacy campaigners believe may be in conflict with U.S. and European data protection and privacy laws.
Article about privacy right there. I talk with people and they always say Google was forced into reviling they read people's gmail. Wasn't true.
> People were 100% aware of gmail and its privacy since day one.
I think that statement is too general. From where I was sitting, it looked like people didn't think about privacy at all, and the only thing they were saying was "Holy shit, this is free!" Are you sure the people you tend to talk to are representative of the general population?
I don't know seems very basic to me. They removed the ability to display ads off on the Administration Panel and they no longer will be mining data from student emails. Why is it MUD if it was an option to turn on ads?
They hid and lied about the facts about ad tracking of Education and Apps emails etc. until they were forced to testify about it in federal court and no one was clued into it. Once they got caught tracking and making money on it for many many years they rolled back some stuff. How is that clear communication?
Or how is that "Google has been very upfront on exactly how their business model works with users since day one." ?
> Google is planning to scan e-mail and add advertisements that it thinks are relevant to the messages.
I remember when people were scandalized by this, a minority in my circle but it was funny. Of course they were going to do that, what did they expect. I think Google is "evil" now for other set of reasons though.
It's still not in the TOS today. You can read Google's privacy pages today in vain for a mention of "we read all of your incoming and outgoing email and sell the information to companies so they can target ads at you".
The closest statements are mealy-mouthed ones along the lines of "we collect information about how you use our services and use that information to improve our services". Which is true of every single business in the history of the world.
> The closest statements are mealy-mouthed ones along the lines of "we collect information about how you use our services and use that information to improve our services".
> Our automated systems analyze your content (including emails) to provide you personally relevant product features, such as customized search results, tailored advertising, and spam and malware detection.
The profits were down in the GAAP numbers which involved Microsoft deferring $1.9 billion in revenues. In the non-GAAP (traditional) numbers, revenues were down 2 percent but profits up by 8 percent. This is why the shares jumped in after-hours trading.
Otherwise, yes, revenues in the More Personal Computing division were down (with the PC market) while Intelligent Cloud division revenues were up slightly.
"As part of a potentially explosive lawsuit making its way through federal court, the giant online-services provider Google has acknowledged scanning the contents of millions of email messages sent and received by student users of the company’s Apps for Education tool suite for schools. In the suit, the Mountain View, Calif.-based company also faces accusations from plaintiffs that it went further, crossing a “creepy line” by using information gleaned from the scans to build “surreptitious” profiles of Apps for Education users that could be used for such purposes as targeted advertising."
"A Google spokeswoman confirmed to Education Week that the company “scans and indexes” the emails of all Apps for Education users for a variety of purposes, including potential advertising, via automated processes that cannot be turned off—even for Apps for Education customers who elect not to receive ads. The company would not say whether those email scans are used to help build profiles of students or other Apps for Education users, but said the results of its data mining are not used to actually target ads to Apps for Education users unless they choose to receive them."
...
"Student-data-privacy experts contend that the latter claim is contradicted by Google’s own court filings in the California suit. They describe the case as highly troubling and likely to further inflame rising national concern that protection of children’s private educational information is too lax."
"Mr. Thiele said his district has used Google Apps for Education since 2008. Officials there have always been aware that the company does “back-end processing” of students’ email messages, he said, but the district’s agreement with Google precludes such data from being used to serve ads to students or staff members. As long as the company abides by those terms, Mr. Thiele said, “I don’t have any problem with it.” In an emailed statement provided to Education Week, Bram Bout, the director of Google Apps for Education, said that “ads in Gmail are turned off by default for Google Apps for Education and we have no plans to change that in the future.”"
...
"Those plaintiffs in the California lawsuit allege that Google treats Google Apps for Education email users virtually the same as it treats consumer Gmail users. That means not only mining students’ email messages for key words and other information, but also using resulting data—including newly created derivative information, or “metadata”—for “secret user profiling” that could serve as the basis for such activities as delivering targeted ads in Google products other than Apps for Education, such as Google Search, Google+, and YouTube."
"The plaintiffs allege that Google has employed such practices since around 2010, when it began using a new technology, known as Content Onebox, that allows the company to intercept and scan emails before they reach their intended recipients, rather than after messages are delivered to users’ inboxes, regardless of whether ads are turned off."
"While the allegations by the plaintiffs are explosive, it’s the sworn declarations of Google representatives in response to their claims that have truly raised the eyebrows of observers and privacy experts. Contrary to the company’s earlier public statements, Google representatives acknowledged in a September motion to dismiss the plaintiffs’ request for class certification that the company’s consumer-privacy policy applies to Apps for Education users. Thus, Google argues, it has students’ (and other Apps for Education users’) consent to scan and process their emails."
"In November, Kyle C. Wong, a lawyer representing Google, also argued in a formal declaration submitted to the court in opposition to the plaintiffs’ motion for class certification that the company’s data-mining practices are widely known, and that the plaintiffs’ complaints that the scanning and processing of their emails was done secretly are thus invalid. Mr. Wong cited extensive media coverage about Google’s data mining of Gmail consumer users’
>Mr. Wong’s inclusion of the following reference to the disclosure provided to students at the University of Alaska particularly caught the attention of privacy advocates: The University of Alaska (“UA”) has a “Google Mail FAQs,” which asks, “I hear that Google reads my email. Is this true?” The answer states, “They do not ‘read’ your email per se. For use in targeted advertising on their other sites, if your email is not encrypted, software (not a person) does scan your email and compile keywords for advertising. For example, if the software looks at 100 emails and identifies the word ‘Doritos’ or ‘camping’ 50 times, they will use that data for advertising on their other sites.”
“The fact that Google put this in their declaration means we take it as true,” said Ms. Barnes of the privacy watchdog group EPIC. Google’s sworn court statements reveal that the company has violated student trust by using students’ education records for profit.”
From a Google filing in court about Gmail privacy:
>Indeed, “a person has no legitimate expectation of privacy in information he voluntarily turns over to third parties.” Smith v. Maryland, 442 U.S. 735, 743-44 (1979).
>it's "inconceivable" that someone using a Gmail account would not be aware that the information in their email would be known to Google.
If you play devil's advocate and assume Microsoft's excuse then this seems to expose a staggering disregard for product quality. It lines up with similar things coming out their windows mobile department this year, it is a common sign in software companies with a lack of focus, working aggressively/quickly on too many things at the same time.
>This is never a bug. You can't be that amateurish.
As someone who has been a sysadmin for a decade in environments that are at least 50% MS, I can tell you that, yes, they can be that amateurish and usually are. In other words, Hanlon's razor.
Microsoft, even at its best, is definitely a 'wait for SP1 before putting in production' company. Now with Nadella, they're even worse, and Win10 was clearly rushed to stop the poor publicity of Win8. Win10 won't be fully cooked until 2017-2018 at this rate.
Also, history of this happening in Chrome and Firefox:
Lastly, you have to be a fool to think private modes save you from any kind of snooping. At best, they just make purging history easier. At worst, they give people a false sense of security. Your stuff is sniffable all down the line unless you're using a VPN or Tor.
They may not care about the government snooping on them, or that they're tracked by ad retargeting companies, but everyone who uses private browsing mode does care about it being private and not leaking a list of the porn sites they've visited. This will put people off using Edge.
If you are concerned about Windows 10 instrumentation and Privacy I strongly advise you to not use OSX.
You can watch it send many of the same signals.
EDIT: Very confused why this post was downvoted. The post above is clearly concerned about privacy and the topic is very relevant. It's also true, and trivially verifiable.
So my question is: did Microsoft do this on purpose, or was it simply a failure in software design?
I'd like to think the latter, but the fact that Win 10 has had well documented privacy issues already, and the fact Microsoft is probably the most experienced and among the most well funded browser development companies in the world, I get a bit skeptical. A private mode that still writes history WebCache. Did they really overlook that?
Windows is the most used desktop OS and Microsoft has a history of conspiring with nation state adversaries. It's not implausible that the NSA and GCHQ would ask Microsoft to slip in a few bugs here and there that makes surveillance much easier.
Remember: This is the company that took an end-to-end-encrypted communications platform (Skype) and completely turn it around into a mass surveillance platform by being the first to join PRISM. It's the same company that builds a full disk encryption system (BitLocker) that sends your encryption keys back to Microsoft's servers. And finally, it's the same company that pushed for an "always on" HD webcam and microphone bundled with an "always online" video game console.
>It's the same company that builds a full disk encryption system (BitLocker) that sends your encryption keys back to Microsoft's servers
Every time someone says that as though it's not the absolute correct thing for MS to do given it's standard home-user technical level/expectation I'm super confused. I would expect it to be possible to turn that off, but you can be damned sure that swathes of their users expect to be able to ring MS when they forgot their bitlocker key.
>it's the same company that pushed for an "always on" HD webcam and microphone bundled with an "always online" video game console.
They want you to always be able to use voice and gesture controls with your console - because if you have to stand up and press a button to turn the damned thing on then what's the value in half the functionality?
I'm confident MS are actually more interested in their profit margins than they are by any conspiratorial opportunities with the security services. Casting the latter as their primary motivation all the time is disingenuous.
How do you even do this? It was hard enough to report a bug as an MSDN subscriber. I don't think they have a vast array of consumer support phone agents, or if they do they keep the number very quiet.
It can't be a bug. I can't think that the designers when implementing a privacy mode would think, oh let's store all of that in the primary cache or let's store the history there. Unless Microsoft employs some complete idiots.
Probably more that they never intended this mode to be secure.
On the other hand, a lot of users only expect that their loved ones cannot access their porn browsing history — this is the common user story for privacy mode. If this feature was designed from that perspective, rather than a leave-no-trace-behind philosophy, this kind of behaviour is entirely plausible.
Not that I would recommend a Microsoft browser when you want privacy; or their OS for that matter.
I am not suggesting Edge does a good job, just that it was probably not intended to do a good job.
...like many other Windows 10 features. Like someone in Redmond thinking: oh let's have two control panels for several years and progressively move stuff from one to the other so that users can never become familiar with our UI!
Is that what Chrome does? It seems like it has an in-memory session that stays intact unless all incognito windows are closed. When I login somewhere, close all but one incognito tab and then navigate to that website again, my cookies are still there.
Also let's hope they aren't sending different headers like DNT etc. when in private mode, which would make fingerprinting a lot easier.
Yes, but it's shared between different sites within your "incognito" session. Open an incognito window, log in to Google, then go to some other place, and your Google login information is seen by that site.
What do you mean by "your Google login information is seen by that site" because I can't think of anything it could correctly mean, even in non-incognito mode.
Or login to Gmail. Open another tab to read Hacker news, not logging in. Close your incognito Gmail tab. Read HN. Forget that you ever were in Gmail. Then leave HN and go to some other, completely different website that allows Google login. You'll get in there without another Google login; the incognito session remembers you.
You could make an argument whether you want one session per tab or one per window, but yes. Sharing state between "incognito" instances is both counterintuitive and potentially harmful.
I think the current approach is that there is just one regular and one incognito instance. So as long as any incognito tab is alive, your session is potentially alive as well.
This allows us to move tabs across Windows. How would we do that with one session per tab or per window? Also what happens when user opens link in new incognito window?
But it does seem to be shared between all incognito tabs in all incognito windows (including in further new incognito windows) until you close all incognito tabs/windows. This is not necessarily what users expect. New incognito window should mean NEW && INCOGNITO!
It can handle a single incognito session per profile. If you start another one from a window belonging to a different profile, you'll get a different session. (And you can tell them apart because they copy some of the theming and appearance settings from the profile they were created from.)
Why are you assuming the control flow works like that? I'd bet it works exactly the opposite way: there is a "normal" code path, and private mode is a flag that disables certain things.
If you're relying on "private browsing" or "incognito mode" to protect you from nation state adversaries you're gonna have a bad time. This is a poorly implemented feature, not something meant to penetrate your tin foil hat.
When you say 'nation state' do you mean the USA? Because the USA is pretty much the polar opposite of a nation state.
Nation states are states which are also nationalities, with people generally sharing a common ethnicity and language. That's totally the opposite of the 'melting pot' of the USA.
Nations and nationalities did not exist before the 19th century. Imagining that the people of any nation shared "a common ethnicity and language" required forgetting centuries of history.
If they did it on purpose, who exactly did they do it for? The NSA/GCHQ already record all internet traffic, so they don't care whether or not you are using a 'private' mode to browse the web, it makes no difference to them.
Would company that has highest standards about software testing, design and security, cooperates with NSA and GCHQ, spreads FUD about Linux/UNIX and uses EEE tactics to destroy other projects/standards like PDF, email clients, Java and makes money on collecting user data do it by accident?
I could be totally wrong and I'm going to get downvoted for this but...
Regardless of the browser, "private mode" is kind of a misnomer. You're still hitting the websites and unless you're using Tor, this can be easily logged by whoever has control of the LAN/router.
The point of "private mode" is to avoid logging to browser history so that someone can't casually inspect what URL's a user has visited (eg, when hubby wants to visit websites that wifey doesn't approve of). The problem here is that MS is storing the browser webcache even in private mode and it is relatively easy to get to it?
If so, the solution is to publicize this issue and microsoft will likely fix the problem. Then hubby will need to worry about wifey interrogating the router.
It just seems like an oversight and not a big deal in terms of privacy and security.
Indeed, and it's odd that the Android keyboard disclosures of visited private mode browsing (for all browsers) don't garner a snarky article ("Christmas is coming", etc).
If you don't fancy what Microsoft is doing lately, support an alternative. If *nix can not fit the bill because of a dependence of some sort on Windows, support ReactOS. ReactOS is supposed to launch a major version these days (from 0.3.X to 0.4) and then aim for beta stability. The chance of ReactOS becoming real lies in our collective support.
Our collective support of using Windows NT4.0-Windows 2000 graphical interfaces? I apologize for being abrupt, but nobody is going to use this operating system in this day and age.
The skinning itself is not that hard. ReactOS already has theme support and further work in this direction can be done anytime to cover more elaborate UI demands. After all it's an open-source project not Microsoft here. It's alright to be honest and assertive, even more so when it's conveyed in a straight manner (i.e. "abrupt"), no need to apologize for it.
Microsoft being a software company is amazing. There are plethora of issues with MS core products like Edge, OneDrive, Store not to mention the release of Windows 10 mobile in alpha state for some of their phones. It's just mind-boggling how broken software can a software company ship and show no signs of caring at all beside the generic responses.
I was thinking about this earlier, and while I've been in the industry ~8 years, I've only worked at two companies, and they've both had some pretty fundamental dysfunctions from a strategy/leadership/management perspective (e.g. projects building software that no one likes/uses, major flaws in delivered products, huge delays/delivery slips), that I want to see what a "successful" company looks like.
But then I thought some more, and I don't know if any companies actually do this correctly.
Do companies exist that can deliver on projects at a fairly steady clip with teams that build solid products generally on time and within budget? Or are we all just floundering around, making buggy apps that take forever to release and don't solve any problems, except for the lucky few who can get everything to harmonize out of sheer statistical happenstance?
The few companies I worked in and with, and all the code I've seen, points to the latter case - most of us are delivering utter disasters, thanks to the mix of technical errors, management errors, shifting priorities, internal politics and time constraints.
Agreed and same. It's my opinoin that this issue is underdiscussed and that the mess that is often delivered is rationalized by "methodology" and "it's not our fault our requirements force us to deliver this".
But whatever the reason or rational, every time a story breaks about another security exploit or privacy exploit I read that as a condemnation on our profession.
In other professions, part of the certification process is gaining a basic level of understanding of the ethics one is judged against when associating one's work with that of the larger trades group, guild, or association. Often it is well understood that, to some extent, the topic is simply being paid lip service. But,it is also understood that those ethics draw a bright line which those the association serves will not tolerate when openly crossed. Take for instance investment professionals. Everyone knows insider trading happens and it's not uncommon to put profit before fiduciary duty, but when those lines are openly or egregiously crossed it is not tolerated under threat that the understanding between the client and advisor that minor infractions will be tolerated will no longer be honored.
The software engineering profession lacks this basic ethical covenant with its customer. Just look at the utter lack of product warranties. Sure there are SLAs, but there are virtually no warranties. And it shows.
As software begins to function more and more as the linchpin of our society, this issue will morph from technical debt to an Achilles heel. We complain about anachronistic laws. What about anachronistic code? We complain about absurd laws. What about absurd code? It's just as dangerous.
I'm not so sure about that. Almost every time I update IDEA I get an annoying bug. For example, on last major update something broke and dialogs/popups wouldn't display. I couldn't close the editor because of this. When I tried to close the windows a confirmation popup should show up, but due to the bug nothing was happening. To me, being able to close an application without having to kill the process seems like a critical feature, yet it somehow was not noticed during testing.
What I'm trying to say is that if you're serious about finding issues no project/product is safe from you :)
I experience ridiculous bugs in Microsoft, Apple, and Google products. It's happened at different rates, but quality control for all three companies has really plummeted in my limited experience.
Hangouts, iOS, Win 10, and Android (on a Moto X) have all been surprisingly buggy for me. If there were a company that prioritized stability and QA over anything else, I'd certainly switch to that for my phone. I thought buying a Google-made or Apple device would solve that problem, but I was wrong.
Private mode in a web browser isn't security, and the idea that Microsoft slipped this in at the insistence of the NSA, which has much better tools to track what websites a computer visits that doesn't require access to the local machine, is laughable.
To me the neatest thing about this is that since all the major browsers are evergreen (self-updating), while yes, this is a bug and one that seems like the kind that provokes further investigation, it should be fixed and delivered really soon and be a non-issue in a few days. (I think. If this self updating stuff works as well as I think it does.)
> “We recently became aware of a report that claims InPrivate tabs are not working as designed, and we are committed to resolving this as quickly as possible.”
I recently had a bug in Firefox Android which leaked information: after closing a Private Browsing window, if I went to Settings -> Apps, then "Show Cached Processes", then chose Firefox and clicked Stop, to remove it from Android's cache, after opening Firefox again, it would display the closed Private Session from before. Strangely enough, the private session only showed up if I removed Firefox from the cached applications, otherwise it would behave normally (that is, the closed session would not be readily accessible from Firefox).
I was going to report it, but by then version 44 was already available, and it fixed that bug.
But, well, if even Mozilla can make such mistakes, Microsoft surely can too.
I think the current best option for privacy-conscious users working with Windows 10 is to install Windows 10 LTSB version[1]. It doesn't contain Cortana, Store, all those fancy widgets, universal apps, IE Edge, and forced updates.
"The current best option for privacy-conscious users working with Windows 10 is..." to re-partition the hard drive and install another operating system.
Don't forget Windows updates can update your CPU microcode. It's probably best to buy a device that doesn't come with Windows preinstalled. E.g. you can buy Lenovo notebooks that are 100$ cheaper and come with a DOS clone instead.
This is why I hate sites like Facebook exposing a thousand "settings" to "control" my privacy; any one of them is just a small bug away from not doing what it claims to do. And the more stuff that's going on, the less likely it is that I may notice when something has slipped through that shouldn't have.
These privacy mechanisms should be far simpler, vetted for security, and ubiquitous. Consider the physically separate "secure element" chip on your phone that stores data in a way that nothing else can possibly reach, for example. It should be accepted practice in the software industry that your new app doesn't just get to invent some way of storing potentially-sensitive information; there should be a clear place to toss it in a vault under user control, where the user can see everything you have stored even if your application isn't open (e.g. OS X Keychain).
And yes, this is an argument again for open-source software. Proprietary secrets be damned, there's nothing special about a web browser anymore. The code should be visible so as many people as possible can ensure it is correct.
I wonder if it has something to do with the fact that they are tabs. Either way, I really miss private tabs in chrome-ish browsers. They were better for regular use than a separate window I think.
What is missing in todays browsers is handling multiple profiles/sessions per browser window. I'd like to open my three gmail accounts in three separate tabs without them knowing about each other. That would simplify a lot of scenarios.
I skipped to the FAQ and wow, this is not a win at all for people who desire privacy (i.e. the people interested in this HN comment thread, in theory).
Ah, another browser to keep an eye on. In a good way. What else is there that is worth checking out? I.e. not a 1:1 chrome/ff clone with one extension integrated.
https://vivaldi.com/ (they push a few new things, it's closed source.. and rather taxing on performance)
Definitely not logged in unless you open that page from an already logged in tab. I'd prefer every new tab to have unique session unless it's a child of another tab.
Seconded! For example, in the case of running two or more gmail sessions -- contrived, but I've had to do this before -- Firefox's private windows are no longer suitable because for some reason they share state with each other.
I would also prefer each external link to be opened in a private tab. Ideally with a whitelist that would allow domains to be opened in "public" profile. I somewhat handle this by two separate browsers now.
I think those "tree tabs" extension would be great to separate these groups even visually. So each root node is a separate session for example.
You can't do it in tabs in the same window, but with IE you can have as many sessions that aren't aware of each other in separate windows: File | New Session.
It is one of the few things IE gets better (and has for a long time) than Chrome or Firefox where a single OS-level user can have at most two distinct sessions at any given time: one private and one not. It can be very handy from a development PoV when testing multi-user workflows in your application.
One caveat: if the site/application uses saved cookies rather then those set to expire at the end of the current session they will still interfere with each other when opened this way as saved cookies (those with an explicit expiry date/time) are considered global (with respect to the OS user) rather than local to the browser session.
I've not checked if this feature has carried into Edge. The clients I support are so backward that I'll not need to test against that this decade!
Fairy nuf. But that isn't nearly as convenient as "File | New Session" for ad-hoc tasks. And I thought only one profile could be in use at once in FF (though that could be worked around with multiple OS users) - am I completely barking up the wrong tree there or is that something that has changed in recent years?
Agreed. In my case especially with bookmarks; it'd be great to be able to select 1 profile with all my personal stuff, and one with all my work related bookmarks.
I understand where you're coming from, but this is a usability nightmare. Which cookies will other tabs in the same window have? If you open another instance of email, which account will be signed in? How do you indicate which profile is in each tab?
Separating profiles into windows drastically simplifies the situation.
There are two groups. Regular and private. All regular ones share session, so do all private. I never had a problem with that setup. Though I wouldn't mind if private tabs would each had its own session unless they were opened from following a ling from other private tab. But that would be definitely harder to indicate to the user.
The issue isn't defining behavior - it's communicating that behavior to the user. It's much easier to prevent confusion ("wait, I did what in a regular tab??") when private tabs are in separate, very differently styled windows.
AFAIR, Opera had this feature before (I think before they changed the engine), and it worked fairly well. I don't know though if they had similar issues.
"Founded by Opera Software co-founder and former CEO Jon Stephenson von Tetzchner and Tatsuki Tomita.. the browser is aimed at staunch technologists, heavy Internet users, and previous Opera web browser users disgruntled by Opera's transition from the Presto layout engine to the Blink layout engine, which removed many popular features in the process. Vivaldi aims to revive the old, popular features of Opera 12 and introduce new, more innovative ones"
As far as I can tell, browsers can't prevent the virtual memory system or other parts of the OS from logging/caching as they see fit, which means the private browsing feature is snake oil in every browser unless the only concern is keeping "chlamydia symptoms" out of the search bar drop-down and history list.
Surfing behavior not being visible to other users is exactly the reason – the by far most important and absolutely towering reason – for private browsing to exist. Everything beyond that is nice to have but ultimately not really useful, not for what private browsing is actually used for by (most) actual people.
It’s not some side benefit, it’s the primary reason for private browsing to exist at all, at least as far a product manager (who actually understands and cares about what users actually want from their browser – so not actually a bad one) might be concerned.
That’s why I can absolutely understand how this kind of bug can creep in. The most important aspect of this feature (from the point of view of most people actually using the feature) is not that browsing leave absolutely no trace anywhere, the most important aspect is that browsing leave absolutely no trace where other users of the PC can see it†.
I’m consequently a bit confused why everyone is unpacking the big conspiracy guns. This seems like an easily understandable and completely plausible bug to me.
Oh boy. The filter bubble is real! (That’s not meant to be disparaging. We are all in our own isolated bubbles, clueless about a great many things and the details of how people behave.)
People often don’t use separate OS accounts (it’s often just not necessary) and even if they do they will often still share the PC from time to time (even if just for a brief moment) or just show something off for some other people.
During all those occasions the browser history could be visible, even if people aren’t really prying (autocomplete, frequently visited websites, …).
I just thought I'd add some color on why people are using Edge, despite the fact that it has a feature paucity compared to Chrome and Firefox and IE. I definitely want the InPrivate bug fixed, but I'm still using Edge at this moment.
1. For desktop users, most of us aren't using Edge most of the time. Desktop systems are powerful and features matter more. The only time we use Edge is when some saved feature or history element is there.
2. For Windows Mobile, all 30 people using the platform have no choice but to use Edge. This bug is pretty important for them, as inPrivate mode has many more implications on a mobile device.
3. For Tablet and Surface Book customers, generally regarded as the "leading edge" customers & Microsoft's most robust product and software line? We use Edge and will probably keep doing so. Why? Because it's te only browser that gives a damn about efficiency. Chrome is quite fast, but is a monster on battery life. Firefox is quite slow (even without plugins). Edge gets very good speeds, generally good performance and compatibility, and doesn't trigger a battery dump spiral.
This is not a unique aspect of the Windows platform (Chrome can roast batteries on Mac OS X as well, and mobile/portable Linux's Power management story is not great either). but it's exacerbated by the new form factors Microsoft is shipping in its Surface line which can easily get >10h battery life with canny apps.
I think some benefit of the doubt is allowed here - intern dev Alice codes the in private mode. Intern dev Brian creates the restore tabs on crash feature and integrates it hastily to make the (clearly rushed, if you ever used edge for more than 5 minutes) release. QA you say? But the history tab IS blank! Why would QA ever look into some internal db file? (sigh)
let's blame all the telemetry snooping in Windows 10 on a bunch of interns too ? it's like Microsoft can't hire professionals to develop its two main products . There is no benefit of the doubt, they know what they are doing.
Internet Explorer had a similar hole in its respect for users' privacy for years: the index.dat file. No matter whether you used InPrivate or cleared your web history, the browser--for years and across several versions--stored all your URLs and search queries for faster autocomplete.
What I find ironic is I gave up on using Edge because it did such a poor job restoring previously opened tabs in normal mode. I really wanted to like Edge, but the only way I could get it to reliably re-open tabs was if I manually killed the Edge process in task manager. Any time Windows gracefully shut Edge down, like for a Windows reboot, I'd loose all my open tabs and have to hunt back through weeks of browsing history to re find and re open them. I'll cut Microsoft some slack for having a bug in leaking info in private mode in a new codebase. I refuse to cut them slack for being unable to reliably restore tabs in the normal case.
Chrome doesn't properly instruct the keyboard on Android, ironically. If you visit one website over and over in Incognito mode, the keyboard will start prompting the URL in every field.
For some OEMs, it's hard to even figure out how to clear this data out. I've seen, well... awkward moments during software pitches of mobile products on Android.
"We recently became aware of a report that claims InPrivate tabs are not working as designed, and we are committed to resolving this as quickly as possible."
Hee. You "recently became aware"? Dudes. This was coded in. It doesn't seem very likely that this was accidental or that you were unaware. The browsing history is getting directly written into the main web cache file, along with a special code that specifies it's from private mode. You just accidentally missed this?
Amazing how even when starting a new browser from scratch in the past couple of years they still cannot do it right. I thought Microsoft was a software company?
I don't want to hate on Microsoft but they are making it hard not to. Edge could, no it should have been excellent but it has been out for 7 months now and the updates are minimal.
Oh well. New MSIE, same as the old MSIE, in all but the name. (I do distinctly remember the very same marketing campaign running for IE8 like the current one for Edge. Oh, the visuals were different, all right.)
Seriously, does it even matter? Your ISP knows all, the NSA knows all, the free email service providers know all. There is no privacy. Having said that, I still don't like that they know I look at porn. :)
In a somewhat related note, Chrome on iOS just updated to WKWebView or something and just said it does not suppor Do Not Track anymore, due to iOS limitations...
I find it curious that a huge deal is made out of Microsoft's missteps with over-the-top comments being modded up and same with the articles, but similar or worse things by, say Google or Apple are simply papered over and buried.
We've banned this account for being a long-time pro-Microsoft astroturfer who has plagued this site for years, including making networks of accounts to reply to each other and create the false impression of conversation. We've banned this person or persons many times before and will do so whenever we have evidence of them plying their trade on HN. There are 76 accounts marked in our system as theirs (all banned, of course), and I'm sure they've created many more.
By the way, their bit above about how the HN community makes a 'huge deal' out of Microsoft criticisms while Google and Apple get off, etc. etc., and accusations of voting bias on HN (e.g. https://news.ycombinator.com/item?id=11014741) —all that is highly characteristic of this person or persons. So is their use of HN not only to promote Microsoft but also to bash its competitors, something I predict you'll see if you look through the submission history of this one.
So, a call to all upstanding HNers: if in the future you see accounts that comment like that, it might be a good idea to email us at hn@ycombinator.com so we can investigate. But please don't accuse people on the site itself—that undermines civility, and shouldn't be done without strong evidence. (And let's not forget that HN has many legitimate users who use and like Microsoft products. I'm pretty sure kogir is no astroturfer.) When we do have strong evidence, we act immediately to protect the integrity of this site.
When we discovered this astroturfing campaign in 2013, and saw for how long they'd been plaguing HN, pg said that it made his blood boil. Well it makes my blood boil now.
So... where are the threads about the bugsI linked? Why were they not voted up so highly on HN? That was my only point about the story selection and how getting tech news from only HN can cause a blind spot.
HN was a community of Silicon Valley startup founders. Though because of its title, more and more nerds switched over from Reddit/Slashdot/Digg. Until early 2015 HN was mainly inhabited from Linux and MacOS people. But Microsoft invaded HN around their Build 2015 conference in May 2015. Nowadays a lot of sock puppets and fanboys with MSFT background are on HN and try to downvote everything slightly not so pretty. Nowadays "Show HN" is already a bit off-putting with cynical comments and harsh critics. HN certainly needs better voting-ring and paid sock puppet detection - hint: they are only active in certain timezones and mainly on a weekdays.
The question is what HN want to be. I visit HN for startup news and occasionally open source news. Who in the right mind would use vendor lock-in mediocre expensive licensed software for a startup? Although, I am okay with Windows 7, I hate Win8/10 with a passion because MSFT turned to a mean company again (bad ModernUI, don't care about consumer anymore at all, privacy debacle of Win10, turns everything to SaaS, evil license changes). And therefore would welcome to see less MSFT sock puppets and less FUD on HN. Remember HN used to be a group of very intelligent people, burn them once and we will remember that forever, burn them twice... you know, better stop that right now.
While I can attest that HN has always had a significant amount of startup stuff, that was nowhere near the entirety of the site.
I remember when the front page was filled entirely with Erlang articles, for example, and I'm damn sure no more than a tiny fraction of HN was using or considering Erlang for production at that time.
Do you think the above stories and comments are FUD or not?
Eventually the biased story selection by editors, circlejerk, echo chamber and biased moderation got so bad that the site pretty much died. Do we want that to happen on here as well?
>I visit HN for startup news and occasionally open source news
Then perhaps just move past the other posts you're not interested in, like the HoloLens or Open Sourcing of .NET and other libraries announcements which are definitely 'Hacker News' material.
Or spend more time on other places like /r/linux etc.
>Who in the right mind would use vendor lock-in mediocre expensive licensed software for a startup
That's totally your opinion, it works for some companies like StackOverflow.
>less FUD on HN
Can you link me to some of this FUD you're talking about?
Most browsers tell you you're not hiding from network monitors, ISPs, and such when you start a "private" session. Edge doesn't mention it. Even with that message, I'm sure plenty of people still think they're being stealthy. However, Edge does specifically say it will delete "cookies, history or temporary files" when all InPrivate tabs are closed, but they are not.
Product: So Sue, how's the restore-session-after-crash feature going?
Dev: Great, just about done.
Product: So it's working for all sessions now? Fantastic!
Dev: Yep! Well, all sessions except private ones of course.
Product: ... so you haven't finished private sessions yet?
Dev: No, it's just that we don't store anything on disk for them, so there's nothing to restore.
Product: ...
Dev: ...
Product: Users don't know what "stored on disk" even means. They're going to be very upset if we lose their work after a crash, just because the session happened to be private. Maybe even more so.
Dev: But with nothing on disk, that would be impossible.
Product: You devs have such a fixed mindset. If I had a penny for every time I'd heard one tell me something was "impossible." So store what you need on disk, and ...
Dev: But history ...
Product ... and flag it so it doesn't show up in history or as a visited link. Wouldn't that work?
Dev: Well, kind of, but ...
Product: Great! So we have a solution. How long to get that coded up?
[Later] Product: "Impossible" laugh Hah!