An Analysis of Private Browsing Modes in Modern Browsers by Gaurav Aggarwal of Stanford University, Collin Jackson of CMU, and Elie Bursztein of Stanford University.
We study the security and privacy of private browsing modes recently added to all major browsers. We first propose a clean definition of the goals of private browsing and survey its implementation in different browsers. We conduct a measurement study to determine how often it is used and on what categories of sites. Our results suggest that private browsing is used differently from how it is marketed. We then describe an automated technique for testing the security of private browsing modes and report on a few weaknesses found in the Firefox browser. Finally, we show that many popular browser extensions and plugins undermine the security of private browsing. We propose and experiment with a workable policy that lets users safely run extensions in private browsing mode.
Full article (pdf) on Stanford’s web site.