by Brent Dirks
October 3, 2013
U.K. design firm Parallax has found a substantial issue in the private mode of Google’s Chrome browser for iOS devices. The mode, also known as Incognito, supposedly allows a user's browser and search history to remain secret. But that’s not the case. When using the combined search/address bar in Incognito mode, those search terms are then accessible later when searching in the mobile site's search bar. Here’s a video that outlines the issue. Click here if you can’t see it. I was also able to replicate the issue on my iOS device. But as you can see in the video, the “private” search terms aren’t available in the app itself, but when looking on the mobile version of Google’s site. After being contacted by TechCrunch, Google called the issue “unfortunate but unavoidable.” Google also posted a detailed explanation of the technical issue in a support document:
Browsing in incognito mode only keeps Google Chrome from storing information about the websites you've visited. The websites you visit may still have records of your visit. Any files saved to your computer or mobile devices will still remain. For example, if you sign into your Google Account on http://www.google.com while in incognito mode, your subsequent web searches are recorded in your Google Web History. In this case, to prevent your searches from being stored in your Google Account, you'll need to pause your Google Web History tracking. On Chrome for iOS, due to platform limitation regular and incognito* tabs share HTML5 local storage, which is typically used by sites to store files on your device (client-side caching) or to provide offline functionality. This means the same sites can always access their data in this storage in both regular and incognito* tabs. Incognito* tabs will still keep browsing history and cookies separate from regular tabs, which are cleared once those tabs are closed.That’s not exactly comforting for users who thought their privacy was protected. As I expected, my search terms in Safari’s Private Mode weren’t accessible later.