Microsoft Edge InPrivate browsing mode is full of fail and not private

Microsoft’s InPrivate browsing is supposed to help you “surf the web without leaving a trail” and InPrivate browsing mode can be used in Edge. Microsoft says, “When you use Microsoft Edge in InPrivate mode, your browsing information, such as cookies, history, or temporary files, aren’t saved on your device after your browsing session has ended. Microsoft Edge clears all temporary data from your device.” Yet InPrivate browsing with Edge is a fail as it is not private and instead keeps browsing history.

Hmm, if that sounds a bit familiar it might be because it’s been said before. In September, computer forensic analyst Brent Muir wrote, “Just how private is InPrivate Browsing mode in Microsoft Edge? Not as private as Microsoft would lead you to believe.”

He added that Microsoft Edge “isn’t that private after all. If you are hiding from a spouse/partner then it may suffice but if you are trying to cover your tracks you’d better guess again, any good forensicator will be able to identify and recover your browsing history in a matter of minutes.” Incidentally, if you are interested, Muir also has slides about various Windows 10 evidentiary artifacts.

Muir isn’t alone in advising against using Edge’s not-so-private InPrivate browing. When questioned about similar findings by forensic researcher Ashish Singh, the Microsoft PR machine jumped into action. “We recently became aware of a report that claims InPrivate tabs are not working as designed and we are committed to resolving this as quickly as possible,” a Microsoft spokesperson told The Verge.

Aw, isn’t that cute? Microsoft cares. Yet it is perplexing as to what “recently became aware” actually means since the original forensic research article was published in October. The issue was kicked to the forefront by BetaNews which advised users to “stop using Microsoft’s Edge’s InPrivate mode if you value your privacy.”

But when checking it out, the forensic article seems to have poofed even though retrieving InPrivate artifacts are discussed elsewhere on Forensic Focus. My interest was piqued. Thankfully there is a January 30 cached copy of Singh’s research – captured for prosperity – to save the day.

Singh goes through the “search for evidence,” detailing the artifacts left behind after using Edge InPrivate browsing mode. He then added, “The forensic examination of most web browsers has proven that they don’t have a provision for storing the details of privately browsed web sessions. Private browsing is provided for a purpose, i.e. privately browsing the web, which is being delivered.”

However, in Microsoft Edge, “the private browsing isn’t as private as it seems,” explained Singh. “Previous investigations of the browser have resulted in revealing that websites visited in private mode are also stored in the browser’s WebCache file.”

Singh concluded:

Therefore any skilled investigator can easily spot the difference and get concrete evidence against a person’s wrongdoings. Plenty of artifacts are maintained by the browser, which makes examination quite easy. However, there are stages where evidence is not so easy to find. The not-so-private browsing featured by Edge makes its very purpose seem to fail.

Seriously, if you really care about your privacy and you are using Edge at all then I’m concerned for you. The same might be said of all Microsoft products, but that’s the way the world rolls and you likely do use Microsoft. Regarding private browsing, you would be better served to use the Tor browser which implies Firefox.