Don't rely on InPrivate Browsing for anything other than to keep disinterested people from viewing your web browsing habits. It's like having a pick-able lock–it only keeps the amateurs out.

According to a paper recently presented at the Usenix Security Symposium in Washington, D.C. by researchers Gaurav Aggarwal and Dan Boneh, of Stanford University, and Colin Jackson, of Carnegie Mellon University, "you shouldn't do anything in privacy mode that you wouldn't do with your boss looking over your shoulder."

Their findings reported:

• Mozilla Firefox has something called a "custom handler protocol" that creates URLs that hang around even after a user leaves privacy mode.
• SSL client certificates, supportted by Firefox, Internet Explorer and Safari, can be used to thwart the purpose of privacy modes.
• Internet Explorer fails the privacy test in privacy mode when it initiates SMB (Common Internet File System) requests with a Web server. "Even if the user is behind a proxy, clears the browser state, and uses InPrivate, SMB connections identify the user to the remote site" according to the researchers.
• Some browser plug-ins and add-ons pose an exposure risk in privacy mode.
• Until recently there's been an universal exploit that's allowed sites to determine whether a user was visiting in privacy mode. The exploit has since been plugged by Safari and is being shut down by Firefox and Chrome.

Furthermore, as the Firefox browser clearly states,

To that we add, it obviously does not prevent ANY trackable information from being recorded on your computer. Bottom line: browsing in privacy mode is not so private.

Relevant links: