Comments on: Security and usability – Google Chrome’s Incognito mode http://paheli.net/blog/2008/09/11/security-and-usability-google-chromes-incognito-mode/ Everything is a Puzzle waiting to be solved! Wed, 14 Dec 2011 06:24:24 +0000 hourly 1 http://wordpress.org/?v= By: Varun http://paheli.net/blog/2008/09/11/security-and-usability-google-chromes-incognito-mode/#comment-161 Varun Fri, 30 Jul 2010 22:48:21 +0000 http://paheli.net/blog/?p=31#comment-161 @Rachel - The incognito mode in Chrome cannot be disabled or locked. And uninstalling the browser also does not help because the recent versions of IE and Firefox both have private browing capability. To monitor the surfing activity that takes places on your computer you can do 1 of 2 things (you can even do both): 1. Use the logging capability of your wireless router. All computers in your household that access the Internet through your wireless router can be tracked via this mechanism. Most modern routers can even email you this log at regular intervals instead of you having to check the log manually. 2. Use a service like OpenDNS (http://www.opendns.com/solutions/overview/) Each computer that you want to monitor has to be configured to use the OpenDNS servers. OpenDNS can either block unwanted content or merely log all DNS requests that you can review later. @Rachel – The incognito mode in Chrome cannot be disabled or locked. And uninstalling the browser also does not help because the recent versions of IE and Firefox both have private browing capability.

To monitor the surfing activity that takes places on your computer you can do 1 of 2 things (you can even do both):

1. Use the logging capability of your wireless router. All computers in your household that access the Internet through your wireless router can be tracked via this mechanism. Most modern routers can even email you this log at regular intervals instead of you having to check the log manually.

2. Use a service like OpenDNS (http://www.opendns.com/solutions/overview/) Each computer that you want to monitor has to be configured to use the OpenDNS servers. OpenDNS can either block unwanted content or merely log all DNS requests that you can review later.

]]> By: Rachel http://paheli.net/blog/2008/09/11/security-and-usability-google-chromes-incognito-mode/#comment-159 Rachel Tue, 27 Jul 2010 06:51:52 +0000 http://paheli.net/blog/?p=31#comment-159 Hi. I'm the mom in the scenario and I want to know where my 12 year old is surfing. Can I disable the incognito feature of Chrome? (It took me a few weeks to figure out how he was surfing without leaving a trace.) Thanks Hi. I’m the mom in the scenario and I want to know where my 12 year old is surfing. Can I disable the incognito feature of Chrome? (It took me a few weeks to figure out how he was surfing without leaving a trace.) Thanks

]]> By: Firefox Incognito / Private Browsing Mode - Part II | Shantanu's Technophilic Musings http://paheli.net/blog/2008/09/11/security-and-usability-google-chromes-incognito-mode/#comment-26 Firefox Incognito / Private Browsing Mode - Part II | Shantanu's Technophilic Musings Thu, 11 Sep 2008 19:16:50 +0000 http://paheli.net/blog/?p=31#comment-26 [...] Add comments My Sites: My Blog | My Tech Blog | Follow me on Twitter—-A few people (e.g. Varun) told me my previous post differed from the way how google chrome / Microsoft IE8 handle Incognito [...] [...] Add comments My Sites: My Blog | My Tech Blog | Follow me on Twitter—-A few people (e.g. Varun) told me my previous post differed from the way how google chrome / Microsoft IE8 handle Incognito [...]

]]> By: Shantanu Goel http://paheli.net/blog/2008/09/11/security-and-usability-google-chromes-incognito-mode/#comment-25 Shantanu Goel Thu, 11 Sep 2008 04:50:40 +0000 http://paheli.net/blog/?p=31#comment-25 BTW just thought of a way to do the "not saving to disk" method for firefox as well. Completely hypothetical (and might work only in linux), but maybe i can do it. Wait till weekend, will try and let you know Thanks for pointing this out, gives me something better to ponder about and do a real hack than just clicking around making a new profile and checking a few boxes... :) BTW just thought of a way to do the “not saving to disk” method for firefox as well. Completely hypothetical (and might work only in linux), but maybe i can do it. Wait till weekend, will try and let you know
Thanks for pointing this out, gives me something better to ponder about and do a real hack than just clicking around making a new profile and checking a few boxes… :)

]]> By: Shantanu Goel http://paheli.net/blog/2008/09/11/security-and-usability-google-chromes-incognito-mode/#comment-24 Shantanu Goel Thu, 11 Sep 2008 04:42:30 +0000 http://paheli.net/blog/?p=31#comment-24 Yes, you are right about the usability part. Actually that should be fixable easily. I had earlier thought of doing all the above steps in a script that someone could just download and double click and be "incognito" before being able to say "voila!" :) Or maybe firefox guys should make it more prominent. Moreover, once the "setup" is done then there is no extra efforts after that. Well, abt the extra options, I did check the boxes for my use but forgot to write about them :), maybe subconciously assumed that people would know about that, but yes that counts as an oversight and you are right again that usability takes a step back when there is an "extra" step involved. About the writing to disk part, Google says that the cookies are cleared only after you close the windows and read at some places while googling that it is not, infact, clearing everything up. So, cookies definitely go to hard disk. Not sure about rest of the things going to hdd or not. Any links? About the rest of the stuff, XSS prevention etc, I completely agree its better in chrome (though I use NoScript extension to prevent myself in firefox but its obviously better if its not needed at all). One more thing, I'm not too well-versed with web technologies, but do you know if/what would be "legal/positive" use cases for XSS? Yes, you are right about the usability part. Actually that should be fixable easily. I had earlier thought of doing all the above steps in a script that someone could just download and double click and be “incognito” before being able to say “voila!” :)
Or maybe firefox guys should make it more prominent. Moreover, once the “setup” is done then there is no extra efforts after that.
Well, abt the extra options, I did check the boxes for my use but forgot to write about them :) , maybe subconciously assumed that people would know about that, but yes that counts as an oversight and you are right again that usability takes a step back when there is an “extra” step involved.
About the writing to disk part, Google says that the cookies are cleared only after you close the windows and read at some places while googling that it is not, infact, clearing everything up. So, cookies definitely go to hard disk. Not sure about rest of the things going to hdd or not. Any links?
About the rest of the stuff, XSS prevention etc, I completely agree its better in chrome (though I use NoScript extension to prevent myself in firefox but its obviously better if its not needed at all).
One more thing, I’m not too well-versed with web technologies, but do you know if/what would be “legal/positive” use cases for XSS?

]]>