What Is Private Browsing? How Safe or Secure Is Incognito Mode?: At a higher level, what is the Goal of Privacy? When the security is informing about the privacy, what are they talking about? Well, at a high level, they are talking about the following goal. So any particular user should be indistinguishable from a bunch of other users. In particular, the activity of a given user should be non-incriminating when viewed in light of activity from a bunch of other different users. And so, as mentioned, we will mainly teach you in this guide about privacy in the specific context of private web browsing. And so, there is no formal definition for what private web browsing means. There are a couple of different reasons for that.
What Is Private Browsing? How Safe or Secure Is Incognito Mode?
So, one reason is that web applications are very complicated. And, they are adding new features all the time like audio and video capabilities and things like that. As a result, there is this moving target in terms of what browsers can do. And, as a result, what information they might be able to leak about a particular user. And, so what ends up happening is that in practice, like with many things involving browsers, there is this living standard. So, different browser vendors implement different features, particularly to private browsing. Other vendors will look and see what vendor X is doing. They will update their browser.
So, it’s like a moving target. And, as users grow to rely on private browsing more and more, they end up a lot of times finding bugs in private browsing mode. As the points will be mentioned later in this page. And, so private browsing at a high level you can think of as an aspirational goal. But we as a society are continually refining what it means to do private browsing and getting better in some aspects – worse in some aspects – as you will read a bit later. So, what exactly do we mean by private browsing? It’s tough, but the paper tries to formalize it in two specific ways.
So, first of all, in this guide, we will talk about a local attacker on private web browsing. This is someone who is going to possess your machine after you have finished a private browsing session. And it wants to figure out what sites you are using it in private browsing mode. And we will also talk here about the web attackers. The web attacker is someone who controls the website that you visit. And, this web attacker might want to try to figure out that you are some particular person John or Jane as opposed to some amorphous user that a website cannot tell who they are.
And, so we will look at each one of the attacks in detail. But, for now, suffice it to say that if the attacker can launch both of these attacks – both a local and a web attack – that strengthens their ability to try to dream us. So, for example, a local attacker who, for example, maybe knows your IP address can talk to the website and say “hey, have you seen this particular IP address in your logs”.
You are looking at the user whose machine I control right now. So, it’s pretty useful from a security perspective to consider these local and web attacks. And then to see how they can compose. So, let’s look at this first type of attacker, which is a local attacker.
How To Use Google Chrome’s Incognito Mode?
Planning a surprise party these days involve a lot of visits to a lot of websites. And keeping your plans secret can be challenging when you share a computer, which is why X guy is using Chrome’s Incognito Mode, to plan his parents’ anniversary party. In incognito mode, the web sites that you visit don’t get saved to Chrom’s history. Here’s how it works – Go to Google Chrome Menu, Click New Incognito Window.
When the window appears, you will see the incognito mode icon in the corner, then browse like you normally would. To exit incognito mode just close all of the incognito mode windows. So, remember when you want to browse without leaving a trace in Chrome, open an Incognito window and keep your surprise a surprise.
How Safe Is Incognito Mode of Google Chrome?
If it’s time to handle something sensitive, embarrassing or seedy, and you don’t want it in your browser, where your roommate, your boss or your any might stumble upon it. So, you fire up your browser’s trusty incognito or private mode which promises to keep your activity secret from anyone else who uses your computer or phone. But, is it that trusty? What exactly does incognito mode, do well here’s the basic principle of operation incognito mode works by keeping your history. The browser cache that contains the contents of pages you visit cookies that track your activity and form data that you enter only temporarily.
Newspaper websites are notorious for this last one. However, you have probably seen the warnings that pop up in incognito mode telling your employer or internet service provider might still be able to keep tabs on your online activity. How would they do that? Well because incognito mode only affects what’s being stored locally on your computer. All of that traffic is still being routed through the servers at your ISP and also perhaps your school or office. So, it can still be intercepted and tracked. You can learn more about that right up here. So that means that if you want to anonymize your web traffic, you will need to consider using a VP as well. Possibly over a network like TOR to further conceal your identity.
also, remember that just because a browser deletes the information about your session doesn’t mean it will keep a determined snoop from finding out what you have been upto. For example, features that can run an incognito mode such as browser extensions or adobe flash can still leave visible traces on your computer unless you make sure that those are disabled as well. And, browsers also don’t necessarily delete any data that you built up during an incognito session securely. So, some of it could still be found with a software recovery program or inside your PC’s DNS cache which matches the URLs of the sites you visit. To the IP addresses, so you will need to make sure that you clear your DNS cache with this command.
If you are really worried about privacy, finally things that go wrong on your PC can also compromise the effectiveness of incognito mode. Since, many browsers delete the data from your incognito mode session once you close your session, an unexpected error like a computer crash could keep that data from being deleted. Normally, and then, of course, any malware or spying software like a key logger could easily be keeping tabs on your incognito browsing if your PC is infected.
Now, we are not trying to scare you or make you think that private browsing is useless. It’s still a powerful tool and an easy quick layer of security. But, just like any tool, it only works if you take the appropriate precaution, so make sure that your boss isn’t standing over your shoulder, while you are using incognito mode to send out resumes speaking of employment are you racing against the clock as a freelancer, well it’s challenging, but with the growth of the internet, there have never been more opportunities for the self-employed.
How Does Incognito Tab Works?
And, so the security goal is that well we do not the attacker be able to figure out any of the websites, that the user visited during this private browsing activity. Now, the reason why the post is important here is that if we assume that the attacker can control the machine before the users private browsing, then basically it’s game over. Because the attacker can install a keystroke logger – the attacker can subvert the binary that the browser. The attacker can subvert the OS. So we don’t care about this pre-session attacker. And also note that we are not trying to provide the best for the user after the attacker has controlled the machine.
And, that’s for the same reason. Once the attacker gets to the machine, he or she can do the same thing that is mentioned – key logger. So, once the user leaves the machine, we don’t assume any forward notions of privacy. Does that make any sense? It’s pretty straightforward. And, so you can imagine that another goal that you might want to try to satisfy here is you might want to try to hide from the attacker. That the user was employing private browsing mode at all. Now, the paper said that’s very difficult. This property is often called plausible deniability.
So, your boss comes upto you after you use private browsing, and says where are you looking at mylittlepony.com? And, I certainly was not using private browsing mode to hide the fact that I was looking at mylittlepony.com. So, as I said, the most difficult to provide this property of plausible deniability. I will give you some concrete reasons, why this might be the case a little bit later on in this guide. But, that is an overview of the local attacker. But that is an overview of the local attacker. So, one question we might want to think about is what kinds of persistent client-side state can be leaked by a private browsing session?
Another important thing is your history of visited sites. So many of your relationships have been broken when other goes to the browser – start typing something into the address bar and all of a sudden it auto-completes to something very embarrassing. So, this is one thing you don’t want to leak outside the private browsing session. You can also think about configuration states with the browsing and so here you could think about things like client certificates. You could also think about stuff like bookmarks. Maybe if you logged into a particular site and the browser offers to store your passwords in another type of configuration state that you might not want leaking from private browsing mode.
Downloaded files – as we will discuss, this one’s a little bit interesting because downloading a file requires explicit user action to download that file. Maybe we do want this stuff to leak outside of private browsing mode. Maybe if you downloading something in private browsing mode, it should be accessible when you open the browser or use the machine after that session. So, we will talk about this a little bit in a second. And then, finally, during private browsing mode, you might install new plug-ins or browser sessions. That’s another type of state that you might imagine you don’t want to leak outside of private browsing mode.
So, current browsing modes typically try to prevent one, two and three from leaking outside of private browser sessions. Right? So there should not be any cookies or DOM stores to get out of there. Anything you put in a cache during a private browsing session should be deleted. And, you should not have any history of the URLs that you are using. Typically, four, five and six private browsing modes allow leaking outside of a session. And, there are some good and some bad reasons, why this might be the case. And, as we will discuss later, we will see if you allow anything to leak from the private browsing session, that radically increases the threat surface of private leaks.
So, it becomes much more difficult to reason about what the security properties are for private browsing mode. It’s pretty straightforward. So, the next thing we are going to talk about very briefly is network activity during private browsing mode. And, what’s interesting about this is that even if we cover all this stuff – we don’t allow private browsing to leak anything from there – the mere fact that you are issuing network packet connections leave evidence of what you were doing. So, imagine when you want to go to example.com website, your machine has to issue a DNS resolution request for example.com.
So even if you don’t leave any of this type of persistent state up there, there may be records in your local DNS cache that you tried to resolve the hostname example.com. That’s very interesting. So you can imagine that browsers could try to flush the DNS cache somehow after the private session was over. Now, in practice, that’s tricky to do because, on many systems, you require administrator privileges to do that. So, it’s not clear if you want the browser running as root because browsers, as we have seen, are somewhat untrustworthy individuals. And, also too – a lot of DNS flush commands – they don’t act per user.
They flush the entire cache, which is typically not what you would want if you are implementing private browsing mode. You would want to use a type of surgical thing, where I only want to get rid of example.com and things that were visited during this private browsing sessions, but not delete other things. So, in practice, that’s kind of a tricky thing to handle. And, another tricky thing to handle which the paper mentioned – are these things that are called as RAM artefacts. So, the basic idea here is that during private browsing mode, that private browser has to be keeping some stuff in memory.
And, so what I am going to do is I am going to go to some website. So, this is for the PDOS group here at CSAIL. Here’s what pages are loaded up. And, then what I am going to do is use this function called gcore. So, I am going to make a memory snapshot of this running page. And, so I will do the following magic. The command line is as follows – user@ubuntu:~/858$ sudo gcore $(pgrep firefox) [sudo] password for user: And, after that by pressing the enter button, a miracle happens. So, there is going to be some work that my terminal is going to generate that memory snapshot.
So, this takes a little bit of time sometimes. Now, what’s happening here? So, now we have generated the core file for that private browsing image. So, what we are going to do now is safely going to look inside that image and see if we can find any mentions of PDOS. And, so what’s interesting is, we got a ton of instances of the string PDOS in that memory image for the private browsing mode. And, so what is interesting is we see various prefixes for things. If we look further up, we can see things like there are full URLs here and things like this. You also find HTML code in there.
So the point here is that if we found all this in the memory of that page, then if this – if any of those pages got put to disk in the page file, then he, an attacker could just run strings. So, they could do what I just did over the page file and try to find out what sites you need in private browsing mode. So, does that much sense? The problem here is that private browsing mode. Don’t try to obfuscate RAM basically in all the ways and in any way. And, that seems like a pretty fundamental thing because, at a certain point, it has to execute on clear text data. And, so this is a pretty big challenge.
In case you have a question like – I don’t expect my browser to do that, one thing is that these browsers promise that they give you security through private browsing – the example they give is if you are shopping for a computer, your layman friend cannot go on your computer and see things. So, what guarantees they give and if they had to change anything as a consequence of this paper? One thing you can look at is when you open a private browsing tab, typically there will be a little blurb that says – welcome to incognito tab.
Here’s where we will help you against. We won’t help you if someone is standing behind you with a rubber hose about to beat you. And, so the browser vendors themselves area little bit cagey about what guarantees they provide. And, in fact, after the Snowden incident, a lot of the browsers changed that splash page, because they wanted to make it clear that we are not protecting from strong ways with NSA or something like that.
So, long story short, what guarantees are they providing you? In practice, they are providing that weak thing that you mention there. It’s like a layperson who wanted to see what you were doing afterwards could not figure out what you were doing. And, we are assuming you cannot run strings on the page file or things like that. Now, the problem – there are two problems is that – first of all, because browsers are so complicated, they often don’t even protect against the layperson. I can give you another example. So, a lot of times when you see those ridiculous ads from Huffington Post? It’s like puppies trying to help small puppies go downstairs and things like that.
Because I am weak, I will sometimes hook on those things, but because I don’t know and want people to know that, I will sometimes do that in private browsing mode. So what will happen sometimes is that sometimes, I will see those URLs, will leak into my URL history like my regular, public mode browser, which is precisely what this stuff is designed not to do. So, one problem is that sometimes these browsers don’t protect against the pay person attackers. The second thing is I think that there are actually, a lot of people who would like for private browsing mode to provide something stronger, particularly with whole Snowden thing.
I think there is a lot browsing mode to protect, for example, against these RAM artefact attacks, even though they may not be able to technically articulate that goal. And, so one of the things one should do, when that individual is in such situation is that – some research in a stronger private browsing mode protection. So, we can chat about that after all. One of the things we learn about all professors is that we will talk about our research endlessly. So if you want to talk about that for three hours just send me a calendar request.
And, we can do that. So, anyway, this is a demonstration. If you a question about the RAM like – I am not familiar with how it works exactly. How come a browser cannot at the end of a session, just ask the operating system to flush those parts around that he was using? Next, we are going to get to this topic as well, later in this part only.
At a high level, what you can imagine is that maybe the Operating system when it, for example, killed a process, would go through all those numbered pages and write zeroes to all those pages. Or you could also imagine that maybe the browser tried to pin all the pages in memory to prevent anything from getting flushed out all.
So some solutions can do that. So, hold onto that question for a while. This is an example of how data from RAM can leak onto disk through paging activity. But note that data lifetime is a bigger problem than just in the context of private browsing. You can imagine that any programs that deal with, let’s say, cryptographic keys or users will have this problem. Anytime you type in your program, password to a program, the memory page which holds that password can always get reflected disc. So, let me show you another example of this.
So, let’s say that we looked at the following program, which is user@ubuntu:~/858$ is pretty simple. It’s called memclear. So you see here at the bottom and main, we are just going to read in some secret text file here. And, then we are just going to sleep forever. So, what is that read secret do? It reasons from the file. It’s going to print out the contents of that file. And, then it’s going to clear out the buffer that was used to store that secret information. So, getting back to your issue, so one can imagine the browser, for example, would try to just memset to zero all the secrets that it encountered when it’s just in private browser.
So, if we look at the secret files, it’s not very fun. It just says my secrets of in a file. And, then if we run this program, in the backgrounds – So what did it do? As I said, it just printed out, it read that file in, printed out the secret value cleared the memory buffer made it used to bring that stuff out. Now, it’s just sleeping in the background. So, once again, if we use this fun gcore command, we can take a memory dump of the memclear programme that’s running in memory right now.
And, then if we do – let’s see which ones we are going to look at. So, then if we look at – this guy is the one we want. And, then we do grip for a secret. So, once again, we see that if look in the RAM image of that running programme. We found instances of both the file name that was read in and also some prefixes of the string contents of that file, even though we wiped the buffer in the C program itself. So, you might say why did this happen? This seems very strange. And, the reason is that if you think about the way that I/O works, it’s like a layer type thing.
VPN vs. Incognito Mode: The Actual Difference
If you are using a VPN, you may use NORD. You will notice that IP address 126.96.36.199 doesn’t change. You will notice this up there. It will tell you that your IP address is changed. At the same time, you need to remember that Incognito Mode and VPN are completely different things, but both mutually assist in private browsing.
The implemented that attack. Earlier, we used to think about it as a pop ware. So, now they do this additional thing too. The long story short, the attack they describe in the paper doesn’t work because of some of these browsers mainly aimed at the defence. But you can still imagine that there may be ways for the web attacker to figure out if you are using private browsing mode.
So, for example, when you do private browsing mode, any cookies that you got from public mode should not be sent during the private mode. So, in other words, if we go to Amazon.com, in public mode, we generate some cookies. Then we go to Amazon.com in private browsing mode. When we contact Amazon.com in private mode, those public mode cookies should not be sent. That can act as the Sign to the web attacker that you are using private mode. This is also now you are using the Canvass in both of these events. Right? So you need to know the IP address. So that link that you were targeting with the link colour would be on a per IP basis. And, you would have to rely on that the user first visited it as a public mode, and you protect it. So, the link attaches, you can do in the context of a single page.
So, you can imagine and combine this VMs into let’s say some type of a secure swap solution like Open BSD has – give us another encrypted disk type thing. So, you can imagine we have a very clean separation of VM up here and all the I/Os that are guarantee down here. And, so that gives you stronger guarantees that what you can get from the browser, which was not designed from the ground up to think very carefully about all the I/O paths and what secrets might leak when it was in strange.
So, yes this provides what’s nice about this – strong guarantees. And, any changes to your Application is to say to the browser. You take your browser, put it inside one of these VMs – then everything gets better all magically. It’s not location change. So, what’s bad about this – we will use an unhappy face to demonstrate that.
So, what’s bad is, first of all, it’s heavyweight. And by a heavyweight, we mean that time you want to spin up one of these private browsing sessions, you have to spin up a whole VM. And that can be pretty painful. So perhaps users are going to get upset because it’s going to take them a long time now to launch these private browsing sessions. And the other problem too is this solution has bad usability. And, the reason we say that it because now it’s difficult for users to do things like taking files that they have saved in the private browsing mode.
And, then take them to the rest of their computer – any bookmarks that they generate during private browsing mode that who they do want to persist will be difficult to get those at the end. It can be done. But, there’s a lot of friction here. So, that’s the bummer. So another thing that you might imagine doing is something that looks like approach number one. But we implement it inside of the Operating System themselves instead of in a virtual machine.
So, the basic idea here is that you can imagine that each process could potentially run in a private domain. So basically, the privacy domain accesses the collection of Operating system global resources that process uses. And, so the Operating System tracks all that kind of stuff. And, then once the process dies, essentially the OS goes through and looks at all the things that are in that privacy domain set. And, then purely deallocate all those resources. And so the advantage of this over the VM is that it is lighter weight because if you think about it, the VM is essentially agnostic to all the Operating System state and all the application state that is being used to run.
So the result – it probably does more work than the Operating System, would have to do because the Operating System presumably knows all the points at which the private browser would be touching I/O, and talk to the network and stuff like that. So maybe it even knows things like you can clear the DNS cache selectively, for example. So you can imagine that it’s much easier to spin these things up – these privacy domains – then to tear them down. However, the sad thing, at least concerning the virtual machine solution, is that its harder to get this right.
So, just describe the VM approach, as being headway because it’s essentially agnostic to everything that’s running inside the container. But what’s nice about this is that it allows the VM approach to only focus on a few low-level interfaces. And, it can focus on those things. For example, the interface the VM uses to write to disk, then you can have high confidence that it’s managed to contain everything. Whereas with the Operating System, if you think the OS is going to interpose on individual files with system interfaces – perhaps individual network interfaces like that – its much more complicated to find all of those points at which data can leak, if you are going to do that at the Operating System level. So, does that all make sense?
Those are some approaches we can use to provide potentially stronger privacy guarantees than what’s implemented in private browsers right now. So one question you might have is can we still be an anonymized user if the user is employing one of these more powerful solutions if the user is surfing through VM or surfing one of these privacy domains in the Operating System. We still figure out who they are and the answer is yes. So maybe the VM is unique for some reason. And, so similar to how we were able to fingerprint browsers using that Panopticlick or something unique about the way that the VM would be set up that allows to fingerprint it.
And it may be the case that maybe the virtual machine monitor or the Operating System itself is unique in some ways. That would allow a web attacker to figure out who the user was. And, so one cute example of this TCP fingerprinting. So, what is the big idea behind this? So, as it turns out, the specification for the TCP protocol allows some of the parameters for the protocol to be set by the implementation of the Protocol. So, for example, TCP allows implementers to choose things like initial packet size – the things that are sent out the first part of the TCP connection – it allows implementers to choose things like that initial time to live in those packets.
And, so you can imagine and in fact, you don’t have to imagine that this is the truth. You can get off the shelf tools like in a map. That they actually can tell what operating system you are running with high probability just by sending you packets. They will send these very carefully crafted packets. And they will look and see things like here’s what the TTL was on here’s what the packet size distribution was – here’s what the TTP sequence number was. And, they have the database to fingerprint. And they say – OK – if the return packets are containing something and this characteristic, then the table says that you are probably running for some reason – Solaris.
You are running a Mac. You are running Windows or whatever. So even if we use one of these stronger approaches for private browsing with a VM or an Operating System. You still may be able to run one of these http terms which attacks and learn a lot about a particular user. And one thing that’s also interesting to note is that even if we use one of these more powerful techniques try to protect the user, the user is still shared across both the public and the private browsing session.
Still uses – visibly using the machine. So, why is it interesting? Well, it’s interesting because you by the way that you use computers, may leak information about yourself. So, for example, as it turns out, users have unique keystroke timing. So, if we look at – if we give everyone (reader) the same thing to type in – the quick, brown fox – whatever that non-sense is and that is all actually at the inter keypress timing, we will all have these unique System of doing things.
Also, at the same time, we have all these distributions that can potentially be used to fingerprint us. Another interesting thing is that users have unique writing styles. So there’s this branch of security this is called stylography. And the basic idea here is to figure out if I am an attacker, can we figure out who you are. Just by looking at writing samples from you?
So imagine that for whatever reason, you are hanging out on 4chan – don’t hang out on 4chan. And we want to figure out if you have actually, in fact, been hanging out on 4chan. So perhaps what we can do is we can look at a bunch of different posts from 4chan. Maybe we can cluster those posts into sets of posts that we think to look stylistically the same. And then what we can do is we can find things that you have written publicly where you are attributed to this author.
Private Browsing In Mozilla Firefox
How to use the private browsing feature which is included in the Firefox web browser. So there’s a lot of very nice features that are considered when private browsing considering how browsing history will not be incorporated into your normal history. If you are using the private browsing mode, your cache will not be stored on your computer. When you are using the private browsing mode cookies should not be stored and download history also should not be stored as well.
So, there’s a lot of interesting features included in that. Please keep in mind that it will not protect you from all your sensitive data being stored on your computer specifically downloads that you download wall. You are in private mode, it will remain once you have closed out of your browsing session and then also the download history might not be listed as private. So, this brief section of this guide will show you, people, how to do it. So we will start by opening off the Firefox web browser here. And, then we will go up to the top break menu icon, looks like three horizontal lines. It resembles a hamburger, you want a left click on that and then left-click on the new private window button that appears right here.
And, then we get a more of a rundown of exactly what private browsing does. So, we see private browsing with tracking protection while you browse in a private window of Firefox does not have to save visited pages, cookies, searches and temporary files. But, it will save your bookmarks and downloads and as we stressed before, private browsing doesn’t make you anonymous on the internet, your employer or internet service provider or ISP. For short, we can still know what page you visit and you can see we have tracking protection which is optional enabled as well.
Which will do a better job of hopefully minimizing the amount of information that’s sent to websites now? A lot of it is required for the websites themselves to honour our request. But it’s worthwhile just to try. So, once you’re done doing that, you should be good to go. you can just browse around you notice up in the top right corner there’s a little mask icon. This will signify that we are in private browsing mode.
If we close out of here, we can see a normal Firefox window will not have that up in the top right. Another way to open up a private browsing window is to right-click on your Firefox icon on your taskbar and then left-click on the new private window again. There’s a little mask icon next to it, which will give you the indication that you are in private browsing mode. So, pretty straightforward for you people and once done, you are done with your browsing session. Just close out of it.
Private Browsing Is Not That Private
Private Browsing mode on your web browser has several great uses but its not as private as you might think.
- First off, if you download anything, it will still be on your computer, when you close out of the browser. It doesn’t save your history however, that PDF file or vacation confirmation for a surprise tip you just made will be there forever until you delete in your downloads folder.
2. Purchases – if you buy something online, you most likely use a credit card or debit card so that secret vacation you have book for your anniversary or still show up on your bank records number.
3 – IP Address – it is still visible don’t let private mode deceive you. It only hides what you are doing on your computer so the internet company will still see what and where you are browsing on the internet.
4. Glitches – no program is perfect and there can be security holes. So, when it says – you are browsing privately, it might not be. Its happened to Microsoft in the past and as a general rule of thumb, don’t do anything you eagle because there’s a good chance it will be traced right back to you.
Best Way to Use the Internet Anonymously
Assuming that you are not a drug dealer and you are not. You know being hunted by the government and you want to protect the anonymity of your IP address certainly TOR is the best thing for you. TOR is a common tool used by Government agents, it’s used by dissidents, it’s used by you know journalists to protect the anime T of their communications. Its called the Onion Router. So, you are entering the TOR network, it’s passing it to another TOR node to another TOR node.
So, eventually, what they call an exit node, going out to the internet and it’s designed in such a way to make it extremely difficult to track back the person, that’s using it however being ourself. We trust no one and we think about recent cases, like US Russ Oprah, the guy who was convicted of running Silk Road, the online drug emporium in the dark web. As the FBI was eventually able to catch him, so we always think could it be a vulnerability in TOR. We don’t know about the mind, you know, this is not encrypting your information. It’s just to be anonymous, so your IP address, which kind of ties you to your internet service provider cannot be tracked. So, what do you use the web, there are different protocols, there’s HTTP that is in the clear.
There is not encryption and then HTTPS means, its using Secure Sockets Layer which means it’s creating a tunnel between your computer and the server you are accessing, and in that tunnel, it’s passing your information, but the tunnel is encrypted. So, nobody could see inside. So, it protects the transport communications of your activity on the Internet. If you install the HTTPS everywhere, plug-in or extension company, opera’s or you use what it does is, it forces your browser to go to the SSL version of the website. Because a lot of websites out there supports both the non-encrypted version and encrypted version. This forces you to use the encrypted version, so your transport is kept confidential. If you are facing any questions regarding What Is Private Browsing? How Safe or Secure Is Incognito Mode? do let us know in the comment box below.