As if Microsoft doesn’t have enough explaining to do when it comes to security on Windows 10, a recent investigation of Edge has revealed that the stock browser’s InPrivate mode doesn’t keep a user’s browsing history private at all.
According to security researcher Ashish Singh, the private browsing data that is supposed to be expunged the minute a user closes a private window is instead stored in the browser’s WebCache file. By examining the “Container_n” table that stores web history, anyone can see the tabs that were opened while a user was browsing in private mode.
“Therefore any skilled investigator can easily spot the difference and get concrete evidence against a person’s wrongdoings,” writes Singh. “Plenty of artifacts are maintained by the browser, which makes examination quite easy. However, there are stages where evidence is not so easy to find. The not-so-private browsing featured by Edge makes its very purpose seem to fail.”
Testing Singh’s method, The Verge was able to find evidence in the WebCache of a site visited while browsing with an InPrivate tab.
“We recently became aware of a report that claims InPrivate tabs are not working as designed,” a Microsoft spokesperson told The Verge when reached for comment, “and we are committed to resolving this as quickly as possible.”
In the meantime, if you’d rather block Edge altogether, it only takes a few steps. As Martin Brinkmann explains over at gHacks, you’ll want to create a system backup before you begin. Better safe than sorry.
Once you’re all backed up, you should change your default browser:
- Open the Settings menu
- Go to System > Default apps
- Find Web Browser at the bottom of the menu, click on the selected browser, and pick another from the menu that pops up
Now all you need to do is download a free program called Edge Blocker, unpack it and run it. Once it starts up, you’ll see two big buttons: Block and Unblock. I’m going to give you the benefit of the doubt and assume you know what to do from here.