When I use Firefox’s “Private Browsing” mode at work, can a tech-savvy person still see which websites I visited in my private window?
So if I make a private Firefox window and then browse the SDMB, will anyone ever be able to find out what I did?
SDMB isn’t sending back encrypted webpages, so yes your work IT folks could learn what you are doing.
(And of course “anyone” includes NSA, etc)
No-one who directly examines your computer could find out where you went (no cached files, no browser history). Anyone who monitors your network traffic (IT dept, Internet Service Provider) will be able to determine your browsing, although using https on pages that support it will hide the content (but not the actual connection).
Hmm… maybe I’d better stay away from the Dope at work, then. (I’ve been staying away from it at work anyway, as a safety precaution - I do write about work sometimes. Usually nothing bad, but still, stuff I don’t want my coworkers to find out - many if not most of them do understand English, after all.)
Well, I don’t really know that that is entirely true. I occasionally run CCleaner, and have Firefox set to use private browsing by default. Any time I run CCleaner, it manages to find things from Firefox to clean out.
I wouldn’t know what, exactly, it is cleaning out, but that fact that it’s not nothing would lead me to believe (as I already assume with anything internet related) that it’s not 100% private.
You’re confusing what’s stored on your computer with what’s transmitted from it.
You may indeed be cleaning out what’s stored. But any pipeline your Internet traffic travels through (your ISP, your employer’s router, a wireless signal, etc.) can be intercepted, stored and analyzed. Even if you could encrypt the traffic, the header (destination, source) cannot be encrypted or the routers in the stream wouldn’t know where to send it.
The NSA knows every page you visit milliseconds before you hit “enter”.
Does the NSA spy on Canada too?
It’s not the NSA I’m worried about so much as the more tech-savvy people at work. (Not that the NSA is nothing to be worried about, but I don’t think they’d be interested in what websites I look at during work.)
And just for the record - I don’t browse websites instead of doing work. It’s only if I have no work to do at the moment.
Firefox’s private browsing mode doesn’t claim to be encryption software. I am well aware that anything transmitted (including this message) could be intercepted by about anyone who had the desire to do so. I was just pointing out, that even with private browsing mode turned on perpetually (I have the “always use private browsing mode” option checked).
The idea is not about encryption; it is about simply not leaving “evidence” on the hard drive in the first place. What, exactly, is being stored in those few things CCleaner finds to delete, I haven’t really bothered to find out, since most of these options to me are more of a “keep the shit from accumulating on my computer” thing than they are about privacy.
Truly private affairs are best left off-line, and paid for in cash. Oh, and you have to wear one of these to make sure nobody can recognize you.
My tinfoil hat works, too.
I would be shocked if their overstepping was limited to US citizens in US territory.
“our” overstepping, I should say, as I am one of ‘we the people’. 
As for what CCleaner might be removing, off the top of my head, I might think of the bookmark backups that firefox makes. Private mode doesn’t prevent you from creating bookmarks.
I work in the information security department of a very large company that has lots of data bad guys want. I’m the team lead for investigations and forensics. I don’t know about your company, but I’ll tell you about my experience.
If you surf the net while connected to the company network, I will be able to see what sites you went to and a good chunk of the information you exchanged with them, regardless of whether or not you’re taking steps to hide your tacks on the PC. You could set the PC on fire, and I’d still have the logs from all our monitoring systems to show what you were up to. We also have the ability to intercept and decrypt HTTPS traffic when you are on or network. If you take your company-owned laptop home and connect it to your home network, it will still report much of your activity to us.
So Private Mode and cleaner utilities don’t bother me all that much. Although if I see CCleaner or something like it on your PC (and I probably will) I will take that as evidence you’re up to no good and I’ll do a serious investigation of your PC. Private Mode and those cleaning utilities generally still leave traces on the PC that can be recovered by a forensic examination. They certainly make life harder for me, but if I thought you were stealing data from the company, I’d pull out all the stops and recover every deleted file I could to piece together your activity.
Your company might not be as militant as mine. But if you’re worried that they would come down on you for surfing, do it at home.
How do you do this? Unless you have something installed on the users’ PCs, I don’t see how this is possible.
We do have endpoint monitoring. Also, the proxy is capable of doing a man-in-the-middle on SSL traffic. Since we configure all the PCs (hey, we bought 'em) we configure them to trust the spoofed certificates issued by the proxy.
As a matter of standard practice, we don’t decrypt SSL. But we can if we want to.
Right, of course. Essentially a man in the middle attack. Will have to remember to check the browser’s root certificates next time I’m unsure … :o
It is also trivially easy to configure a network to pass all http/https traffic via a proxy, even without a client-side setting. Most ISPs will do this for performance once traffic leaves the residential endpoint, but it also allows connection logging. It won’t give them access to your SSL traffic though, not without the spoof certificate on the client.
Is this still the case? My understanding is that ISP proxies are rare nowadays.
Bah. You’re probably a “shiny-side-out” pretender.
This page documents some other client-side leaks. Short version: Stuff is left in RAM, Java leaves some traces, DNS cache on the local machine isn’t cleared, other add-ons may also leave traces.
And if you’re on a work PC or a work network, as Bayard points out, all bets are off.