The report by Ashish Singh, published on Forensic Focus looks into the artefacts and data fragments that Edge leaves behind on the user’s computer once it has been closed down. All the browsing history data is stored in a database that can be easily opened and read by “plenty of open source utilities.”
Information including websites visited, stored cookies and cached files from websites goes to one table in the database, known as Container_n. The data can be read to find out which sites a user has gone to and when, revealing the browsing habits of the user.
This in itself isn’t unusual — the browsing history can be viewed directly from within Edge, as with any modern browser. More interestingly, data stored in private browsing sessions also finds its way into the database though, ending up in the same table.
Pages loaded with InPrivate browsing mode have a special flag attached to them in the database that hides them in the history menu inside Edge’s interface. However, because the browsing data is stored, an attacker can still easily see which sites a user has been visiting in private mode. The flags would only confirm that the user had something to hide and confirm the usage of InPrivate.
Singh said:
“Therefore any skilled investigator can easily spot the difference and get concrete evidence against a person’s wrongdoings. Plenty of artifacts are maintained by the browser, which makes examination quite easy. However, there are stages where evidence is not so easy to find. The not-so-private browsing featured by Edge makes its very purpose seem to fail.”
News site The Verge independently verified the report, successfully retrieving partial details of a private browsing session from the Microsoft Edge database. Microsoft later confirmed that InPrivate tabs “are not working as designed,” telling The Verge “we are committed to resolving this as quickly as possible.”
Singh notes there may be a reason to storing the private data as it allows Edge to reload an InPrivate session if the browser crashes. Even so, people who use InPrivate are more likely to favour actual privacy than the ability to automatically pick up where they left off should the browser crash, something that can happen rather often in Edge.
Microsoft Edge has been released for a little over six months now. It launched with Windows 10 in July 2015 and has since then picked up a few updates to add more support for modern website features. Microsoft is also working on expanding Edge’s features and is planning a series of major additions for 2016, including the much-anticipated support for browser extensions.