A not-so recent report indicates that Microsoft’s Edge web browser may be leaking web browsing data of the browser’s private browsing mode locally.
The researcher’s investigation of locally stored data by Microsoft’s Edge browser came to the conclusion that the browser is storing private browsing data in a local database even after the session is ended.
According to the report, Edge reveals websites visited in private mode in the browser’s WebCache file.
Previous investigations of the browser have resulted in revealing that websites visited in private mode are also stored in the browser’s WebCache file.
The WebCache file is located under the user directory, precisely here:
Please replace user_name with the name of the user account that you are using on the Windows 10 computer.
It is interesting to note that Edge seems to share the browsing history cache file with Internet Explorer, and also with versions of those browsers on other devices if the same Microsoft Account is being used to sign in to the machines.
Obviously, Edge should not leave any data traces behind after the user exits private mode., and that is something that Microsoft needs to address.
On the other hand, it is not as if private modes are offering full protection against information leaks, considering that information may still remain available locally and also remotely after a user exits the session.
A common issue is the DNS Cache for instance, which may reveal information about hostname look ups in private browsing mode.
In addition, if an attacker gets access to a computer locally, other possibilities become available that are way scarier than leaking which sites a user may have visited in private browsing mode.
Edge’s main issue at this point is that it does not provide users with options to clear the browsing data completely on exit or start of the browser.
This leaves third-party solutions like CCleaner which can be used to clear all browsing data or a selection automatically, for instance when the system is shut down.
Microsoft is working on Edge as part of Windows 10 and it is likely that options will become available in the future. Another possibility is that extensions may fill feature gaps, but it is still unclear when Microsoft will make them available in first Insider Preview builds and stable builds of Windows 10.
For now, the best bet is to use CCleaner, a manual solution to delete the file regularly, or another browser.
Edge is not the only browser that reportedly leaks private browsing information. Google’s Chrome browser too leaked information in the recent past.