Veil System Patch could Make Private Browsing more Private 


Photo Credit via Pexels


Private browsing or incognito mode is available in modern browsers today. It prevents the browser from recording the user's browsing history; however, the data accessed in incognito can still be accessed in the computer's memory. And that data could still be retrieved by motivated and skilled cyber attackers. 

In a joint research by experts at Massachusetts Institute of Technology and Harvard University, researchers described a new system dubbed as Veil to improve the level of privacy in private browsing. The new system would deliver additional protection to people and network systems in several settings, such as office computers, hotel business centers or university computing centers. 

“Veil was motivated by all this research that was done previously in the security community that said, ‘Private-browsing modes are leaky — Here are 10 different ways that they leak.’ We asked, ‘What is the fundamental problem?’ And the fundamental problem is that [the browser] collects this information, and then the browser does its best effort to fix it. But at the end of the day, no matter what the browser’s best effort is, it still collects it. We might as well not collect that information in the first place,” said Frank Wang, the first author of the paper and a graduate student in electrical engineering and computer science from MIT. 

With Veil, computer systems would gain the following benefits to keep data more private than before: 

1. Any data temporarily stored in the memory or RAM of computers is encrypted until actually displayed on the screen. 

2. Any encrypted data is only loaded if actually displayed on-screen.  

3. To further protect temporarily stored data, the Veil servers drastically change the source file of each private browsers without modifying how they look onscreen. 

The main disadvantage of Veil is website developers need to create Veil versions of their sites. But the researchers said that they already created a compiler that automatically makes the conversion.