Now that private browsing, a feature that aims to hide your tracks during a browser session, exists in all the major browsers you are probably using it quite extensively. Whether it’s at home, the office, or a random public computer – we all have reasons we wish to not be tracked after the fact. Private browsing does not record any cache or cookies from the web sites you visit, therefor it stands to reason it’s rather privacy conscious – hence it’s name! It’s not all good news I’m afraid.
While no data is written to the hard drive that doesn’t mean it’s impossible to decipher which sites were visited on a computer. The trivial process actually doesn’t leverage anything associated with the browsers but rather references something inherent with most modern operating systems – Windows in our case; the DNS cache.
DNS, briefly, can be thought of as a look-up table, mapping web sites like facebook.com to an IP address. Facebook.com is much easier to remember than some seemingly random clumping of numbers like 69.63.181.12. These remote look-ups, while they happen extremely fast, still introduce delays into web browsing. In order to help off-set the inherent overhead Windows will maintain and update a local cache.
Therein lies the problem – browsing through the DNS cache it’s possible to mine for data, specifically websites, that were recently accessed even from within a private browsing session. Worse, the DNS cache is extremely easy to dump and peruse.
Open a command prompt from your Start Menu.
In the Command Prompt window the command you need to execute is ipconfig /displaydns which will give a dump of all the addresses visited recently on the computer.
You’ll likely find the list is quite lengthy and will scroll off the screen before you find anything interesting. In this case you can redirect the output into a text file which can be viewed your text editor of choice: ipconfig /displaydns > dns_cache.txt
So what can you do knowing your private browsing isn’t quite so private? Thankfully clearing out the DNS cache is just as simple as displaying it in the first place. The command in question is ipconfig /flushdns – also from the command prompt.
