Find Out which Sites Users have Accessed in Private Browsing Modes

Here’s a good trick to help system administrators keep a step ahead of their users.

Private browsing, a relative new feature that allows users to hide their web activities. The modes basically block storage of browsing session data in the browser or the computer’s hard drive. This for instance means that no data is written to the cache or the cookie storage.

Users naturally feel safer using that mode, but that should not be the case. Why? Because there are means to find out which sites have been accessed in private browsing mode.

You see, one feature of the Windows operating system is a DNS cache, that stores domain name and IP links. Without going into to much details, the DNS cache records information about every website that the user opens in a web browser in Windows.

Curious Windows users just need to list the contents of the DNS cache to find out what websites a user has been visiting in private browsing mode. It may require some additional comparisons to find the private browsing mode websites, but that requires just some manual work and can be neglected.

Here is how you can display the contents of the DNS cache:

  • Open a command prompt in Windows. The easiest way to do that is to press Windows-R, type cmd and the enter key.
  • Now type the command ipconfig /displaydns in the command prompt and hit enter.
  • This displays all websites that have been stored in the DNS cache. Please note that this includes everything, which means websites in all web browsers, regardless of whether they have been opened automatically (e.g. by a script on the site) or manually by the user.

display dns

Chance is the list is to large for the command line cache. You can use the command ipconfig /displaydns > dns.txt to save the output in the text document dns.txt. It is then possible to open the document in a text editor, to see all records. Opening it in a text editor has other advantages, like being able to search through the records.

Windows offers an option to flush the DNS cache so that all records are deleted from the cache. This is done with the command ipconfig /flushdns.

flush dns

Some programs (like CCleaner) offer options to delete the DNS Cache. It is also possible to write a simple batch file to delete it on shutdown. Let me know if you like an example script that does that.

Windows users who regularly work in private browsing mode should consider clearing their system’s DNS cache frequently to protect their privacy.


© Martin for gHacks Technology News, 2010. | Permalink | Add to del.icio.us, digg, facebook, reddit, twitter
Post tags: , , , ,

Tags: , , , ,

Comments are closed.