Now listen to Fossbytes stories!
Web browsers’ private browsing mode is the first resolution
taken by most users to protect their privacy online. But
subconsciously they’re aware that the private mode or
incognito mode is doing nothing but deleting the browsing
activity from their computer. According to past studies, it’s
possible to track people’s browsing
habits even when privacy mode is enabled.
For concerned, and paranoid users, MIT might have a solution called ‘Veil’. It
is a new system developed by the researchers at CSAIL and
MIT explains that even though the web browser may not have any
evil intentions, the data used during private browsing can also
pass through different processor cores, caches, and even end up
on the hard drive of the main memory is full. This could
provide room for some determined attacker to find their way to
that meant-to-be-private user data.
Veil is not some anonymity network like Tor, it’s designed to
add a security layer on top of an existing web browser. There
is no software or plugin required, the user can visit Veil’s
website while running private mode or using Tor.
When the user visits a site URL through Veil, it fetches an
encrypted Veil-version of the site from a server called
Blinding server. The site looks exactly the same but adds some
decryption code which allows its data to be decrypted only for
the time when it’s visible on the screen.
The blinding server also adds some garbage code to every
webpage to make the information harder to crack. While the
pages seem normal to the user, they’re very different under the
hood. An attacker who managed to source some snippets of the
decrypted code still won’t know what web page the user visited.
Veil takes security even further by taking pictures of a
webpage and serving it to the user. Thus, there is no code to
be cracked. It records user’s movement, such as if the user
clicks somewhere, and loads the picture of that content.
The system requires the website developers to create a
Veil-version of their site. The researchers have already
created a compiler that can do the conversion automatically.
The modified site can be hosted on the developer’s servers or
on a server provided by a third party.
Veil has many advantages, and it doesn’t require any
changes in the web browser. In fact, it doesn’t depend on any
particular browser. It can help people who generally use public
computers or those who want extra privacy. However, it can’t be
said whether privacy and encryption would come at the cost of
lag and slow loading of websites.