For instance, has something called a "custom handler protocol" that creates URLs that hang around even after a user leaves privacy mode.
Internet Explorer also blows a user's cover in privacy mode when it initiates SMB requests with a web server. "Even if the user is behind a proxy, clears the browser state, and uses InPrivate, SMB connections identify the user to the remote site," the researchers--Gaurav Aggarwal and Dan Boneh, of Stanford University, and Colin Jackson, of Carnegie Melon University--wrote in a scheduled to be presented next week at the Usenix Security Symposium in Washington, D.C.
However, the trio found that the SMB flaw may be negligible because many ISPs filter SMB port 445.
They also raised a red flag about the potential for to undermine privacy modes. "Browser add-ons (extensions and plug-ins) pose a privacy risk to private browsing because they can persist state to disk about a user's behavior in private mode," the researchers wrote.