Gone, But Not Forgotten: The Current State of Private Computing (Short Paper)

Private data comes in many forms: web browser histories, chat logs, sensitive word processor documents, network proxy logs, and many more. Some applications – primarily web browsers – now support private modes that aim to prevent sensitive information leaks. There are two problems with this application-level approach. First, there are many software engineering challenges in implementing correct and complete private modes. More fundamentally, applications cannot always tell which data is private – this is up to the user. As a result, applications that do support private modes may not implement the user’s desired policy, and many other applications that process private data do not have a private mode at all, because the developers did not consider that use case.

In this paper, we present a case for private computing mode as a system service, rather than a per-application feature. We specify the threat model and the goals of the private computing mode, and argue that the applications alone cannot achieve these goals. We briefly describe our ongoing work on developing a private computing mode service