Security experts have warned that many claims about the resilience of 'secure browsing' features are overstated, and that private surfing may be anything but.
The researchers at Stanford University are due to discuss their findings at the Usenix Security Symposium in Washington next week.
The top four browsers - Internet Explorer, Firefox, Safari and Chrome - suffer from weak security in their secure browsing options, according to the report, and often fail to prevent user history being exposed.
The browsers are also inconsistent in the way they deliver private browsing. Firefox and Chrome protect against web attacks, for example, but Safari protects only against local access.
Firefox treats elements of its security differently, according to the research, and exposes some detail even in secure mode. All four browsers contain "privacy violations", the report said.
The secure browsing "minefield" is difficult to navigate, said the researchers, and a number of changes are needed to create a truly secure environment.
One of the suggestions is that web sites display a seal to show that they respect the mode, while another recommends that the browser checks all web sites against a blacklist to look for potential lapses in security.
The researchers also found that, despite how it is marketed, private browsing is most often used on adult sites, suggesting that "its primary purpose may not be shopping for 'surprise gifts'".
Spaces are filling up fast
HP ZBook x2 offers 32GB RAM, M.2 SSD with up to 2TB storage and Nvidia Quadro GPU
Laptops should be able to offer true all-day working, and some
CGN has created an "online capability gap" between cyber criminals and law enforcement, says Europol
ISPs use Carrier Grade NAT to share IP addresses amongst multiple users