Security experts have warned that many claims about the resilience of 'secure browsing' features are overstated, and that private surfing may be anything but.
The researchers at Stanford University are due to discuss their findings at the Usenix Security Symposium in Washington next week.
The top four browsers - Internet Explorer, Firefox, Safari and Chrome - suffer from weak security in their secure browsing options, according to the report, and often fail to prevent user history being exposed.
The browsers are also inconsistent in the way they deliver private browsing. Firefox and Chrome protect against web attacks, for example, but Safari protects only against local access.
Firefox treats elements of its security differently, according to the research, and exposes some detail even in secure mode. All four browsers contain "privacy violations", the report said.
The secure browsing "minefield" is difficult to navigate, said the researchers, and a number of changes are needed to create a truly secure environment.
One of the suggestions is that web sites display a seal to show that they respect the mode, while another recommends that the browser checks all web sites against a blacklist to look for potential lapses in security.
The researchers also found that, despite how it is marketed, private browsing is most often used on adult sites, suggesting that "its primary purpose may not be shopping for 'surprise gifts'".
OnePlus 3T canned to make way for imminent OnePlus 5 with Snapdragon 835, 8GB memory and dual camera
OnePlus 3T to be prematurely retired on 1 June - perhaps indicating plans for an imminent OnePlus 5 launch
Thunderbolt 3 goes royalty-free as Intel bids to persuade more OEMs to adopt its connectivity standard
Intel adds native support for Thunderbolt 3 and USB 3.1 gen 2 to microprocessors
Open source solutions provider makes acquisition in bid to shore up cloud development tools business
Aims to "end data bottlenecks"