The Incognito Mode Myth Has Fully Unraveled
To settle a years-long lawsuit, Google has agreed to delete “billions of data records” collected from users of “Incognito mode,” illuminating the pitfalls of relying on Chrome to protect your privacy.
Pretty sure it's always been upfront with that it still tracks you? I always thought of it as a "don't store history and cookies locally" thing and nothing more. Maybe I read that disclaimer with more cynicism than most?
Yeah, it has always been the “don’t log my porn activity” mode. I don’t understand how so many people misinterpret it as some kind of privacy protection mode.
Yeah, it has always been the “don’t log my porn activity” mode. I don’t understand how so many people misinterpret it as some kind of privacy protection mode.
Well, also the “log into your accounts on someone else’s machine without storing the account in the browser” mode. Or the “shop for your partner’s gifts without leaving a trail” mode. But yeah, primarily for porn.
Yeah I feel the same way.
I admit that I know quite a bit about computers and such but I thought everyone knew private mode isn't intended to stop any tracking.
Pretty sure some browsers by default enable extra tracking protections when in private mode but that's just an extra feature.
Yeah, most websites do fingerprinting. I doubt Firefox is immune to it either. In fact, it probably makes it worse since there's so few people using it.
https://amiunique.org/fingerprint shows me as being unique in both browsers, and that's without even taking into account IP address which narrows you down to people on your connection anyway. Only a VPN will hide that.
They don't need cookies to track your visits. Yet apparently they still need to ask if you want to share data with 2184 trusted data partners every time you visit without them, so maybe they can pack that the fuck in.
I visited that site and rejected the cookies
I am now untraceable on the Internet
“Always”? Nope.
“If you’re concerned, for whatever reason, you do not wish to be tracked by federal and state authorities, my strong recommendation is to use [Google Chrome’s] incognito mode.”
I'm just using it to prevent my depraved, shameful porn searches from entering my browser's autocomplete corpus. Learned that one fairly early on.
typing: 'p...
Autocomplete: "YOU WANTED PORNHUB.COM, RIGHT?"
No, you mean when you're shopping for presents for your loved ones and you want to keep it a surprise.
THAT ONE!! Ahm. Yes. That one.
When I was a kid, porn was the first thing I search for on Google.
Imagine my shock when Internet Explorer kept suggesting what I had searched whenever I started typing in the Google search box...
It took me a while to understand that it wasn't Google, it was my browser
People could just use another browser profile, with it's own set of bookmarks and uBlock in strict mode... Never saw much sense in "incognito" mode.
I use an entirely different browser (vivaldi), that way I can have all the logins and bookmarks and cookies I want and not have to worry about it.
The op link hit a paywall for me, this one is working:
the company will now pay “zero” dollars as part of the settlement after earlier facing a $5 billion penalty.
I guess they would call that a win
And they’re allowed to start doing it again in 5 years
block third-party cookies within Incognito mode for five years
Fuck google
It's both a generational shift and education issue.
I grew up remembering the early days of going online. The only pc at home was shared by family, so I knew early on that covering my tracks (erasing browser history) was important. When Chrome came out and incognito mode became a thing, I instinctively knew that it was just a shortcut for a separate browser profile that does not share the main profiles cookies and history, that it didn't store activities on the local device. I knew that internet providers could still know what I acceded, and so on.
I can't ask for the same kind of awareness for people that grew up with smartphones, proprietary walled gardens and apps with most of the complexities hidden beneath pretty UI.
It's even worse when it comes to the general population - this isn't the 90s where college students and tech minded people made up the internet users, this isn't the early 2000s where people still had to use a desktop PC to access the web, with its components more or less open to tinker.
Tbh, today was the first day I realized that people see privacy mode as something else then "privacy from other users on the same browser". But yeah, makes sense that people who learned about the internet on a smartphone see things differently.
Am I the only one who knew Incognito mode simply didn’t keep history or cookies on the local machine?
I always assumed nothing changed on Google’s end.
To be fair, I don't think the average user would think that Google, the creator of that Incognito Mode, would keep the data.
Incognito Mode warns specifically that websites the user navigates to may still keep records, but I don't think it says anything about the creator of the browser keeping records (unless, of course, you visit their website).
I wonder if they’d be in the same trouble if they’d kept it simple by saying:
“This mode simply doesn’t keep history or cookies on the local computer.”
That would not suggest that anything is different anywhere else.
Yeah I've always assumed incognito mode is just for when you don't want to have it save to your browser history or if you want to be able to log into a second account on a website.
You're not the only one. But it might as well be a magic box for many people.
Nah it's basically the button cops press when they want to kill someone that turns off their body cam except it's for when you don't want the CIA to see you crank it to clown fart porn
Use Firefox. Sure, a clean session of cookies isn't going to keep you anonymous, but at least you can do it while not being on Google's own browser and also have it collect information on you.
It doesn't matter. Companies have tracked cookielessly for a decade now thanks to Safari.
This is why everyone is OK with giving up cookies. They don't need it. It's a facade.
It still matters. Is it as effective as advertised? Not really. But it's still doing something. Privacy and security are never a one off solution, but a group of methods/tools.
I also feel you missed my point in my original post. My point is, using "incognito" from a browser from a company like Mozilla is better than using it from a browser made by an advertising company. One of them has an incentive to screw you. One does not. And to reiterate, I never said it was a perfect solution. It's mitigation.
Is there any way to re-enable password saving in private mode? All the discussions say "you don't want to do that because it's a type of history" but it's sure less convenient leaving Firefox in private mode all the time.
I use a password manager with a browser plugin so it just pulls from that. You can choose to enable whatever extensions you want in private browsing mode.
Castaneda also noted that the company (Google) will now pay “zero” dollars as part of the settlement after earlier facing a $5 billion penalty.
I can that a win (for Google).
"HEY!? WHO HERE DECIDED TO CHARGE GOOGLE!? YOU KNOW HOW WE WORK!"
"Ok, let's go over this again."
"Question one: are they a corporation? Yes? THEN YOU DON'T FINE THEM!"
"Question two: are they a regular schmuck?"
"THROW THE BOOK AT THEM AND EVERY FINE UNDER THE SUN! Jesus people how hard is it to remember this? We do it every day!!"
Google should have to clearly communicate to users what they did. Only few will even read and know about this. Rarely anybody will care.
Misbehavior on such a scale should at least be communicated so users can make an informed decision on their continued trust.
If they called it cleanup mode, or guest mode, it would be more accurate.
Use this when you are on a shared device so that you don't leave history or login sessions or mess with any sessions that the primary user has. That's it.
Or just be clear about it - Porn mode.
Literally the only reason I've ever used it is so that when I start typing a web address in front of someone, Google doesn't "helpfully" autocomplete.
Aren't there any other sites that start with p or x?
Calling it incognito has really mislead a lot of people apparently, guest mode is the best alternative name that I've seen so far. I occasionally use incognito to log into personal services on other people's devices, which kinda makes me a temporary guest on that device. Guest mode doesn't feel 100% right as a name either though.
Thank you merciful Google immeasurably for agreeing to delete data that you shouldn't have collected anyway!
you shouldn't have collected anyway!
Because it was in incognito mode? That's never how it worked at all.
Because of moral reasons? Arguable.
This result has so many loop holes it's incredible. You can't read a single sentence without exceptions, unknowns or generosity. Horrible, but Google probably can blackmail the world.
Do the chromium based browsers like Vivaldi report this information back to Google too?
Isn't it about general tracking data, the internet instead of the browser?
Anyone have the article? I haven't paid my Guardian, Wired, WSJ, Wikipedia, Politico, and Vox bills this month. I only paid WaPo and NYT.
Firefox Mobile, Ublock Origin and Disabled JavaScript yield:
Bell Cameron and Andrew Couts
Security
Apr 1, 2024 5:22 PM
The Incognito Mode Myth Has Fully Unraveled To settle a years-long lawsuit, Google has agreed to delete “billions of data records” collected from users of “Incognito mode,” illuminating the pitfalls of relying on Chrome to protect your privacy. 'Google Chrome Incognito Mode' is displayed on computer screen Illustration: Yasin Baturhan Ergin/Getty Images
If you still hold any notion that Google Chrome’s “Incognito mode” is a good way to protect your privacy online, now’s a good time to stop.
Google has agreed to delete “billions of data records” the company collected while users browsed the web using Incognito mode, according to documents filed in federal court in San Francisco on Monday. The agreement, part of a settlement in a class action lawsuit filed in 2020, caps off years of disclosures about Google’s practices that shed light on how much data the tech giant siphons from its users—even when they’re in private-browsing mode.
Under the terms of the settlement, Google must further update the Incognito mode “splash page” that appears anytime you open an Incognito mode Chrome window after previously updating it in January. The Incognito splash page will explicitly state that Google collects data from third-party websites “regardless of which browsing or browser mode you use,” and stipulate that “third-party sites and apps that integrate our services may still share information with Google,” among other changes. Details about Google’s private-browsing data collection must also appear in the company’s privacy policy.
Additionally, some of the data that Google previously collected on Incognito users will be deleted. This includes “private-browsing data” that is “older than nine months” from the date that Google signed the term sheet of the settlement last December, as well as private-browsing data collected throughout December 2023. All told, this amounts to “billions of data records,” according to court documents. Certain documents in the case referring to Google's data collection methods remain sealed, however, making it difficult to assess how thorough the deletion process will be.
Google spokesperson Jose Castaneda says in a statement that the company “is happy to delete old technical data that was never associated with an individual and was never used for any form of personalization.” Castaneda also noted that the company will now pay “zero” dollars as part of the settlement after earlier facing a $5 billion penalty.
Other steps Google must take will include continuing to “block third-party cookies within Incognito mode for five years,” partially redacting IP addresses to prevent re-identification of anonymized user data, and removing certain header information that can currently be used to identify users with Incognito mode active.
The data-deletion portion of the settlement agreement follows preemptive changes to Google’s Incognito mode data collection and the ways it describes what Incognito mode does. For nearly four years, Google has been phasing out third-party cookies, which the company says it plans to completely block by the end of 2024. Google also updated Chrome’s Incognito mode “splash page” in January with weaker language to signify that using Incognito is not “private,” but merely “more private” than not using it.
The settlement's relief is strictly “injunctive,” meaning its central purpose is to put an end to Google activities that the plaintiffs claim are unlawful. The settlement does not rule out any future claims—The Wall Street Journal reports that the plaintiffs’ attorneys had filed at least 50 such lawsuits in California on Monday—though the plaintiffs note that monetary relief in privacy cases is far more difficult to obtain. The important thing, the plaintiffs’ lawyers argue, is effecting changes at Google now that will provide the greatest, immediate benefit to the largest number of users.
Critics of Incognito, a staple of the Chrome browser since 2008, say that, at best, the protections it offers fall flat in the face of the sophisticated commercial surveillance bearing down on most users today; at worst, they say, the feature fills people with a false sense of security, helping companies like Google passively monitor millions of users who've been duped into thinking they're browsing alone.
Thanks for taking the time to do that for us
I use Google One VPN which also promises not to keep my data. Hahahahaha
Unless your VPN has already been court ordered to give over logs and couldn't because they don't keep any, they're not trustworthy. Even then, if it's google I'm not sure I'd trust it
I don't trust them, especially after this incognito finding. I use them to encrypt on unencrypted wifi. That's all I trust it for.
I literally develop on a lot of Google stack and I don't trust them for shit
My Incognito Mode: launch TOR Browser...
You can use a VPN but then that VPN will track you. People need to let "internet privacy" go. That's a fairly tale for Toddlers. There's no legislation that will come to save privacy ever not even in the eu, the government tracking is enough to make all the tech companies turn green with envy.
People need to let "internet privacy" go.
"Too hard; give up"? No thanks.
Lol I would give anything to live in such a naive state of mind. What bliss it must be.
The only thing a VPN really does is to mask your IP address. Can be useful in some cases, but there are way more ways a website can track you (like browser fingerprinting).
Not that it debunks your claim that privacy is just a fairy tale.
I hate it, but I tend to agree with your take. If you don't want someone to be able to find out about it, don't do it on the internet.