This article was published on December 3, 2019

Don’t trust Google Chrome’s incognito mode


Don’t trust Google Chrome’s incognito mode

Privacy is fast becoming a hard-to-earn luxury. As you browse through websites, it’s hard to shake off the creepy feeling that wherever you go, unseen eyes are watching you: Google, Facebook, your internet service provider, the government, the person sitting next to you, etc.

Among the many privacy-enhancing tools, one of the best known is the Chrome Incognito window, Google’s version of private browsing. Incognito window provides a measure of privacy if you’re browsing on a shared computer. But it’s far from being a perfect solution.

Unfortunately, many people don’t understand the privacy implications of Google’s Incognito window and end up trusting it more than they should. According to a study by researchers at the University of Chicago and Leibniz University of Hannover, many users wrongly think Google’s Incognito mode and other private browsing windows will protect them against malware, advertising, tracking codes and the monitoring by connection gateways.

Here’s what you need to know about the privacy features and the limits of Chrome’s Incognito window.

The privacy advantages of Google Chrome’s Incognito window

Google Chrome Incognito Window
Google Chrome’s Incognito window will protect your activity against other people using your device

Interestingly, Google clearly spells out everything you can expect from Incognito mode when you open a new private window. According to Google, “Now you can browse privately, and other people won’t see your activity.”

What does activity mean?

Browsing history: Google Chrome keeps track of the webpages you visit to make it easier for you to return to those pages in the future. Pressing CTRL+H on Windows (⌘+Y on macOS) shows all the webpages you’ve visited before.

Moreover, if you’ve synced your Chrome browser with your Google account, every page you visit will be registered in your online browsing history. This means that if you go to another computer and sync your Google account on a new Chrome browser, your browsing history will be transferred over.

The Incognito window will not log your browsing history and will delete traces of the webpages you visit after you close it. The privacy benefit you get is that the next person who sits behind your computer won’t be able to look at your browsing history.

Cookies and site data: Cookies are bits of data attached to websites that are exchanged between the browser and the webserver. Cookies keep track of user sessions, site preferences, local settings and other vital functions of web applications.

Cookies are what enable websites to show different content to each user. When you log in to an online account, say Gmail or Facebook, the webserver produces a cookie and sends it to your browser. The browser stores the cookie and resends it to the server on every new request (every time you click on a new button or link). The server uses the cookie to associate your application session with your user ID and serve content that corresponds to your user account.

Cookies also enable web service providers to track you across websites. When you browse to a website that has the Facebook Like and Share button or the invisible Facebook Pixel, Facebook uses your session cookie to trace you and later use the information to target you with advertising.

When you fire up a new Incognito window, none of your cookies are carried over. You can verify this by browsing to Facebook or Gmail. Even if you had logged in to your accounts before opening the Incognito window, you will still be redirected to the login page. Without the cookie, the website will treat you as a new user.

The privacy benefit of the Incognito window is that you will be able to browse to different pages without traceable cookies (there’s a caveat to this that I will mention later). Also, if you log in to any online account, closing the Incognito window will destroy the cookie associated with that session. Therefore, the next person who sits behind the computer won’t be able to access the accounts you were using when in Incognito mode, even if you had forgotten to log out before closing the window.

Information entered into forms: Forms are text areas you see in pages that require you to fill in the information, such as your name, username, email address, phone number, etc. When you enter information in a form. It then makes it available in other pages to make it easier for you to enter data in forms.

This feature can turn into a privacy issue, however, if you’re using a public computer. Other people using the same Chrome browser will see your personal data when going to pages that have data forms.

The Incognito window deletes all information you entered in forms when you close it, which gives you better privacy on shared computers.

The privacy conditions of Google Chrome’s Incognito window

Online privacy
Google also makes it clear that there are several areas where Chrome’s Incognito window won’t provide privacy.

Websites you visit: The easiest way for web applications to track users is to use cookies. But it is not the only way they can track you. Other bits of information can point to your device. For instance, I’ve seen some users use the Incognito window to browse Twitter, thinking that it will preserve their privacy and hide their identity. The premise is, since Incognito doesn’t carry over their browser cookies, Twitter won’t be able to associate their activity to their account.

But Twitter also keeps track of IP address, device type, device ID and browser type and version. Technically, it will be able to use all those factors to link your activity to your account. Facebook goes further and even tracks your activity across other websites when you’re not logged in to your account.

Your employer or school: If you’re using a corporate or school network, all your traffic will be channeled through a gateway such as a router or a server. The person who manages the gateway will have full visibility into your traffic, whether you’re browsing with Incognito mode or not. They can filter the network’s internet traffic based on IP addresses and keep track of your browsing habits.

Your internet service provider: The ISP is the company that gives you access to the internet. Think of it as the corporate network manager, but at a much larger scale. ISPs are also gateways, which means they will be able to trace all your browsing habits, regardless of whether you use private browsing or not.

Bookmarks and downloads: If you download anything while using the Incognito window, it will stay in your download folder after you close the window. Also, if you happen to bookmark anything while browsing in Incognito, the bookmark will be saved to your main browser. Keep that in mind.

Final words on privacy with Google Chrome’s Incognito mode

If you want to enhance your privacy when browsing with the Incognito window, consider using a virtual private network (VPN). VPN applications encrypt your internet traffic and channel it through a VPN server. This will hide your browsing activities from your local gateway or ISP. They won’t know which websites you browse to, but they will be able to detect that you’re using a VPN.

Overall, be careful: Chrome’s Incognito window is a good privacy tool when you have concerns about other users who have access to your computer and browser. But that’s about as far as you can trust it.

This story is republished from TechTalks, the blog that explores how technology is solving problems… and creating new ones. Like them on Facebook and follow them down here:

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with