Is Incognito Mode safe? Is Private Browsing actually private?
In short: no, these “private” browsing modes are not actually private. Or at least not to the extent that most people assume they are.
Sadly, the reality is not that clear or empowering. In fact, Google is currently facing a $5 billion class action lawsuit for, among other things, continuing to secretly collect data from users even while they’re in Incognito Mode. Oops.
So let’s clear a few things up.
TL;DR – here’s a quick, non-exhaustive list of things that private browsing does not do:
Alter the visibility of your IP address or otherwise change how traffic appears on the network – you’d need a fair VPN for that
Shield you from tracking by visited websites, online advertising companies, the government, and ISPs – private browsing refers only to actions taken (or not taken) by the browser itself; it has little to no bearing on what third parties do
Block geolocation or otherwise stop websites from knowing where you are
Control what information websites or other third parties save on you, including your browsing history – again: though the browser itself will clear your browsing history from a private session, third parties will not
Prevent ad networks from tracking you across the internet
Protect you from viruses/malware/spyware
Block ads – perhaps paradoxically, because most private browsing modes disable extensions by default, you might end up seeing more ads than usual
To be clear, there are some useful applications of Private Browsing – but they’re mostly in the realm of everyday privacy, rather than “privacy” as it is commonly understood in this data/internet context.
When shopping for plane tickets, airlines use cookies to identify the dates/locations you’re after and incrementally increase the price of relevant airfare. Because private browsing clears cookies, it allows you to browse and comparison shop without getting screwed by dynamic pricing.
If your only concern is hiding your search/browsing history – say you’re using a shared computer and buying a surprise gift for the person with whom you share the computer – private browsing will keep that stuff from showing up in your History (or being auto-completed in your search bar) and ruining the surprise.
If you want to sign into multiple accounts of the same service at once, private/incognito browsing is a good way to separate those sessions
If you’re using a public computer and want better protection against inadvertently leaving one of your accounts signed in (like at a library or print shop), opening a private/incognito window is a good move.
The problem is not that Incognito/Private browsing is useless: it’s that the public has a fundamental misunderstanding of its uses.
A 2017 study from privacy-focused search engine DuckDuckGo found that 76% of Americans who use Private Browsing “cannot accurately identify the privacy benefit it provides.” Most people do not correctly understand what private browsing does and doesn’t do for them. When 3 out of every 4 people who use private browsing have a critical misunderstanding of what it does, that’s clear evidence that something is systematically wrong.
This widespread misunderstanding stems from the public being misled.
In 2018, researchers with the University of Chicago and the Leibniz University of Hanover conducted a study about common misconceptions held by consumers with regard to private browsing.
The study focused specifically on the disclosures – informational text, basically – each browser presents to users of its respective private browsing mode. Different respondents were shown different disclosure texts, copied directly from the private modes of leading web browsers, and then asked to answer questions about private browsing. These results were compared against those of a control group, who were shown a fictional disclosure text written intentionally to be “meaninglessly vague.” Their goal was to gauge the efficacy of the privacy messaging as written: effective disclosures would leave users with an accurate understanding of private browsing’s strengths and limitations, whereas ineffective disclosures would not.
The results were, predictably, not great. Some of the disclosures not only failed to correct misconception, but actually made matters worse.
“We found that browsers’ disclosures fail to correct the majority of the misconceptions we tested. These misconceptions included beliefs that private browsing mode would prevent geolocation, advertisements, viruses, and tracking by both the websites visited and the network provider. Furthermore, participants who saw certain disclosures were more likely to have misconceptions about private browsing’s impact on targeted advertising, the persistence of lists of downloaded files, and tracking by ISPs, employers, and governments.”
As the authors assert, “the term “private” is heavily overloaded, and [the] results suggest the name “private mode” implies unintended meanings.” Here are some specific misconceptions survey respondents had about private browsing:
56.3% of participants believed that even while a user was logged into a Google account, their search queries would not be saved while in private mode. While private mode does not save search histories, this belief conflated the browser’s (local) history with that of Google itself. Further, a significant minority believed that private mode would remove logged info retroactively.
47.2% of participants thought a forensics expert could not determine a user’s private browsing history even with physical access.
40.2% of participants thought websites would not be able to estimate a user’s location. Most believed location hiding was simply a feature of private browsing, but some participants thought geolocation would be impossible because IP addresses, used to estimate location, were hidden (which is not the case).
27.1% of participants believed private mode offered more protection against viruses and malware than standard, primarily attributing this to private mode not saving information, especially cookies and ads.
While it’s fun to punch up at Google – their record on privacy is generally atrocious – it’s worth noting that Google Chrome’s disclosure text was the only one that actually succeeded at equipping respondents to answer questions more accurately than the control group.
Private Browsing modes affect only a narrow slice of online privacy. Truly ‘private’ browsing requires not just a different browsing mode, but different browsing behavior.
Certain actions, like logging into your online accounts from a private browser window, essentially negate any notion of true ‘privacy’ within that session. Websites operate their own ecosystems, independent of the browser you access them in: their ability to track your activity while you’re logged into their services is not impacted by private browsing. If you open a private browsing window, go to NYTimes.com, and log into your NYT account, the Times’s website will track any and all of the actions it is built to track.
Furthermore, Google’s Incognito Mode treats all of the Incognito tabs or windows open at any given time as part of one session. For example, if you log into Amazon in Incognito Mode, then open a new tab and head to Amazon.com, you’ll see that you’re already signed in. Likewise if you log into, say, Facebook during an Incognito session, Facebook will now be tracking all of the things it usually tracks, in the same troublingly pervasive way it tends to do so. The “private/incognito” aspect of private browsing refers only to actions taken (or, more accurately, not taken) by the browser itself.
One solid behavior to work into your online habits is compartmentalized browsing. In short: use one browser for all of the things you need to sign into, and use another browser for literally everything else. Per Michael Grothaus of Fast Company,
“By splitting up your web activity between two browsers, you’ll obtain the utmost privacy and anonymity possible without sacrificing convenience or the ease of use of the websites you need to log in to. That’s because the majority of your web usage will be done in your “everyday” browser, which, by never logging into any website, will make it extremely hard for data firms to identify you and track your activities–especially if you fit your “everyday” browser out with some hardcore privacy extensions. You can go all out with your privacy settings on your “everyday browser”: Block all cookies, scripts, and trackers, and always use in it [sic] incognito mode. That’s because you won’t be logging into any sites that require cookies or scripts to be enabled to work.”
Your choice of browser does matter. Google Chrome offers a lot of useful features, but to again quote Michael Grothaus, “it’s made by Google, whose sole aim is to know everything you do online, so it’s probably best to stay away from Chrome if you value your privacy.” Firefox offers some built-in protection against tracking and fingerprinting. Brave was likewise built with certain privacy protections in mind, and in the time since the 2018 study we cited above, they have incorporated direct integrations with TOR into their private browsing mode. TOR itself is probably the browser offering the most fundamentally secure and anonymous web presence, but that protection has a cost: TOR is often significantly slower than a conventional browser.
One thing is certain: Incognito Mode alone does not provide privacy. Plan accordingly.