Chrome Incognito Mode hides your identity, or does it?

By: ( +David Herron; Date: February 25, 2019

Tags: Google Chrome » Incognito Mode » Internet Privacy

Web browsers famously support Cookies, and Cookies are widely used by websites to inject identifier tags. One use for this is to remember whether the browser is "logged in" to a website, or not. But there is a nefarious side where we fear being tracked by the cookies injected by the websites. Most/all browsers support an Incognito Mode that is supposed to hide all identifying markers, so we can peruse some websites without being identified. While this is useful a mode has been identified where Chrome's Incognito Mode is not quite Incognito, while Firefox provides more anonymity.

My primary use for Incognito Mode is to bypass paywalls such as at the NY Times. Many sites with paywalls allow you to read a handful of articles for free, then block all further articles until you pay a subscription. I don't have much problem with that, except that paying a subscription to every last site I read is not sustainable. For over a year I've been using Incognito Mode to read these sites. See Bypassing the NY Times paywall, and read NY Times content for free

The implementation varies ever so slightly between browsers. Basically there are two ways to enter Incognito Mode, or Private Browsing Mode:

  • In the File Menu, make the choice to launch a new window in Incognito Mode
  • When looking at a link, right-click that link and in the popup menu say to open a new window in Incognito Mode

This is fine and I've been successfully using this trick to read articles on sites where I'd otherwise be blocked. Additionally, I use this on YouTube when I want to watch a video without it being recorded in my history or affecting future recommendations.

When Incognito Mode is not Incognito

This morning I wanted to read an NY Times article. I use Chrome as my daily driver web browser, and as has become my habit for NY Times links I right-clicked and chose Incognito Mode. But the article came up obscured with this:

February 25, 2019

I've come across another site or two that is able to detect Incognito Mode and that other site takes a similar action.

What happened next is where I'm disconcerned. Namely, the UI says "create a free account".

Ages ago I'd created some kind of free account with the NY Times, and have been getting news alerts and daily news summaries. In fact in this instance I'd clicked on a news alert e-mail in order to read this article.

It is very likely the links NY Times sends in emails include an identifier code.

When clicking on the Create Free Account button, it offered to log me in with the existing free account I had. And, I was able to read the article, because I was logged in. Sigh. Not quite the desired result.

BUT --- HOW DID THE NY TIMES KNOW EVEN THAT MUCH ABOUT ME? Being in Incognito Mode the NY Times should have had no clue who I am.

To experiment, I closed that Incognito window and went to Google News. Selecting a random NY Times article, I attempted to read it using an Incognito window. And, the same behavior occurred, namely the NY Times recognized the Incognito mode, and then offered to log me in using my existing free account.

Bottom line is that Chrome's Incognito Mode is somehow not very Incognito. Those of us relying on Incognito Mode to provide anonymity have probably been fooled.

Firefox is incognito all the time

BUT -- I then launched Firefox and repeated the same exercise.

First, using the link in the news alert e-mail (using right-click-copy-link while reading the email), and pasting it into the location bar of a Firefox Private Mode window. I successfully read the article with no messages.

Second, going to Google news in a regular Firefox window, then right-click-private-mode to read the article, and was again able to read the article with no messages.

Bottom line is that where the NY Times is able to recognize Chrome's Incognito mode, and somehow peek behind the sunglasses to see who I am, the NY Times does not recognize Firefox's equivalent mode.

« How to know when ChromeOS support is ending on your ChromeBook Scotty at Strange Parts opens the door into how YouTube Creators build their business »
2016 Election 2018 Elections Acer C720 Ad block Affiliate marketing Air Filters Air Quality Air Quality Monitoring AkashaCMS Amazon Amazon Kindle Amazon Web Services America Amiga and Jon Pertwee Android Anti-Fascism AntiVirus Software Apple Apple Flexgate Apple Hardware History Apple Hardware Mistakes Apple iPhone Apple iPhone Hardware April 1st Arduino ARM Compilation Artificial Intelligence Astronomy Astrophotography Asynchronous Programming Authoritarianism Automated Social Posting AWS DynamoDB AWS Lambda Ayo.JS Bells Law Big Brother Big Data Big Finish Big Science Bitcoin Mining Black Holes Blade Runner Blockchain Blogger Blogging Books Botnets Cassette Tapes Cellphones China China Manufacturing Christopher Eccleston Chrome Chrome Apps Chromebook Chromebox ChromeOS CIA CitiCards Citizen Journalism Civil Liberties Climate Change Clinton Cluster Computing Command Line Tools Comment Systems Computer Accessories Computer Hardware Computer Repair Computers Conservatives Cross Compilation Crouton Cryptocurrency Curiosity Rover Currencies Cyber Security Cybermen Cybersecurity Daleks Darth Vader Data backup Data Formats Data Storage Database Database Backup Databases David Tenant DDoS Botnet Department of Defense Department of Justice Detect Adblocker Developers Editors Digital audio Digital Nomad Digital Photography Direct Attach Storage Diskless Booting Disqus DIY DIY Repair DNP3 Do it yourself Docker Docker MAMP Docker Swarm Doctor Who Doctor Who Paradox Doctor Who Review Drobo Drupal Drupal Themes DuckDuckGo DVD E-Books E-Readers Early Computers eGPU Election Hacks Electric Bicycles Electric Vehicles Electron Eliminating Jobs for Human Emdebian Encabulators Energy Efficiency Enterprise Node EPUB ESP8266 Ethical Curation Eurovision Event Driven Asynchronous Express Face Recognition Facebook Fake Advertising Fake News Fedora VirtualBox Fifth Doctor File transfer without iTunes FireFly Flash Flickr Fraud Freedom of Speech Front-end Development G Suite Gallifrey Gig Economy git Github GitKraken Gitlab GMAIL Google Google Adsense Google Chrome Google Gnome Google+ Government Spying Great Britain Green Transportation Hate Speech Heat Loss Hibernate High Technology Hoax Science Home Automation HTTP Security HTTPS Human ID I2C Protocol Image Analysis Image Conversion Image Processing ImageMagick In-memory Computing Incognito Mode InfluxDB Infrared Thermometers Insulation Internet Internet Advertising Internet Law Internet of Things Internet Policy Internet Privacy iOS iOS Devices iPad iPhone iPhone hacking Iron Man iShowU Audio Capture iTunes Janet Fielding Java JavaFX JavaScript JavaScript Injection JDBC John Simms Journalism Joyent jQuery Kaspersky Labs Kext Kindle Kindle Marketplace Large Hadron Collider Lets Encrypt LibreOffice Linux Linux Hints Linux Single Board Computers Logging Mac Mini Mac OS Mac OS X Mac Pro MacBook Pro Machine Learning Machine Readable ID Macintosh macOS macOS High Sierra macOS Kext MacOS X setup Make Money Online Make Money with Gigs March For Our Lives MariaDB Mars Mass Violence Matt Lucas MEADS Anti-Missile Mercurial MERN Stack Michele Gomez Micro Apartments Microsoft Military AI Military Hardware Minification Minimized CSS Minimized HTML Minimized JavaScript Missy Mobile Applications Mobile Computers MODBUS Mondas Monetary System MongoDB Mongoose Monty Python MQTT Music Player Music Streaming MySQL NanoPi Nardole NASA Net Neutrality Network Attached Storage Node Web Development Node.js Node.js Database Node.js Performance Node.js Testing Node.JS Web Development Node.x North Korea npm NSA NVIDIA NY Times Online advertising Online Community Online Fraud Online Journalism Online News Online Photography Online Video Open Media Vault Open Source Open Source and Patents Open Source Governance Open Source Licenses Open Source Software OpenAPI OpenJDK OpenVPN Palmtop PDA Patrick Troughton PayPal Paywalls Personal Flight Peter Capaldi Peter Davison Phishing Photography PHP Plex Plex Media Server Political Protest Politics Postal Service Power Control President Trump Privacy Private E-mail server Production use Public Violence Raspberry Pi Raspberry Pi 3 Raspberry Pi Zero ReactJS Recaptcha Recycling Refurbished Computers Remote Desktop Removable Storage Renewable Energy Republicans Retro Computing Retro-Technology Reviews RFID Rich Internet Applications Right to Repair River Song Robotics Robots Rocket Ships RSS News Readers rsync Russia Russia Troll Factory Russian Hacking Rust SCADA Scheme Science Fiction SD Cards Search Engine Ranking Search Engines Season 1 Season 10 Season 11 Security Security Cameras Server-side JavaScript Serverless Framework Servers Shell Scripts Silence Simsimi Skype SmugMug Social Media Social Media Networks Social Media Warfare Social Network Management Social Networks Software Development Software Patents Space Flight Space Ship Reuse Space Ships SpaceX Spear Phishing Spring Spring Boot Spy Satellites SQLite3 SSD Drives SSD upgrade SSH SSH Key SSL Stand For Truth Strange Parts Swagger Synchronizing Files Tegan Jovanka Telescopes Terrorism The Cybermen The Daleks The Master Time-Series Database Tom Baker Torchwood Total Information Awareness Trump Trump Administration Trump Campaign Twitter Ubuntu Udemy UDOO US Department of Defense Video editing Virtual Private Networks VirtualBox VLC VNC VOIP Vue.js Walmart Weapons Systems Web Applications Web Developer Resources Web Development Web Development Tools Web Marketing Webpack Website Advertising Website Business Models Weeping Angels WhatsApp William Hartnell Window Insulation Windows Windows Alternatives Wordpress World Wide Web Yahoo YouTube YouTube Adpocalypse YouTube Monetization