Chrome Incognito Mode hides your identity, or does it?

; Date: February 25, 2019

Tags: Google Chrome »»»» Incognito Mode »»»» Internet Privacy

Web browsers famously support Cookies, and Cookies are widely used by websites to inject identifier tags. One use for this is to remember whether the browser is "logged in" to a website, or not. But there is a nefarious side where we fear being tracked by the cookies injected by the websites. Most/all browsers support an Incognito Mode that is supposed to hide all identifying markers, so we can peruse some websites without being identified. While this is useful a mode has been identified where Chrome's Incognito Mode is not quite Incognito, while Firefox provides more anonymity.

My primary use for Incognito Mode is to bypass paywalls such as at the NY Times. Many sites with paywalls allow you to read a handful of articles for free, then block all further articles until you pay a subscription. I don't have much problem with that, except that paying a subscription to every last site I read is not sustainable. For over a year I've been using Incognito Mode to read these sites. See Bypassing the NY Times paywall, and read NY Times content for free

The implementation varies ever so slightly between browsers. Basically there are two ways to enter Incognito Mode, or Private Browsing Mode:

  • In the File Menu, make the choice to launch a new window in Incognito Mode
  • When looking at a link, right-click that link and in the popup menu say to open a new window in Incognito Mode

This is fine and I've been successfully using this trick to read articles on sites where I'd otherwise be blocked. Additionally, I use this on YouTube when I want to watch a video without it being recorded in my history or affecting future recommendations.

When Incognito Mode is not Incognito

This morning I wanted to read an NY Times article. I use Chrome as my daily driver web browser, and as has become my habit for NY Times links I right-clicked and chose Incognito Mode. But the article came up obscured with this:

February 25, 2019

I've come across another site or two that is able to detect Incognito Mode and that other site takes a similar action.

What happened next is where I'm disconcerned. Namely, the UI says "create a free account".

Ages ago I'd created some kind of free account with the NY Times, and have been getting news alerts and daily news summaries. In fact in this instance I'd clicked on a news alert e-mail in order to read this article.

It is very likely the links NY Times sends in emails include an identifier code.

When clicking on the Create Free Account button, it offered to log me in with the existing free account I had. And, I was able to read the article, because I was logged in. Sigh. Not quite the desired result.

BUT --- HOW DID THE NY TIMES KNOW EVEN THAT MUCH ABOUT ME? Being in Incognito Mode the NY Times should have had no clue who I am.

To experiment, I closed that Incognito window and went to Google News. Selecting a random NY Times article, I attempted to read it using an Incognito window. And, the same behavior occurred, namely the NY Times recognized the Incognito mode, and then offered to log me in using my existing free account.

Bottom line is that Chrome's Incognito Mode is somehow not very Incognito. Those of us relying on Incognito Mode to provide anonymity have probably been fooled.

Firefox is incognito all the time

BUT -- I then launched Firefox and repeated the same exercise.

First, using the link in the news alert e-mail (using right-click-copy-link while reading the email), and pasting it into the location bar of a Firefox Private Mode window. I successfully read the article with no messages.

Second, going to Google news in a regular Firefox window, then right-click-private-mode to read the article, and was again able to read the article with no messages.

Bottom line is that where the NY Times is able to recognize Chrome's Incognito mode, and somehow peek behind the sunglasses to see who I am, the NY Times does not recognize Firefox's equivalent mode.

About the Author(s)

David Herron : David Herron is a writer and software engineer focusing on the wise use of technology. He is especially interested in clean energy technologies like solar power, wind power, and electric cars. David worked for nearly 30 years in Silicon Valley on software ranging from electronic mail systems, to video streaming, to the Java programming language, and has published several books on Node.js programming and electric vehicles.