this post was submitted on 17 Jan 2024
685 points (98.2% liked)

Technology

58133 readers
4709 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s@lemmy.world
enu@lemm.ee
fry@fry.gs
L3s@fry.gs
enu@lemmy.world
L4s@fry.gs
L4s@lemmy.world
685
Google updates Chrome's Incognito Mode disclaimer to admit it is tracking users (www.ghacks.net)
submitted 8 months ago by throws_lemy@lemmy.nz to c/technology@lemmy.world
80 comments fedilink hide all child comments
top 50 comments
sorted by: hot top controversial new old
[–] heyoni@lemm.ee 82 points 8 months ago (1 children)

I don’t use chrome but this is a whole lot of nothing. It’s basically saying if you save a file or an article to your reading list it’ll still be there…and that remote websites will still stuff your face with cookies and try to track you…but it’s not like they’re giving you a special chrome cookie to link your private and non private browsing. Server side tracking never goes away, not even with Firefox.

Anyways, who cares. Delete chrome and start using Firefox. But again, make sure you delete the files you download in incognito or they’ll still be there. And your ISP can still see which domains you’re going to if you use them as your DNS.

[–] cttttt@lemmy.world 11 points 8 months ago* (last edited 8 months ago) (1 children)

And your ISP can still see which domains you’re going to if you use them as your DNS.

Just so you know, because TLS SNI is not encrypted and not yet universally obfuscated (adoption of this is pretty slow and one of the largest CDN providers had to pause their rollout last I checked), not-even-barely-deep packet inspection can be used to track the sites you visit regardless of your DNS provider or wherever resolution is encrypted. Just do a packet dump and see.

Also, if a website isn't fronted by one of the most popular CDN providers in existence, it can be possible to infer the sites you're visiting based on their server IP addresses.

Although this just shifts where tracking can occur, a VPN is the only reliable way to maybe prevent your ISP from tracking the sites you visit, if this is your desire.

[–] heyoni@lemm.ee 2 points 8 months ago (1 children)

Yep, I’m aware. It’s how that one guy hacked his airplanes wireless, by setting up a certificate with his domain and the airlines and then using that domain + port 443 as an ssh or vpn tunnel.

So TLS rollout is slow because the websites can still be seen with packet inspection? We’re talking about TLS 1.4 right?

[–] cttttt@lemmy.world 2 points 8 months ago

I'm not sure if it's part of a TLS standard yet but I was talking about encrypted SNI (ECH, formerly called ESNI).

Today, early on in a TLS connection, the client actually tells the server, in plain text, the domain name it's intending to communicate with. The server then presents a response that only the owner of that domain can produce, then keys are exchanged and the connection progresses, encrypted. This was required to allow a single server to serve traffic on multiple domains. Before this, a server on an IP:Port combo could only serve traffic on a single domain.

But because of this, a man in the middle can just read the ClientHello and learn the domain you're intending to connect to. They can't intercept any encapsulated data (e.g. at the HTTP level, in the case of web traffic) but they can learn the domains you're accessing.

ECH promises to make the real ClientHello encrypted by proceeding it with a fake ClientHello. The response will contain enough information to fetch a key that can be used to encrypt the real ClientHello. Only the server will be able to decrypt this.

[–] PoopMonster@lemmy.world 44 points 8 months ago (5 children)

I'm curious as to what led people to believe otherwise before this update. I don't use chrome but I recall it always being reffered to as porn mode. Meaning it just doesn't save browsing history, no more no less.

Did Google have misleading wording implying it was doing anything else?

[–] anlumo@lemmy.world 31 points 8 months ago (1 children)

It also doesn’t preserve cookies after closing the window. I’m also curious what people expect that mode to do.

[–] kratoz29@lemm.ee 6 points 8 months ago* (last edited 8 months ago) (1 children)

Well, full incognito I guess, no trace for you, you can surf even the deep web... That for the less technical folks ofc.

[–] Rediphile@lemmy.ca 19 points 8 months ago (5 children)

It seems the whole last decade has been focused on dumbing the Internet down for the dumbest 10% of the population. The Internet was better when it was less inclusive.

[–] anlumo@lemmy.world 4 points 8 months ago

There's money to be made with more people on the Internet, and especially dumb people. So that's where it's going.

load more comments (4 replies)
[–] tastysnacks@programming.dev 7 points 8 months ago

I remember interviews with the development team about it. As far as I know they were always clear what was happening on the back end.

load more comments (3 replies)
[–] tsonfeir@lemm.ee 44 points 8 months ago (4 children)

Okay Chrome lovers, talk yourself out of this one…

[–] Toes@ani.social 32 points 8 months ago (1 children)

Well you see, it's used by virtually everything. So get used to it. is all I imagine people saying, not my opinion.

[–] tsonfeir@lemm.ee 16 points 8 months ago

Ahh yes, the good ole, “you don’t have a choice” nonsense. 😉

[–] Rediphile@lemmy.ca 8 points 8 months ago

I can bitch about chrome all day long... but none of that bitching will be about incognito mode as that was and continues to be an useful feature that did exactly what I expected it to do. Everything it said it did, it did.

Just because people made up their own imaginary ideas about what they think it does isn't really Google's fault. If people think snorkels allow them to scuba dive and then drown, I'm not about to blame the snorkel maker that wrote 'diving googles and snorkel' on the packaging.

[–] Zagorath@aussie.zone 5 points 8 months ago (5 children)

I switched away from chrome a while ago, but this is just stupid. Incognito has always said that it can’t stop sties from tracking you. It’s always been about stopping stuff from being stored locally. Here’s the message:

If you read that and thought it did more than it said, that’s on you.

load more comments (5 replies)
[–] lolcatnip@reddthat.com 2 points 8 months ago* (last edited 8 months ago)

Incognito mode didn't do what it was never advertised to do, and in fact does precisely what it always claimed. The horror!

I swear people like you act like every day Google simply exists is a fresh outrage.

[–] TheDarkKnight@lemmy.world 35 points 8 months ago

All google products track you. Don’t use Google products.

[–] pineapplelover@lemm.ee 32 points 8 months ago (2 children)

Firefox's private browsing description is pretty solid if anybody managed to read it

load more comments (2 replies)
[–] uuhhhhmmmm@sh.itjust.works 24 points 8 months ago (2 children)

I was always curious why is it called Incognito or Private mode? Temporary or Guest session would make more sense: "You've entered a Temporary session. Your browsing history and cookies will not be saved."

[–] Rediphile@lemmy.ca 5 points 8 months ago (4 children)

I don't believe it was ever called 'private mode', or am I wrong on this?

[–] GhostMatter@lemmy.ca 14 points 8 months ago (1 children)

Private Mode is on Firefox.

[–] FoxBJK@midwest.social 8 points 8 months ago (1 children)

Safari and Brave also both call it a private window

[–] T156@lemmy.world 3 points 8 months ago (1 children)

Internet Explorer also called it "InPrivate".

load more comments (1 replies)
[–] SomethingBurger@jlai.lu 14 points 8 months ago (1 children)

Private Browsing, for browsing private parts.

[–] Buck@lemmy.world 3 points 8 months ago* (last edited 8 months ago)

Private Browsing, at your service 🫡

https://youtu.be/G5VEftRH12Y?si=w1iKyRrA1Gu-TZbh

load more comments (2 replies)
[–] Spotlight7573@lemmy.world 3 points 8 months ago

Guest sessions already exist in the profile menu and is a separate feature. Guest doesn't save history/cookies/etc locally but also doesn't use your existing history, extensions, bookmarks, settings, etc. It's intended more for an actual guest user to sign into temporarily.

[–] Lojcs@lemm.ee 20 points 8 months ago* (last edited 8 months ago) (3 children)

I find this very silly. Incognito always had disclaimers about how it doesn't protect you from tracking. Do people not know Google is just a website that does taking (or did anyway) like any other? And how tf did Google lose that lawsuit when eulas have "this software isn't fit for any purpose" clauses ~~and incognito was never advertised for privacy to begin with~~ and straight up tells you it doesnt give you privacy when you open it.

[–] scrappydoo@lemmy.world 7 points 8 months ago* (last edited 8 months ago) (1 children)

“If you’re concerned, for whatever reason, you do not wish to be tracked by federal and state authorities, my strong recommendation is to use [Google Chrome’s] incognito mode.”

  • Eric Schmidt, 2014

Source: https://www.forbes.com/sites/thomasbrewster/2015/01/05/super-cookies-can-track-you-over-google-incognito/

load more comments (1 replies)
[–] Crashumbc@lemmy.world 6 points 8 months ago (1 children)

If I had to guess, is because the mode's very name strongly tells you so?

Definition-- adjective (of a person) having one's true identity concealed. "in order to observe you have to be incognito"

adverb in a way that conceals one's true identity. "he is now operating incognito"

noun an assumed or false identity. "she is locked in her incognito"

load more comments (1 replies)
[–] _number8_@lemmy.world 5 points 8 months ago (1 children)

not protecting users from tracking is very different than wantonly tracking users yourself when they literally hit the privacy button

[–] Lojcs@lemm.ee 2 points 8 months ago

I would think such a thing would be a bigger liability. Because even if Google stops tracking you other trackers wouldn't. If people didn't read and understand "this does not protect against trackers" they definitely aren't going to do that with "this will stop Google's trackers but not 3rd party ones".

[–] kittenzrulz123@lemmy.world 14 points 8 months ago (2 children)

If you don't want to be tracked just use LibreWolf or Tor

[–] k_rol@lemmy.ca 21 points 8 months ago (2 children)

I'd say give a try to Firefox

[–] jinwk00@lemm.ee 13 points 8 months ago (1 children)

Isn't Librewolf fork of Firefox with hardened features pre-enabled?

[–] TheGrandNagus@lemmy.world 11 points 8 months ago* (last edited 8 months ago) (2 children)

It is.

You could argue that the security patches Mozilla applies takes time to be applied to Librewolf, and also that all you need to do in Firefox is change a couple of options in the settings. People debate over which one matters more, having better privacy defaults or being extremely quick to patch exploits.

In the real world I imagine it hardly matters.

load more comments (2 replies)
[–] kittenzrulz123@lemmy.world 6 points 8 months ago

LibreWolf is just Firefox but better and Tor is Firefox but maximum privacy

[–] Fades@lemmy.world 2 points 8 months ago (1 children)

WaterFox too

load more comments (1 replies)
[–] SpicyLizards@reddthat.com 14 points 8 months ago

Good to see Google finally fixing issues

[–] RememberTheApollo@lemmy.world 10 points 8 months ago (2 children)

I can’t remember the last time I used Google Chrome.

Nothing but Firefox and a Linux chromium browser.

[–] MeanEYE@lemmy.world 4 points 8 months ago (2 children)

Unfortunately I have it installed to double-check things and occasional compatibility purpose. Believe it or not, sites have started to appear who work in Chrome but not Firefox. Solution is most likely perfectly simple but developers just don't want to deal with it so I've been told "just use Chrome" few times in past few years.

load more comments (2 replies)
[–] lolcatnip@reddthat.com 3 points 8 months ago (1 children)

Firefox's InPrivate mode is the exact same feature.

load more comments (1 replies)
[–] MeanEYE@lemmy.world 6 points 8 months ago (2 children)

Talk about easy way out. "There, problem solved. It's not a violation if we write it somewhere in tiny font."

[–] Rediphile@lemmy.ca 10 points 8 months ago (1 children)

The amount of words needed to fully explain this to tech illiterate idiots would be so many that those idiots would just argue they cannot be expected to read all of it. These people already do this with the terms + conditions documents they agree to.

Incognito mode did every single thing it said it did and behaved exactly as I expected from day one. Is there a single user here who actually was surprised by how it worked? Did anyone honestly think it was like Tor or something? Why? Where did anyone ever get that idea at all?

[–] WaxedWookie@lemmy.world 5 points 8 months ago (2 children)

Expected incognito functionality sits in the gaping chasm between actual incognito functionality and TOR. When I'm being told I can go incognito - you know, sneaky, in disguise, I don't expect to have all of my activity broadcast back to those that say I'm incognito.

Of course, trusting current Google is foolish, but that doesn't make it less deceptive.

[–] Rediphile@lemmy.ca 6 points 8 months ago (7 children)

So do you feel the naming was inherently misleading which led you astray? Because incognito mode absolutely kept things 'sneaky' in terms of hiding the things I look up from other people who use the same computer. Which is specifically what Google said it would do and showed examples of in TV commercials. And it definitely did (and still does) that.

I'm also struggling to understand what you feel you 'trusted' Google on exactly. What did they tell you that you believed but, as it turns out, was not true?

load more comments (7 replies)
[–] lolcatnip@reddthat.com 2 points 8 months ago (1 children)

So you're saying it's Google's fault you relied entirely on false assumptions based only on the single-word feature name and ignored the very short disclaimer that appears every time you use it?

load more comments (1 replies)
load more comments (1 replies)
[–] Loce@lemmy.world 3 points 8 months ago

Every day I'm more glad I've got rid of that spyware browser-wannabe called Chrome.

load more comments
view more: next ›