Incognito mode sucks for Privacy and Safety. Here's why.
Odds are you've heard of "Incognito mode." Odds also are that you may think Incognito mode (or other names for "private browsing" such as inPrivate) protects your privacy while browsing the web.
Well, unfortunately, here's the truth: "Incognito mode" doesn't do that much for your online privacy.
Let me explain why.
What is Incognito Mode?
First, let me clarify: "Incognito mode" is specifically the private browsing function for Chrome (and most Chromium-based) browsers. However, given Chrome's/Chromium's insane browser market share, it seems to have become a catchall for all private browsing. Hence why we're using it the way we do in this post.
Incognito Mode / Private browsing is a browsing function that tells the browser not to store temporary browsing data outside the current browsing session.
When enabled, for the session, Incognito mode / Private browsing will not store:
- Local search history
- Browsing history
Different browsers may supplement their respective Incognito Mode / Private browsing modes as with some additional features. For example, vanilla Mozilla Firefox is configured to automatically block known trackers like Google Analytics while in its private browsing mode.
What Incognito Mode doesn't do
In short, there's a ton that Incognito Mode / Private Browsing doesn't do to directly benefit your privacy. Some of what it doesn't do includes:
- Does not hide your IP address
- Does not address vulnerabilities that can be further exploited, such as WebRTC leaks.
- Does not address any DNS related privacy/security issues
- Does not unblock websites that are blocked by your router/network/ISP
- Does not hide your identity from services/websites you log into
- Does not hide your browsing activity from your ISP or anyone who can/will/does snoop on your network
However, due to what it does do (as described above), some users may be under the impression that Incognito Mode provides more than what it actually does.
For example, just because Incognito Mode doesn't save your search history, doesn't mean the search engine itself isn't saving/analyzing your queries. Therefore, you can't use Incognito Mode / Private browsing as a real alternative to using a privacy-respecting search engine.
Just because your browser isn't recording your browsing history for that session doesn't necessarily mean the browser isn't "phoning home," to remote servers - this is especially true is you're using browsers like Microsoft Edge or Google Chrome.
Just because your browser isn't saving cookies, doesn't mean that you're automatically not being tracked at all. There are far more tracking methods and mechanisms that don't utilize cookies, so don't be fooled into thinking blocking/deleting cookies is the end of everything!
What's more, Incognito mode definitely doesn't protect against security issues which include:
- Advanced tracking methods
- Browser-level attacks, such as Cross XSS scripting
- Defects in browser security ex: lack of security patches
Additionally, Incognito mode does very little in improving security. For example, enabling Incognito mode does not mean your connections are secure (that's part of HTTPS's job) or that your DNS requests are encrypted and not being readily snooped on by the likes of third parties/your ISP.
False sense of security
The most detrimental part of Incognito Mode is the false security it gives many "average" users.
That's not to say that Incognito Mode is "falsely advertised," by browsers, but rather a lack of deliberate clarification of what exactly Incognito Mode / Private browsing does. Granted, you can reasonably argue that this isn't the responsibility of the browser, but rather the responsibility of the user.
However, with that said many information "sources" tout Incognito Mode as a magical tool that fights against tracking and improves "anonymity" on the internet. This is plain misinformation.
So, what is Incognito Mode good for?
- When you're using a public or shared device
If you ever have to use a public device such as a library computer, then you most likely don't want any of your information (such as browser history and session cookies) stored on the device even after you're finished using it.
Remember, when you exit of Incognito Mode, the browser wipes your cookies and your browsing history for that session. In this case, using Incognito Mode is highly beneficial; imagine forgetting to wipe the browsing history or logging out of your email if you opted to use the "regular" browsing mode after using that public computer!
If you're using a device that is frequently shared - let's say, between members of your household - then you might not necessarily want whoever jumps on the device after you to view your browsing history.
- Signing into the same service with different accounts, on the same device
Granted, this can also be achieved if you use a totally different browser alongside the main browser, but for some users and/or use cases this may be inconvenient.
Well, Incognito Mode fixes that.
For example, let's say you have 2 different accounts at the same email provider.
You can sign into Email account 1 while using the regular browser mode. Now, enable Incognito Mode/Private Browsing and you can then sign into Email account 2, while staying signed into Email account 1.
Ways to improve your privacy when using Incognito Mode
Despite the flaws involved with only using Incognito Mode, fortunately you can combine it with other solutions to actually improve your online privacy:
- Using a privacy browser
Using a privacy browser comes with many benefits. Naturally, improved privacy and security are a couple of them.
Overall, A good privacy browser shouldn't phone home unnecessarily, and when/if it does "phone home," then it shouldn't include sensitive information such as bookmarks or your browsing history. A good privacy browser should resist common browser fingerprinting techniques.
Additionally, good privacy browsers should also limit the amount of identifying information it leaks to websites you use, release updates regularly, and improve better security settings/capabilities than "standard browsers."
- Deploy tracker blockers
Trackers come in many different forms, which frequently include:
- Internet ads displayed on websites frequently carry trackers. Often times, they use some pretty aggressive methods that easily track you across different websites.
- Invasive website analytics
- Different fingerprinting practices
- Tracking cookies
You can block ads and trackers on both the device/browser level and your network level. Ideally, you should do both for the best protection.
Typically, to block various ads and trackers within your browser, you would download a trusted tracker blocker such as uBlock Origin.
Incognito mode is not enough to preserve anyone's online privacy, regardless of personal threat model. It never has been enough, and given the evolution of tracking technology, it probably never will be.
With that, as always, stay safe out there!