Browsing in Incognito Mode

Who are YOU? Why are you HERE? Can you STORE this temporary data for me so I can track you? Can you tell me more about how you surf the net?

Why not? Is that creepy? Well.. you’re telling everybody else. Why not me? I want to know if you’re a hot 25 year old female that’s single, and browse dating sites. So IF I would want to target you, I can. I can just store a (super) cookie and use other data that YOU share with ME, and draw conclusions from it. Heck, I can get as close as the town or the street you’re living in.

(File->New Incognito Tab)

But don’t worry, I am not tracking or putting a target on anybody. But worry, because others who you don’t know .. do. And you can protect yourself using a virtual private network while browsing, change your user agent of your browser, not store third party cookies, and browse in Incognito mode.

tl;dr Browsing the web comes with a compromise of privacy. Your browsing behavior discloses your gender, age, location, and what sites you’re visiting. This blog post is about giving you pause and switch to incognito mode when you’re browsing unfamiliar sites.

(Incognito tabs look a little different)

Chrome is the browser of choice, so that’s what I am using in this example. I believe it’s called Privacy tab in Opera and FireFox and Private window in Safari. The principle and arguments are the same, so.. apply.

The normal situation:

When you browse to a site, you’re resolving a host to an IP, and whatever is on that end point loads (when capable) in your browser. This could be a Facebook page, or a site with information about dogs, or some unknown site you’re discovering hoping to have pictures of cats on it. Sometimes these sites have not just first party code running, but they have third party stuff like advertisements, or maybe even worse. They could have been compromised and run malicious advertisements or some naughty javascript in the footer. Worst case, the site itself is made specifically to figure out who you are and how they can get money out of you. For example, ransomware sites that trick you and before you know it your Windows machine is encrypted and you pray you have a backup somewhere.

These sites, good or bad, they can see your browser details, where you just browsed, and through use of cookies and flash objects they can do a lot more. It’s too much to get into. But local data stored by your browser can disclose your gender, location, age, etc. They ARE capable of profiling you. And since it’s big business it’s no surprise that Google’s business is search and advertising.

The Incognito mode situation:

The same, but instead of a normal browser window with preferences, it’s a forced set of preferences. Cookie and session data is not stored, therefore not recalled either. So the site you’re visiting doesn’t know that a few links ago you were somewhere. It is a lot harder to guess who you are, and first and third party cookies aren’t stored either, unless you specifically login again. And then they get trashed once you close the tab/window.

It’s not perfect, there’s still enough a malicious site can do to figure out quite a bit of info. That is why I recommend to browse smart, to not use your ISP’s DNS services, and to use a VPN during regular and mobile browsing. But this is a first step.

In Incognito mode your browser doesn’t store your history. It also won’t keep track of sites you’ve visited, files you’ve downloaded, or things you’ve logged into. It’s a per session situation. But yes, files you download are still downloaded. Closing the browser won’t delete those files. But if you would ask Chrome ‘didn’t I download that game yesterday?’ it will reply ‘you were browsing yesterday?’.

Can you use Chrome on Android / iOS tablets and phones? Yes. Does it support Incognito mode? Yes. What about Windows/Linux/Mac desktops? Yes. And since it’s cross-platform there’s no reason not to use Chrome, or it’s Incognito mode feature.

(left: Incognito tab, right: normal tab)

When to use it?

Since it’s such a compromise in privacy it’s strongly recommended to use it when you can. But since it’s such a compromise in convenience it’s recommended to use it when you’re not on your ‘good’ and ‘familiar’ web sites. A couple of examples:

Browsing Facebook like usual? Use normal mode. But block third-party cookies.
Browsing through Google search for cat pictures or other random stuff and you have no idea what sites you might end up on? Use Incognito mode.

Someone wants you to check out a link, and you aren’t super sure if it’s safe or not, yet.. but you’ve decided to still click it? Use Incognito mode. If they are any affiliate or referral links, or some url shortening link that might end up wherever, then Incognito mode is the way to go.

Basically, this is my personal policy: I by default try to browse in Incognito mode. Unless I know I am going to one of my bookmarks where I might want to login (like Facebook), or sites I frequent.

So go to your browser settings and block third-party cookies, and when you browse around the net, especially when you visit sites for the first time, just open them in a new Incognito tab. This will improve your online experience as you get less crap, lower the risk of bad stuff happening, and increases your privacy online. The next step is to start using an open DNS service, and properly encrypt your connection.