Meena Rajendran reveals what lies behind the curtain of Incognito Mode. Does it really keep your online activity private? You’re about to find out.
“Your IP address lays the trail that tracks all your browsing activity online. Incognito mode does not erase or delete this data. It merely masks it…”
The internet offers unprecedented opportunities for personal and global connection, progress, and transformation, but it is also a Wild West of criminals and outlaws ready to take advantage of anyone wandering about cyberspace without the proper cloud protection.
One of the primary ways many internet users attempt to provide themselves with this protection is by activating their web browser's incognito mode before going online in order to make their online activity anonymous. But how anonymous is that activity in incognito mode, and how much protection does it actually offer?
Different browsers call it by different names. In Safari, it's called Private Browsing. In Internet Explorer, it's called InPrivate Browsing, and in Google Chrome (and henceforth in this blog,) it's called Incognito Mode. Whatever name it goes by, the concept is essentially the same: incognito mode is a browser setting that allows users to surf the internet without storing that activity in the user's browsing history. Every web browser provides users with this feature in some fashion.
When you enter incognito mode, the browser does not save the following data:
This means other people using the same computer or other device you use to access the internet will not be able to view that information about your online activity. This is particularly beneficial in settings where devices are shared, such as in the workplace.
Typically, web browsers use a technology called "cookies" to track users' web-browsing activities, preferences, and habits. Cookies are pieces of unique identifying code that track the online activity from a single web browser in real-time, not unlike a bread-crumb trail in the classic Hansel and Gretel fairy tale. These cookies track information like:
In addition to preventing dropping cookies to mark your presence or activity on a web page for tracking purposes, incognito mode also prevents the browser from searching for cookies to recognize you when you arrive on the web page as a return visitor. This means any pages that load will contain no auto-filled login information or webforms and no customized content or targeted ads.
One thrifty way many use this to their advantage for online shopping is to prevent prices, such as travel ticket prices, from rising the more times they search for them.
Each browser offers a slightly different feature set in its version of web-browsing anonymity, but none offer complete and total anonymity. In every case, some activity might still be visible.
Even though you're in incognito mode, however, some individuals or entities might still be able to view your online activity. This includes:
The reason this information is still available for these individuals and entities to view is that incognito mode does not mask your IP address or the unique number identifying your internet connection from all others. Your IP address lays the trail that tracks all your browsing activity online. Incognito mode does not erase or delete this data. It merely masks it from most, though not all, other users.
Chrome also saves your downloads and bookmarks to your computer or device, even when you're in incognito mode.
You can help prevent these entities from accessing this data by deleting your incognito history manually after closing out each session.
It's also important to note that, even if you manage to prevent your web browser from storing any data on your device, there are many other places where copies of that data might still be stored, including:
This is why you need to be extra cautious when corresponding online with other people in real-time, such as on a Zoom call.
Cookies are just one way companies use their websites to build a picture of you that helps them to better market their products and services to you. This picture, called a digital footprint, includes data like your operating system, browser and device specifications, your location and time zone, and your language. It also includes all other traceable actions, activities, and communications of any given user online.
Companies run scripts in the background of their websites to collect all this information, scripts that so closely resemble those for the general functioning of their sites as to be nearly indistinguishable from them. The companies can then use these scripts to increase prices for users who frequently search for the same item or mark an item as one of interest, etc. (e.g., the travel ticket example cited earlier.) They can use them for ad-tracking purposes, collecting information about your online behavior so they can send you targeted spam.
Moreover, companies store all this information about you for later use. This gives them the ability to sell that data to a third party or leverage it through a data broker. Worse, if the company is ever the target of a data breach, that data could get into the hands of cybercriminals who could then use it to conduct identity theft and wreak all sorts of financial havoc on your company and the lives of you, your employees, and your customers.
While incognito mode may block cookies, it may not protect you from all these background scripts.
In addition, if you use Wi-Fi to access the internet, then anyone can get on that same Wi-Fi network and use spyware tools to track your online activities. That means if you access the internet using the Wi-Fi connection at a café, shopping mall, airport, or other public location, then incognito mode provides you little protection.
If you're logged into any third-party accounts, like banking or credit card accounts, online shopping accounts, or streaming media accounts, then websites, advertisers, and yes..cybercriminals can still track your activity in those accounts during that session, even while you're in incognito mode. Once you sign out of the account or close the page, the information will not be saved.
While incognito mode may not offer you all the privacy you thought it did, there are other ways to achieve additional privacy online.
A VPN is a way to access the internet, just like DSL, only a VPN is far more secure. Whereas other server networks, like DSL, are shared with other customers, and therefore easier to hack, VPNs are private. Each VPN user is its only user, making it much harder to hack, and therefore much easier to stay incognito online.
Moreover, a VPN completely encrypts all data coming from your computer, including all identifying data regarding you and all devices connected to that virtual private network. Unlike incognito mode, a VPN bypasses geolocation restrictions and even hides your IP address, including from others on the same network.
A VPN will not, however, erase your browsing history or prevent your device from storing it. For that, you will still need to surf in incognito mode. So by using a VPN in combination with incognito mode, you can make all your online activity anonymous, unreadable, and unrecorded, meaning it's both private and untraceable to you.
Built on the Mozilla Firefox platform, a Tor-based web browser uses a technology called "onion routing" to provide you with total anonymity while using the internet. Through this technique, these browsers route web data through multiple servers, encrypting it at each stage before transmitting it to or from your computer.
DuckDuckGo is a browser that displays no targeted advertising and therefore has no need to track users' search histories. It, therefore, keeps those search histories anonymous.
Incognito mode does keep you mostly safe while online. However, you may want to take additional steps for your privacy.
Head of Threat Hunting and Incident Response, Meena Rajendran’s passion is rooted in creating Cybersecurity Awareness. As a GCIH certified incident responder, Meena regularly faces the evolving challenges behind cyber-attack investigations. Meena devotes her spare time to threat-hunting, researching, reading and writing about her specialized field. You can follow Meena’s work on her website MeenaLive or on Twitter and Linkedin.