[HN Gopher] Judge in Google case disturbed that 'incognito' user...
___________________________________________________________________
Judge in Google case disturbed that 'incognito' users are tracked
Author : johncena33
Score : 669 points
Date : 2021-02-26 17:34 UTC (5 hours ago)
(HTM) web link (www.bnnbloomberg.ca)
(TXT) w3m dump (www.bnnbloomberg.ca)
| staticassertion wrote:
| I honestly think that the term "tracking" is too benign. If I
| followed someone around, taking notes on them as I went, so that
| I could try to sell them something, I would be called a
| _stalker_.
|
| But do it online and it's just "tracking".
| yesenadam wrote:
| > If I followed someone around, taking notes on them as I went,
| so that I could try to sell them something
|
| Well, _stalking_ sounds like you 're driven by some strong
| emotion or crazy plan. This sounds more like a private
| detective/investigator doing surveillance, or a "social
| engineer" - itself an even more over-benign term - exploiting
| people to get what they want.
| cirenehc wrote:
| Because in one case the target is the individual. The other
| case your data gets aggregated and sold as bulk in the form of
| ad impressions (tracking).
|
| A better comparison would be, the gov uses your census data to
| mail you flyers.
| loveistheanswer wrote:
| No, there is plenty of stalking/tracking which targets
| individuals. It's called microtargeting.
| staticassertion wrote:
| YEah I stalk a TON of people so it's fine, it's just
| aggregate stalking.
| 5tefan wrote:
| Tracking should be illegal. I see it that simple.
| smartician wrote:
| Can you define "tracking"?
| rdiddly wrote:
| My own comment deeper in the tree made me realize something, so
| I'm restating it at the top level. Basically the central
| misconception here, that Google is more than happy to leave
| unclear, is that Incognito Mode has ever been incognito. The only
| party not gathering data about your "incognito" browsing is you,
| i.e. the only party to whom that browsing is _incognito_
| (unknown), is you. (Oh and anyone who were to use your computer
| and your login to view your browsing history; that 's the flimsy
| pretext that prevents it from being a complete lie.)
|
| In my other comment I joked that since you're basically wandering
| around forgetting where you've been, it should be called
| Forgetful Mode, and the icon should be, instead of a spy, an old
| man hunched over with a cane and little dots and curliques
| surrounding his head indicating a diffuse cognitive state. He
| doesn't remember where he's been! But don't worry, his caretakers
| will remember.
| prtkgpt wrote:
| When "Don't be evil" doesn't live up to the standards.
| racecondition wrote:
| odd since you know it says that as a warning on every icognito
| page what the purpose of it is, it is so disassociate history
| being logged locally so other people looking at your browser
| history cant see what you did. noone said its not being tracked.
| icognito from the perspective or your locally preserved state in
| the browser, not anyone elses...
| hikerclimber wrote:
| Hopefully stocks all over the world go to 0
| ocdtrekkie wrote:
| > Broome's attempt to downplay the privacy concerns by pointing
| out that the federal court system's own website uses Google
| services ended up backfiring.
|
| I'm amazed Google's lawyer was amateur hour enough to go with an
| "everyone does it" approach here. He proved Google is a monopoly
| and that the court using their services poses a risk to the
| public.
| jessaustin wrote:
| Not only that, but he identified "website owners" (more
| properly this would have been "some website administrators") as
| the parties aware of the situation. This is a completely
| different group from website _visitors_ , whose interests are
| often completely opposed. By framing it this way he was
| admitting a problem no matter what the court's site does.
| kop316 wrote:
| Unless I am reading this incorrectly, I think this paragraph
| better summerizes the article versus the headline:
|
| "In this case, Google is accused of relying on pieces of its code
| within websites that use its analytics and advertising services
| to scrape users' supposedly private browsing history and send
| copies of it to Google's servers. Google makes it seem like
| private browsing mode gives users more control of their data,
| Amanda Bonn, a lawyer representing users, told Koh. In reality,
| "Google is saying there's basically very little you can do to
| prevent us from collecting your data, and that's what you should
| assume we're doing," Bonn said."
|
| It doesn't seem like the complaint is that Chrome collects data
| on you in "Incognito" mode, rather that websites (e.g. Google
| Analytics) still collect on you in "Incognito" mode.
| Blikkentrekker wrote:
| Going _incognito_ on _Chromium_ still gives a warning that it
| does little for website tracking and purely does not save
| browsing history.
|
| So one can browse the finest pornography[1] without one's
| cohabitants finding out.
|
| [1] https://nhentai.net/g/335688/3/
| cptskippy wrote:
| I think the question then becomes, is Google able to tie your
| Incongnito activity back to your regular activity?
| darth_avocado wrote:
| Why is this a surprising thing? The only thing incognito mode
| does is that your browser doesn't remember what you surfed on
| the internet, pretty much everything else is fair game. Your
| ISPs know what you're upto, adtech is so advanced that they can
| still track you purely based on your IP, all the websites
| pretty much know who you are (if you've visited them before)
| even if you don't log in, why is it so surprising?
| zelon88 wrote:
| The problem is that Google stands on both sides of this
| relationship. With Firefox there are borders around where your
| browser ends and the sites you visit begin.
|
| Google has been blurring that line between browser and content
| ever since single sign on in Chrome 69. I think it's a fair
| exercise to explore the relationship between Chrome and Google
| services just because they put themselves in this position for
| a reason. We deserve to know what that reason is. I don't trust
| Google at their word.
|
| With Firefox there's no question because Mozilla lacks the
| ability to leverage anything they might incidentally collect in
| private browsing. Google does have that ability and we should
| know if they are abusing it.
|
| If you asked Google employees and Google fans if they thought
| Google was reading their Gmail for advertising they'd probably
| roll their eyes at you. And alas they turned out to be
| mistaken.
| robteix wrote:
| > It doesn't seem like the complaint is that Chrome collects
| data on you in "Incognito" mode, rather that websites (e.g.
| Google Analytics) still collect on you in "Incognito" mode.
|
| Isn't that a distinction without a difference though? It's not
| Chrome, it's Google Analytics. It's all Google in the end,
| isn't it?
| root_axis wrote:
| The difference seems pretty meaningful. Google analytics
| really has nothing to do with Chrome in this context, the
| same thing would be true in any browser visiting a site with
| Google analytics tracking.
| kevin_thibedeau wrote:
| Chrome is designed to give Google control of the
| information it collects. That is the only reason it exists.
| It has everything to do with GA. They're not burning
| millions on developers out of goodwill.
| d1zzy wrote:
| Says who? Not according to the public discussions at the
| time it was started.
| root_axis wrote:
| > _Chrome is designed to give Google control of the
| information it collects_
|
| Sure, but chrome does not do this in incognito mode, same
| as any other private mode browser, there's nothing
| specific about chrome that allows GA to collect your
| analytics in incognito mode, GA can do so in any browser.
| 7800 wrote:
| Incognito mode isn't privacy. It just keeps cookies and cache
| cleared initially for that incognito session. That's like
| Firefox, etc.
|
| The EU and California notion that disabling cookies stops
| companies from tracking you is also false. Everything between
| you and the site can track you, and the site could track you
| without cookies.
|
| Even hiding your IP via using a VPN doesn't protect privacy
| as much as you'd think, somewhat depending on the VPN
| provider and those interested.
|
| Tor? Not always private. If you don't believe me, search for
| it and show me how to prove that it is or could be fully. And
| it makes you a target; why do you need that privacy, they
| ask?
|
| Privacy is a grey area.
| fchu wrote:
| Not quite. Having a blanket "Google doesn't track you"
| statement doesn't capture the complexity of reality: what if
| the website you're browsing is using Firebase for their
| authentication, or Google Pay for payment. I'm certain most
| users would want the website to function correctly, otherwise
| it defeats the point of using incognito. In all of these
| cases, Google will have a record of you, even if those
| records are not actively joined. Where do you draw the line?
| TheRealPomax wrote:
| Not in court, no. In court that is a huge difference, because
| Google is a company, Chrome is a product, and Google
| Analytics is a technology, and those are completely different
| things.
|
| A good lawyer could quite successfully argue that all three
| being "Google" is not sufficient for the public to reasonably
| expect that "private browsing" means Google will still be
| monitoring you. And while Google would argue that its EULA no
| doubt contains a clause along those lines, the deception is
| still there, and can still be litigated (even if the verdict
| ends up being "this is deceptive and you must change this
| aspect of your product" without this particular thing, among
| many many others, requiring punitive measures)
| Negitivefrags wrote:
| It's not just in the EULA. It's in plain english right
| there when you go into Incognito mode.
|
| "Chrome will not save the following information"
|
| "Your activity might still be visible to websites you
| visit"
| GavinMcG wrote:
| This assertion without an argument is not especially
| helpful. What _legal_ distinction must hold the line here,
| in your view? _Why_ is it insufficient to suggest that a
| user in a Google Chrome Incognito window might reasonably
| expect Google to be on notice that they do not consent to
| Google tracking?
|
| Edit: the parent has since been edited. It had said only
| "Not in court, no. In court that is a huge difference."
| hojjat12000 wrote:
| Because "incognito mode" is not about tracking! It is
| about saving information on your local machine. If you
| are in incognito mode and log into Gmail, you will see
| your own email! You are not incognito to Gmail. It used
| to be called "porn mode". I think that's a better name
| for incognito. It is there to stop others who use your
| computer to spy on you. Ofcourse you can use incognito
| (assuming you don't log into anything) and be reasonably
| anonymous (there are many other things that can track you
| even in incognito). I think it just need a rebranding. I
| vote "porn mode".
| pyrale wrote:
| > Because "incognito mode" is not about tracking! It is
| about saving information on your local machine.
|
| Expecting laypeople to understand that distinction is
| probably a bit optimistic.
| blacksmith_tb wrote:
| I suspect "no-history-mode" would be an easier sell. It
| would certainly explain a little better what's going on,
| but clearly lots of folks wouldn't still understand that
| the 'history' is only on their end. "I wanted no history
| of what I was doing anywhere!" Use Firefox+uBlock, or
| Tor, or...
| xiphias2 wrote:
| Porn mode is also about companies and governments finding
| out information that they can use to blackmail you.
| sixothree wrote:
| My problem here is google's attempt to correlate
| incognito users to their non-incognito history.
|
| The intent of the user is clear.
| grahamburger wrote:
| In your view should Google not allow people to log in to
| Gmail while in incognito mode? How can someone remain
| untracked by Google while in incognito mode but also
| interact with personalized Google services, like email?
| GavinMcG wrote:
| By _logging into one 's account_. Surely you see the
| distinction between deliberately availing oneself of a
| service and bring tracked on entirely separate websites
| without being informed, much less consenting.
| grahamburger wrote:
| You're making an argument against tracking in general.
| That's fine, but it's not what we're discussing. What
| we're discussing is if sites should treat traffic from
| browsers in incognito mode differently than traffic from
| browsers not in incognito mode. Do you think they should?
| I would argue that sites shouldn't even know whether or
| not their users are in incognito mode.
| charcircuit wrote:
| >My problem here is google's attempt to correlate
| incognito users to their non-incognito history.
|
| To a web server incognito mode isn't a thing. It's a
| client only thing. You don't know if a user is using
| incognito mode, or if they just cleared their cookies /
| cache. There's no way to know the user's intent.
| dfox wrote:
| "Porn mode" is bad name for the thing because for the
| typical porn use case the user actually wants the
| persistent persistent browser state (eg. so that
| pornhub's "Recommended for you" shows relevant content)
| and only wants it to be disconnected from their non-porn
| online activity.
| hojjat12000 wrote:
| You can still log into the porn website and watch your
| recommended videos. But after you close that window, no
| history of that ever happening is stored on your local
| machine. No urls, history, or cookies.
| evrydayhustling wrote:
| The legal argument is not about Google's tracking in the
| abstract, but about whether is is misleading users in how
| they describe Incognito mode. As of today, the Incognito
| mode screen says loudly that that _Chrome_ won 't record
| your activity, not that Google won't record your
| activity, so I think it's a hard argument that users were
| deliberately misled.
| kube-system wrote:
| It is placing the onus on a layperson to understand the
| technicalities of how third-party advertising trackers
| work.
|
| What is interesting is that they do explain this more
| clearly in some of their help articles -- but the leave
| out some of those details in description embedded in
| chrome. It takes 4 clicks to get to this from the "learn
| more" link -- it's pretty buried.
|
| > Your activity, like your location, might still be
| visible to: * Websites you visit, including the ads and
| resources used on those sites * Search engines
|
| https://support.google.com/chrome/answer/7440301
|
| Yet, the first click from "learn more" has even more
| confusing language:
|
| https://support.google.com/chrome/answer/9845881
|
| > Chrome doesn't tell websites, including Google, when
| you're browsing privately in Incognito mode.
|
| It seems that you really have to dig to get to the parts
| that tell you clearly that Google is one of the "websites
| that track you" that they're talking about.
| kllrnohj wrote:
| > It is placing the onus on a layperson to understand the
| technicalities of how third-party advertising trackers
| work.
|
| No they aren't. It's spelled out entirely when you just
| open incognito mode. It specifically says "Chrome won't
| save the following information" and also specifically
| says "Your activity might still be visible to websites
| you visit"
|
| You don't have to dig into any help articles or have deep
| technical knowledge of how Google Analytics works. Open
| up incognito and it's all right there right in front of
| you.
| kube-system wrote:
| A layperson would understand the phase "website you
| visit" to be the name at the top of the page. Google
| leaves out the fact that the vast majority of those
| websites you visit also include their trackers... and
| they do not even suggest this as a possibility unless you
| dig into their help articles. The initial page doesn't
| mention that the list of those who can track you is
| incomplete and is conveniently missing themselves.
| [deleted]
| kllrnohj wrote:
| A layperson also understands that when a company says
| "this product does X" they don't mean "everything we make
| does X."
| kube-system wrote:
| Sometimes. [0] There are ways that statements can be made
| 100% textually correct, but semantically misleading.
| Other companies have done this before to mislead people,
| with varying degrees of legal success.[1] What a court
| would be interested is _not_ whether Google is
| technically correct, but whether they misled people. They
| are in a unique position in this case to monetarily
| profit from misleading people, which may be something
| that would look bad in court.
|
| 0: For example: ask anyone who works at a helpdesk what
| it means when someone says "my Google doesn't work"
|
| 1: For example: Regulatory action against AT&T for
| "unlimited data" claims
| d1zzy wrote:
| > It is placing the onus on a layperson to understand the
| technicalities of how third-party advertising trackers
| work.
|
| Let's remove computers from laypersons because they can't
| understand simple English. /s
|
| Seems to me that the end result of such a lawsuit, if it
| moves forward, is that Chrome will drop the feature. It's
| not like it has any legal requirement to provide a
| feature like Incognito and if the courts decide that it
| can be easily misunderstood (and if it costs Google
| actual money because of that decision) then why spend
| engineering time providing such a feature.
| ClumsyPilot wrote:
| I think it's obvious that they were mislead. If you allow
| this form of defence, then I can, on one hand, sell you a
| privacy product, and on the other, have my subsidiary,
| which knows exactly how to get around it, spy on you and
| sell your data. Both entities are controlled by the same
| holding company, their 'separateness' is legal fiction.
|
| Its basically like insider trading. You are playing both
| sides.
|
| But suppose I were to take your argument - are the
| entities actually separate? Is Chrome development not
| funded by revenue from google ads? They would not pass
| any kind of test for 'independance'
| pfortuny wrote:
| But Nike Air is a product and Nike is a Company. What are
| you trying to convey????
|
| Takata is a company. They produced defective airbags...
| matheusmoreira wrote:
| > all three being "Google" is not sufficient for the public
| to reasonably expect that "private browsing" means Google
| will still be monitoring you
|
| The reasonable expectation to have is that nobody is
| monitoring you in the first place. This is doubly true when
| using private browsing features. Anyone violating this
| assumption is obviously guilty: the first group did not
| explicitly consent and the second group explicitly did not
| consent.
| GeneralMayhem wrote:
| No. Chrome is doing exactly what it says it is. It's
| different data, used for different purposes, by different
| entities. That's a huge legal difference, and also a
| significant practical one.
| ttt0 wrote:
| Is it? What about X-Client-Data header?
| GavinMcG wrote:
| Or it's by the different parts of the same entity. Why are
| you confident that Google's internal choices about
| organizing their business are what win the day here, rather
| than Google's interface with the consumer?
| loveistheanswer wrote:
| No. Chrome is owned by Google. Claiming otherwise is like
| punching someone in the face with your right hand, and then
| telling the judge your right hand is a separate entity.
| solidsnack9000 wrote:
| It's all stuff from Google but in the hands of different
| people.
|
| Google Analytics is installed by the owner of the website; it
| makes a promise to them: it collects everything it can.
|
| If Google Analytics actually ignored data from Chrome in
| Incognito mode, it raises some questions:
|
| * How does it detect that, exactly?
|
| * Is there an unfair competition aspect to it? What about
| other browsers, not from Google?
| vinger wrote:
| What other browser hold 70/80% of the market?
| bee_rider wrote:
| That second point is really interesting. It seems sketchy
| on both ends, really. Either they are intentionally
| circumventing their own privacy feature, or they are giving
| their own browser an unfair competitive advantage.
|
| Huh, maybe the level of integration here is just inherently
| problematic and companies shouldn't try to fulfill every
| role in the market.
| fiddlerwoaroof wrote:
| Yeah, making incognito mode detectable would be a huge
| privacy issue: it would enable blocking users based on
| incognito and all sorts of other bad issues.
|
| If incognito mode is undetectable, there's no way for
| Google Analytics to distinguish between "cross-device"
| traffic from an incognito window vs. from a phone and a
| laptop. Whether or not cross-decide tracking is good or
| bad, it's irrelevant to this question.
| unilynx wrote:
| > If Google Analytics actually ignored data from Chrome in
| Incognito mode, it raises some questions: How does it
| detect that, exactly?
|
| The most honest implementation would be to set the DNT
| header in incognito mode (as Firefox apparently does) and
| to have Analytics honor it. Does not require anything
| shady/anticompetitive
| captn3m0 wrote:
| This. Would be amazing to have a ruling enforcing DNT on
| GA, even if for Incognito since that gives backing to the
| DNT header, which has mostly been "don't honor" for
| advertisers.
| d1zzy wrote:
| As long as I can disable it (because DNT provides a
| pretty strong identification signal right now).
| josefx wrote:
| > How does it detect that, exactly?
|
| Detect that chrome didn't send the x-client-data id it
| sends to every google owned domain. Oh, wait, it probably
| still does that in incognito mode.
| ttt0 wrote:
| Maybe it's the perfect time to seriously consider whether
| Google should be split up. They control everything. From a
| nameserver, through a web browser, to online services and
| advertisement.
| nsgi wrote:
| How can there be a reasonable expectation that websites won't
| track users in incognito mode when browsers don't give websites
| that information (unless the website works it out in a
| backwards way)?
| jschwartzi wrote:
| Firefox sets the Do-Not-Track flag when you're browsing in
| Incognito mode. I think it's only Chrome that doesn't provide
| that information. So it's entirely possible for your
| analytics trackers to not forward those analytics on for
| users who are in Incognito mode if those users are using a
| browser like Firefox.
| deckard1 wrote:
| Do-Not-Track failed. According to Wikipedia, Apple dropped
| support and not many people adopted it anyway.
|
| It was always doomed to fail. You're asking the wolves not
| to eat you by setting an HTTP header. If these companies
| were the kind to care about the honor system, they wouldn't
| be tracking you in the first place.
| captn3m0 wrote:
| It is like the "Evil Bit" in rfc3514[0]. But if thus
| judge forces DNT on Incognito to be honored by Google, it
| could result in some adoption?
|
| [0]: http://www.faqs.org/rfcs/rfc3514.html
| feoren wrote:
| _Regulation_ around Do-Not-Track failed, as it often does
| when captured by industry. The Do Not Call list started
| in 2003, but it seems it 's starting to be taken a lot
| more seriously lately. Everyone should keep using Do-Not-
| Track and somehow logging/reporting/publishing violations
| of it (although I don't even know to whom -- maybe the
| best we can do is a version of plaintextoffenders for
| now). It can eventually end up as ammunition for a future
| bill to actually start regulating this effectively.
| Calling it a failure and abandoning it is not going to
| help.
| sp332 wrote:
| DNT was about trying to avoid government regulation. It
| was an opportunity for the ad industry to show that it
| could self-regulate and respect people's choices. Now
| that it has failed, the next step is for the government
| to step in and mandate privacy protections.
| deckard1 wrote:
| > The Do Not Call list started in 2003, but it seems it's
| starting to be taken a lot more seriously lately.
|
| Is it though?
|
| I'd say Do-Not-Call is a failure. Much like CAN-SPAM.
| Both are 2003. Check the calendar. I'm still wading
| through more spam than ever in my inbox and getting an
| ever increasing number of scammers calling my _cell_
| phone.
|
| The problem is always going to be that you need a
| watchdog with teeth. As we've seen in recent years, all
| of these government three letter agencies can be gutted
| simply by swapping in some corporate patsy at the top.
| Maybe you can beg the government mommy for your freedom
| and law enforcement back in 4-8 years. Antitrust laws
| exist. How many decades have we gone now since actual,
| serious enforcement?
|
| Shouldn't Do-Not-Track be the default anyway? Why must we
| opt out of tracking, spam calls, and spam emails?
|
| And, of course, the elephant in the room is: who wants
| spam calls, spam emails, and tracking in the first place?
| No one! No one would opt in to any of that crap. Which is
| why the laws are carefully designed for apathy and
| toothless enforcement.
|
| If you want to talk legislation then talk legislation. If
| you want to talk tech solutions then talk tech solutions.
| But an HTTP header is neither of those things.
|
| Imagine we all just drop encryption. Instead we just pass
| a flag in the TCP header that says "please don't look at
| my data passing through this network." Yeah that sounds
| insane, right?
| tgsovlerkhgsel wrote:
| The only chance it had was the EU (or California, or some
| other influential region) mandating compliance. I still
| don't get why the EU didn't do it (either using the
| existing DNT header or a new one). That could easily put
| an end to the cookie dialogs.
| wtetzner wrote:
| I think the point jschwartzi was trying to make is that
| Do Not Track paired with legislation _requiring_
| companies to honor it could be a reasonable solution.
| d1zzy wrote:
| I'd still end up having to disable it because there are
| plenty of trackers that are not bound by US laws (or any
| laws) and providing DNT is a stronger identification
| signal than not giving it.
| woah wrote:
| That's a pretty vague and ultimately meaningless distinction.
| You use a Google product that says it's not going to track you,
| and then it tracks you and sends your data to Google's servers.
|
| The fact that the link to Google's servers is on "other
| websites" doesn't really change the basic reality of what is
| happening.
| joshuamorton wrote:
| But in context chrome doesn't track you. The website you
| visit tracks you.
| ClumsyPilot wrote:
| But in context falling out of a plane doesn't kill you. The
| land you hit kills you.
| joshuamorton wrote:
| To use your metaphor, if you jump out of a Boeing plane
| and land on a Boeing factory, it's not Boeing's fault
| that your parachute failed.
| eschulz wrote:
| Upon opening an Incognito tab, Chrome warns you that your
| activity might be visible to websites that you visit. I'm sure
| Google's attorneys are aware of this.
| pessimizer wrote:
| Chrome warns you that websites that you visit may still track
| you. It doesn't warn you that Google, who owns Chrome, will
| still track you, which would put the lie to "incognito"
| anyway.
|
| It's as silly as if I ran an "anonymous" clinic where you
| didn't have to give your name, but my employees were
| instructed to figure out who you were by running in-house
| facial recognition software and to place the results in your
| file. That's materially different than warning people that
| "although our clinic is anonymous, you may be recognized in
| the waiting room by other patients" which is the way people
| understand Chrome's warning.
| alasdair_ wrote:
| >Upon opening an Incognito tab, Chrome warns you that your
| activity might be visible to websites that you visit. I'm
| sure Google's attorneys are aware of this.
|
| To a layperson, there is a marked difference between activity
| and identity - there is nothing on the tab that states that
| the identity of the user is still discoverable.
| eschulz wrote:
| You make a good point. There are trusting people, and then
| there are software devs and lawyers.
| PastaMonster wrote:
| The problem is that google refuse to fix bugs that allow
| fingerprinting. Those bugs can be years old!! This is why we
| need laws that force devs to fix privacy and security bugs or
| pay HUGE!!! fines. Hit them where it hurts. If each unfixed bug
| costs them 25% of the company's total worth per MONTH while it
| remains unfixed I bet they will fix them very fast. The dev
| tools window is still detectable by malicious javascript on
| sites. That stops and hides when the dev tools window is
| detected. I am certain google use that detection for their
| malicious behavior too. Why else drag their feet? They are
| hypocritical. First they are anal-retentive about security and
| on the other hand they ignore bugs for years.
|
| Not to mention the double standard google have. Long ago they
| fixed chrome to detect auto-installed extensions when you
| installed other software and yet google is doing the same
| bloody thing themselves. Try it yourself on a fresh new profile
| and check the extension page and the extension folder.
| Extensions are auto installed without permission. Manually
| removing them doesn't work either. They will be reinstalled.
|
| Edit: Speaking the truth will get you down voted. It's
| hilarious people down vote instead of coming with a counter
| argument. Perhaps they are so annoyed because they can't make a
| legitimate excuse for that nasty malicious behavior.
| onlyrealcuzzo wrote:
| Wasn't Incognito pretty much built so you could go to PornHub
| without every time you type P in your address bar it shows
| everyone looking at your screen what kind of porn you're into?
|
| Did Incognito give anyone any indication that it was somehow
| making you untrackable? It just meant that the browser itself
| wasn't storing what you were doing.
| vngzs wrote:
| Incognito mode includes the following text on the new tab
| screen:
|
| > Now you can browse privately, and other people who use this
| device won't see your activity. However, downloads and
| bookmarks will be saved.
|
| > Chrome won't save the following information: Your browsing
| history, Cookies and site data, Information entered in forms
|
| > Your activity might still be visible to: Websites you
| visit, Your employer or school, Your internet service
| provider.
|
| I'm normally a pretty pro-digital privacy person, because I
| believe the odds are stacked against average consumers to an
| unimaginable degree. That said, I don't believe incognito
| mode is misleading about what it achieves. I think it's
| pretty upfront about what it does and what it doesn't do.
| ehnto wrote:
| I would agree. It's an interesting position to be put in. I
| think most of us in tech can see the technical separation
| between the two bits of software, and likely feel like Google
| Chrome is not responsible for Google Analytic's actions, but I
| wonder if the court will see it that way. I think it's not an
| unreasonable take that if a user has let Google know it doesn't
| want to be tracked, that Google shouldn't track them with any
| of the technology they have.
| akersten wrote:
| > I think it's not an unreasonable take that if a user has
| let Google know it doesn't want to be tracked, that Google
| shouldn't track them with any of the technology they have.
|
| So the same people saying Google is a monopoly would say they
| must then _further abuse_ their monopoly position to stop
| Google Analytics from tracking _specifically Google Chrome
| users in incognito mode_?
|
| The only correct outcome of this case is for those involved
| to realize that a browsers' "private browsing" mode is
| referring to a completely different type of privacy. It has
| nothing to do with whether Google Analytics is present in a
| website. Unless they want to rule that websites can't track
| users at-all (and what does that even mean?) when they're
| browsing in private mode (and how would they know?), but that
| would be omnibus legislating from the bench.
| ehnto wrote:
| I don't think that's abusing their monopoly, it's
| acknowledging that they are a monopoly and so they should
| be held accountable as a wholistic entity.
|
| I don't have a legislative outcome in mind, but I would
| like to point out that "Do Not Track" program was an
| attempt to do exactly what your second paragraph suggests,
| it just had no teeth and was entirely voluntary. I really
| don't think it's too big of an ask to not track someone
| flagging they don't want to be tracked, and if it takes
| regulation to do that then so be it. Ad-tech needs a wake
| up call to start behaving more ethically.
| akersten wrote:
| > I don't think that's abusing their monopoly, it's
| acknowledging that they are a monopoly and so they should
| be held accountable as a wholistic entity.
|
| The reason it would be abusing their monopoly is that
| Firefox and Edge private mode browsers would not get the
| same treatment. Google Analytics would still be active
| for them in private mode.
|
| The only ways out for parties here are:
|
| * Accept the way technology works, that browsers are
| separate from code that runs on websites, and acknowledge
| that users can be tracked regardless of what their
| browser chooses to do
|
| * Mandate that Google devise a way to stop tracking for
| all browsers in private mode (not a technically possible
| solution; judicial overreach), or just for Google Chrome
| (possible; but amplifies their monopoly because it would
| be a privacy incentive for users to switch to Chrome, a
| Google product; is also judicial overreach)
|
| * Mandate that browsers have a standard way to indicate
| to websites that they do not want to "be tracked" and
| websites must respect that (and I don't have to tell you
| that this one is judicial overreach :) )
|
| So, that's why I say the only way forward that makes
| sense for this case is for the plaintiffs to drop it.
| There's no acceptable judicial recourse for them here.
| They can lobby the legislature if they want to make it
| mandatory that ad networks respect the abandoned Do-Not-
| Track header.
| d1zzy wrote:
| Another outcome is for Chrome to drop the feature. I think
| that's far cheaper than the alternatives considered.
| GeneralMayhem wrote:
| Right. Open up an incognito window right now, and you'll see,
| in plain English, front and center:
|
| >Your activity might still be visible to websites you visit.
|
| The error here is in treating all of Google and all of data as
| monoliths. The first paragraph of the article makes this...
| let's be generous and call it an honest mistake:
|
| > The Alphabet Inc. unit says activating the stealth mode in
| Chrome, or "private browsing" in other browsers, means the
| company won't "remember your activity."
|
| Yeah, I doubt anyone from Google says that, which is why they
| had to use phrases instead of sentences in quotes. _Chrome_ won
| 't remember your activity. That doesn't mean _Google_ won 't if
| they know who you are for some other reason.
| GeekyBear wrote:
| Oddly, it doesn't tell you that Google itself will still
| track you through Google Analytics.
|
| Something that is under Google's control.
| reaperducer wrote:
| _Open up an incognito window right now, and you 'll see, in
| plain English, front and center: >Your activity might still
| be visible to websites you visit._
|
| Maybe the problem could be solved by using a description
| other than "incognito" and an icon of a spy, generally
| considered a person who would be hidden or stealthy.
|
| Maybe "Reduced Tracking Mode," or something more honest.
| rdiddly wrote:
| Assuming someone forces Google to do that in Chrome (which
| is pretty much the only way it would happen), how about
| calling it "Forgetful Mode." Because by turning it on
| you're telling the browser not to remember where you've
| been. I don't know if that would fully clear up the central
| misconception here, namely that in that case the only
| person not gathering data about your browsing is you. But
| at least it hints at it. When it's turned on, you're
| basically wandering around forgetting where you've been;
| hence maybe the icon should be an old man hunched over with
| a cane and little dots and curliques surrounding his head
| indicating a diffuse cognitive state!
| BoorishBears wrote:
| The point has always been painfully straightforward, your
| browser is the one who stops tracking your browsing
| activity, not the sites you visit.
|
| There's even a warning about that
| andyfleming wrote:
| "Reduced Tracking" is partly the misnomer though. It's not
| less tracking, right?
|
| It's just a temporary separate browsing session with
| history turned off.
|
| The only thing that makes it less tracking is that it might
| not be associated with the profiles you're logged into in
| your normal browsing profile.
| danudey wrote:
| I think there's another issue here though.
|
| If I turn on Incognito mode and then go to Amazon, Amazon can
| obviously see what I'm doing. If I log into Amazon, then
| Amazon knows it's me and can track that. I think that's
| reasonable, but people didn't understand that that's the case
| and that's why Google has that disclaimer there.
|
| That's different from browser fingerprinting[1] though.
| Fingerprinting techniques exist which can tell that you're
| you even if you're in incognito mode. For example, if you're
| visiting Pornhub every day in incognito mode, the company can
| still build a pretty reliable profile of you. If you then
| visit them _not_ in incognito mode once, they may be able to
| take that incognito profile and associate it with you a lot
| more closely.
|
| Likewise, if you visit Amazon from your browser all the time
| and then visit them in incognito mode, these fingerprinting
| techniques allow Amazon to know it's you already; they can
| "play dumb" by keeping you logged out, not showing you
| recommendations, etc., but they can still figure out it's you
| and use that to continue to build a profile on you.
|
| The caveat here is that this is much more useful for some
| people than others. If I visit HN, then HN can fingerprint me
| in Incognito or not, but that's not extremely useful. If I
| visit literally anywhere else, Google/Doubleclick/etc. can
| fingerprint my browser, and since extensions like
| ad/tracker/etc. blockers don't work by default in incognito
| mode, they could potentially get an even better profile of
| you from Incognito mode than not.
|
| Pretty gross, honestly.
|
| [1] https://blog.mozilla.org/internetcitizen/2018/07/26/this-
| is-...
| unloco wrote:
| I think a lot of the problem is, the average person doesnt
| know the difference between your browser not tracking your
| activity, and the internet tracking your activity.
|
| incognito mode is to hide from your browser history and
| tracking, it has nothing to do with the servers you visit.
| withinboredom wrote:
| Speaking of pornhub...
|
| There used to be a way to see your pornhub search history
| even if you were always incognito, right on the site. It
| worked really well but I never figured out how it worked.
| didibus wrote:
| How does this relate to Google though? Do you mean they
| should get rid of incognito mode? Cause it doesn't succeed
| at preventing all websites from tracking you? Or that they
| should be liable for making people believe it could when it
| couldn't?
| unloco wrote:
| incognito mode is not made to hide you from the internet.
| it's made to hide your activities from being logged into
| your browser.
| jb775 wrote:
| Yeah and google can do all of the above considering just
| about every website uses google analytics and all that
| analytics data is sent back to google's servers. Then they
| can sweep up whatever they missed using Chrome or Android
| or google-owned service metadata (i.e. google search,
| google maps, etc).
|
| Google Analytics is the service that connects it all and
| google has convinced companies to give them this data
| access for free. (well, in exchange for visibility to parts
| of that data displayed on fancy trinkets)
| amelius wrote:
| This is the web-equivalent of omnipresent facial
| recognition tied to a central database.
|
| Like fingerprinting, facial recognition is not perfect
| (e.g. you can have a lookalike, twin, etc.) but is still
| damn frightening.
|
| Perhaps this viewpoint can convince some more people of
| Google's (potential) evilness.
| judge2020 wrote:
| Google doesn't fingerprint browsers like other adtech
| networks do - that's why they're really pushing for on-
| device ad auctions[0] and removing the usefulness of third-
| party-cookie-based tracking all together[1]. It would
| strengthen their monopoly (other providers would have to
| invest in supporting this ad model) while also directly
| benefiting the consumer's privacy and not hurting their
| business model: ad clicks.
|
| 0: https://github.com/WICG/turtledove#turtledove
|
| 1: https://www.chromium.org/Home/chromium-privacy/privacy-
| sandb...
| vagrantJin wrote:
| The issue isnt that they did or didn't.
|
| _The issue is that they can_
| UncleMeat wrote:
| Ok. By what mechanism could Google prevent themselves
| from ever being able to do this? The browser _can_ be
| updated to do anything. It could start deleting hard
| drives tomorrow with a malicious update!
| vagrantJin wrote:
| To make an analogy, most places ban entering with a
| weapon unless you are law enforcement on official duty.
| Not because any Joe that has a gun has killed someone
| with it.
|
| But the danger is that he/she can. Thats why guns are
| regulated. Information is not a harmless dingus. Its a
| weapon, just as the gun was in the last century. Do we
| need a war to discover this?
|
| The web is still a gunslinging wild west. We need
| regulation. EU is light years ahead in this regard and
| might just save us all from the tyranny of the Greay whom
| we trust to act in good faith - because they say they
| will. This strikes me as quite naive on our part.
| UncleMeat wrote:
| Can you be more specific?
|
| What _technical thing_ can achieve the goal you want? No
| metaphors.
| emteycz wrote:
| EU is light years ahead in propaganda, that's about it.
| It has its mouth full of GDPR while it's quietly
| preparing China-style firewall, tracked digital money and
| encryption ban.
| eznzt wrote:
| >By what mechanism could Google prevent themselves from
| ever being able to do this?
|
| The law.
| gcbirzan wrote:
| The law cannot prevent you from doing something, it can
| only punish you if you do it.
| FigmentEngine wrote:
| that is a nonsense statement. "doing something" = "do it"
|
| if you mean, cant stop you _considering_ it, then thats
| fair, but then the point has no value?
| gcbirzan wrote:
| I'm not sure I understand what you mean.
| UncleMeat wrote:
| But the claim I was responding to was that it does not
| matter whether Google is doing this now, what matters is
| that they can do it. A law which imposes penalties on
| what you can do rather than what you are doing seems
| fraught.
| Daho0n wrote:
| >Google doesn't fingerprint browsers like other adtech
| networks do
|
| Citation needed :)
|
| I'm taking part in the Browser Fingerprinting Project
| that was on here recently[1] and the only browser that
| isn't marked in the test as trackable so far is
| Firefox[2]. They don't use cookies for the test so third-
| party cookie sandboxing or blocking is irrelevant. If
| Google doesn't use browser fingerprinting as you say then
| they really should fix Chrome.
|
| 1: https://browser-fingerprint.cs.fau.de
|
| 2: I test most mainstream browsers as I already had them
| installed on Windows and Android devices for testing.
| JumpCrisscross wrote:
| > _error here is in treating all of Google and all of data as
| monoliths_
|
| I don't think that's an error. There is a material difference
| between me promising you "I won't eat your berries" and my
| neighbor eating your berries, and my making that promise and
| then eating them.
|
| If Google is promising not to track you, Google shouldn't be
| tracking you. "We are bad at coordinating" isn't a valid
| excuse. Coordination is the cost of the conglomerate.
| treve wrote:
| Yes, but Chrome is still google. If the left hand suggests
| using this Google product means privacy and trust, but the
| right hand still exploits you, I do think there's an issue.
|
| They can twist the words to be technically accurate, but not
| everyone is going to understand this.
| bee_rider wrote:
| It would be a really interesting result if Google couldn't
| offer an "incognito mode" because of their position as a
| data harvester. Rare for vertical integration to be a
| _disadvantage._
| ggggtez wrote:
| Others pointed out here in the comments, and elsewhere
| everytime this subject comes up, that Incognito window
| has a very carefully worded disclosure when you open it
| that websites can still track you.
|
| I think any judgement saying that Incognito/Private
| Browsing/etc are lying unless they somehow _prevent
| websites from knowing that you accessed the website_
| would be downright technologically impossible, short of
| perhaps Tor browser, and even _Tor Browser_ doesn 't make
| this kind of guarantee.
| creato wrote:
| Why do you say it is carefully worded? It seems like a
| basic description of how the internet and how browsers
| work.
| fiddlerwoaroof wrote:
| Making incognito mode detectable is much worse for privacy,
| no? It adds another identifying bit that can be collected
| and it gives sites the ability to block people attempting
| to avoid tracking.
| matheusmoreira wrote:
| Yes, just like the do-not-track bit. That could change if
| courts start treating these bits as a "no, I do not
| consent to any tracking" statement. What if it was
| illegal to track users with this bit set?
| fiddlerwoaroof wrote:
| Of course, that only helps with agents subject to the
| relevant laws.
| kibwen wrote:
| Which, one would hope, Google is.
| reaperducer wrote:
| There's a reason big tech companies have entire PR
| departments with "We can do better(tm)" statements ready
| to go.
| danudey wrote:
| Sometimes I wonder if there are cynical teams in Google
| or Facebook who implement features and also write public
| apologies for those features ahead of time.
|
| Maybe the really advanced ones have PR statements that
| say "Oh, this feature sounds bad but it only really does
| this thing which is mostly okay" and then another one for
| "okay yeah you caught us it doesn't just do that okay
| thing but all the other not okay stuff you worried it did
| ahead of time".
|
| I'm sure there are entire machine learning teams working
| out the best way to word these non-apologies and the best
| schedule for releasing them to best soften the impact of
| getting caught with their hands in the (literal or
| figurative) cookie jar.
| laurent92 wrote:
| Much like testing what would happen if a migration script
| dropped a column, features need to be tested against the
| possible outcomes in the court of opinion. I expect a
| well-organized corporate to have Product Owners who
| design the packaging of the feature and have it reviewed
| by the higher-ups when it's a user-facing feature, or to
| design the apology letter and have it reviewed by the
| higher-ups when it's an advertiser-facing feature.
|
| But it's our role as a society to not be gullible, and
| eventually organize against such behaviors, which this
| judge is doing.
| TeMPOraL wrote:
| I think the reality is much simpler. There's nobody in
| Google writing public apologies in parallel to
| implementing features. Through the magic of free market
| economy, they can just _outsource it_. Some court frowns
| at what they 're doing? A quick call to a reputation
| management company (which they probably have on a
| retainer, or at least on speed dial), and they get all
| the press releases and training they need to manage the
| crisis. Why do it in house, if you can have experts do it
| for you?
| wyldfire wrote:
| "Tracking" becomes a little more subtle for websites that
| try to maintain some per-visitor state in order to
| function. But if it were well defined legally, it could
| probably be a really nice move for the sake of peoples'
| privacy.
| feoren wrote:
| If it just sets the "do not track" header, you don't
| necessarily know whether the user is in private browsing
| or just always has that enabled. I think adding the extra
| identifying bit to the sea of identifying information
| would be worth it if we had regulation (with teeth!)
| around what sites were/were not allowed to do with "do
| not track" on.
| laurent92 wrote:
| The header takes the values DNT=null (user didn't
| specify), DNT=0 (can track), or DNT=1. We could have
| DNT=2 (really do not track?). Why not DNT=3 ("please
| disregard my login even if I attempt to"?).
| dheera wrote:
| Why would incognito mode be any more detectable? If it's
| a question of not giving access to certain data that
| could be used for fingerprinting (e.g. user agent, screen
| resolution, storage API, statistics of accelerometer
| noise, gyroscope drift rate), the browser should respond
| with fake data instead of no data.
| danudey wrote:
| There's a lot of data that doesn't need to be present, or
| presented, without user approval. The info at
| https://browserleaks.com/ is just... ridiculously
| detailed.
|
| I don't see why a website should be able to get
| information about my WebGL capabilities without me being
| asked first if I want to let them display content, or why
| they can get a list of audio and video input devices
| without asking to use them first.
|
| Even on Firefox, which I think is generally doing a much
| better job about this stuff, there's so amazingly much
| data that shouldn't be shared without asking first.
| gcbirzan wrote:
| The problem is that you cannot just add a new permission
| and expect things to not break. The flow for requesting
| permissions is different and would break pretty much
| every website that uses these APIs.
| dheera wrote:
| > why they can get a list of audio and video input
| devices without asking to use them first
|
| I don't think they can do this without audio/video
| permissions (?)
| [deleted]
| deelowe wrote:
| I think the issue here is a little more nuanced than right
| hand vs left hand, etc... Incognito was developed as a
| feature to hide your browsing history back when all users
| having individual accounts on a computer was much more
| rare. It wasn't developed in a world where "privacy" meant
| what it typically means today.
|
| Things have changed and perhaps Google should have changed
| as well, but to paint this as some sort of nefarious plot
| is a bit disingenuous.
| josefx wrote:
| Incognito seems to be a bad name for what it does. Maybe
| Alzheimers mode would be better suited to describe the
| local forgetfulness without implying an attempt to hide
| the users identity.
| TeMPOraL wrote:
| The common name for it is "porn mode". It communicates
| the design goal very well: the point is to hide the fact
| you're visiting some pages from other people who may be
| using the same computer.
| slowmovintarget wrote:
| Everyone was too embarrassed to admit this was the origin
| of the feature. Fast-forward a few decades, and people
| are shocked that what was a euphemism doesn't honestly
| describe how the feature works.
| martamorena943 wrote:
| No there really is not. You can't always "twist" the words
| how you need it, otherwise you behave just like Google.
| Chrome is a separate product. It's a browser. If it says
| that Chrome won't remember history in private mode, but
| then you go and visit a Google website, then this website
| can still track you the same as any other website in
| private mode. You can't really say "Oh Google should be
| broken up and be treated as separate entities (at least
| when it suits me)" and then start complaining "Oh Chrome
| and GMail are acting like separate entities but they should
| be really acting as if they were the same thing (at least
| when it suits me)" ... lol
|
| Private mode never was meant to be a privacy feature
| against websites. Private mode is to prevent your LOCAL
| history from containing anything you searched/visited and
| the legit use case is sharing of the computer with other
| members of family, for instance. For websites, nothing
| really changes. They can still track you all the way they
| want.
| ClumsyPilot wrote:
| "Google. Chrome is a separate product"
|
| So basically: "Your honour, I can prove I didn't rob
| John, I had my brother do it for me!"
| kevin_thibedeau wrote:
| The US government does the exact same to circumvent the
| 4A.
| ruined wrote:
| which is likewise reprehensible.
|
| is google going to wait until there's regular street
| fighting in cities across the nation before they change
| their surveillance behavior?
| feoren wrote:
| Two separate issues:
|
| 1) Chrome should enable the Do Not Track header when in
| private browsing, as any reasonable person would expect
| they would.
|
| 2) Google websites and analytics should respect Do Not
| Track.
|
| I'm repeating what others have said but I think it's
| important to separate these out as different issues,
| because it completely nullifies everything you just said
| -- both are strong arguments on their own, and Chrome
| being a Google product is completely irrelevant to both.
| crazygringo wrote:
| Except Do Not Track basically died in 2018. [1] The W3C
| abandoned trying to standardize it, and virtually no
| websites pay attention to it, because the legislative
| efforts behind it fell apart. It's merely a "feel good"
| HTTP header that does virtually nothing whatsoever in
| practice.
|
| I also disagree that "any reasonable person" would expect
| the header to be used in private browsing. Safari
| invented private browsing in 2005, and Chrome Incognito
| mode launched in 2008. Do Not Track didn't even exist as
| a concept back then.
|
| Incognito mode was _never_ intended to be anti-tracking.
| It 's only ever been intended to hide your browsing
| history locally, e.g. from family members.
|
| Tracking protection has an entirely different purpose.
| And if you want protection from tracking, you'd
| presumably want it in all windows, not just incognito
| windows, right?
|
| _These_ are the important issues to be kept separate.
| Anti-tracking is something that should be consistent
| across all browser windows. It has nothing to do with
| Incognito. Incognito is about not saving browser history
| locally. Totally separate.
|
| [1] https://en.wikipedia.org/wiki/Do_Not_Track
| wtetzner wrote:
| > Incognito is about not saving browser history locally.
| Totally separate.
|
| They're totally separate _now_ , but it's not clear that
| they _should_ be, and it seems pretty clear that they 're
| not separate in the minds of users.
|
| I'm having a hard time imagining a scenario where a user
| would want to hide their local history, but are totally
| cool with people who don't have physical access getting
| access to their activities.
| crazygringo wrote:
| > _I 'm having a hard time imagining a scenario_
|
| Very easy.
|
| Let's be honest, incognito mode is generally used for
| watching porn without worrying that it will pop up in the
| autocomplete box or history later.
|
| But you log into the porn site, in incognito mode, in
| order to access your saved videos, subscriptions, etc.
| The porn site knows exactly who you are, tied to your
| credit card number, etc. Your ISP knows you visit the
| porn site. Your credit card knows you pay for it.
|
| That's the main use case. The privacy is ONLY regarding
| local history. That's the only expectation there's ever
| been.
| wtetzner wrote:
| > That's the only expectation there's ever been.
|
| Given that the judge in this case had different
| expectations, that's clearly false. That may have been
| the intention of the feature, but I can easily see why it
| may not be the expectation of users.
| crazygringo wrote:
| I gave you the scenario. It's reasonable.
|
| The judge in this case is simply seriously
| misinterpreting the feature. There are always going to be
| some percentage of users who misunderstand a feature no
| matter how explicit and clearly it's been described. Even
| if they're a judge.
|
| Google isn't misleading anyone here. Every time you open
| an Incognito page it says EXACTLY what it does and
| doesn't. If some users and even some judges can't read,
| that's their problem.
| [deleted]
| wtetzner wrote:
| I mean, Firefox sends Do Not Track when in private
| browsing. So clearly it's trying to do more than just
| hide local history. It obviously can't _guarantee_ it,
| but it 's trying.
|
| Chrome is not, and it seems pretty clear that it's not
| because that would hurt Google's bottom line. There's no
| conflict here between "Google shouldn't track you" and
| "Google should be split up".
| vntok wrote:
| > I mean, Firefox sends Do Not Track when in private
| browsing. So clearly it's trying to do more than just
| hide local history. It obviously can't guarantee it, but
| it's trying.
|
| You got scammed by Mozilla if you think that.
|
| Please have a deep look at the various documentation on
| how the Internet works and realize that sending that
| header does absolutely nothing for users. It is, as it
| has always been, up to the receiving server to decide
| whether to even consider that data point or not.
|
| This means that Firefox is not "trying" to do anything
| there, and it's actually doing an incredibly hypocritical
| thing as a browser vendor, making non-technical users
| believe that Firefox sending that header is somehow proof
| that Mozilla cares.
| wtetzner wrote:
| > Please have a deep look at the various documentation on
| how the Internet works
|
| Wow. I understand how the internet works, but thanks for
| the personal attack.
|
| > ... and realize that sending that header does
| absolutely nothing for users. It is, as it has always
| been, up to the receiving server to decide whether to
| even consider that data point or not.
|
| Of course, and Google controls the receiving server in
| this case. If they honored the Do-Not-Track header, and
| if Chrome sent it, users would be better off. Of _course_
| browsers can 't control what all servers will do. But by
| sending it, servers that _do_ honor it will.
|
| > This means that Firefox is not "trying" to do anything
| there, and it's actually doing an incredibly hypocritical
| thing as a browser vendor, making non-technical users
| believe that Firefox sending that header is somehow proof
| that Mozilla cares.
|
| You seem to be saying that because not all services honor
| the header, it should never be sent. I would say that
| sending it is better than not sending it, because some
| services _do_ honor it. And the fact that Google _doesn
| 't_ honor it is telling itself.
|
| Firefox obviously does try, and DNT is not the only
| proof. They have put in a ton of work to make
| fingerprinting harder.
| d1zzy wrote:
| Chrome also has an option for Do Not Track. Are you
| saying it should be enabled by default in Incognito? That
| may seem like it would help but not really because now
| you've given trackers a pretty unique signal to further
| track you (as very few people set that header).
| malux85 wrote:
| I love these pro-google accounts on hacker news "Signed
| up 6 minutes ago" <MASSIVE PRO GOOGLE RANT>
|
| So funny
| Tenoke wrote:
| Throwaways are important for being able to discuss
| opinions you might not want to on your main. Treating
| them as unacceptable worsens the quality of discussion
| here.
|
| I somewhat agree with the point they made and this is not
| a throwaway if that helps.
| [deleted]
| eagsalazar2 wrote:
| @malux85, except their point is pretty solid. At the very
| least martamorena943 made a coherent argument to support
| a point of view they are sharing politely. None of which
| you have bothered to do at all, in spite of (or I guess
| because of) the condescending high ground you feel
| entitled to.
| crazygringo wrote:
| Please read the HN guidelines on commenting. You're
| attacking the commenter's account, assuming bad faith,
| and name-calling their argument a "rant" instead of
| responding to the actual argument they're making.
|
| My account has been around for a long time and I agree
| with them. It's a well-reasoned explanation. It is
| correct on the purpose of incognito mode (to protect
| privacy locally only, e.g. from family) as well as the
| obvious point that if you're using Google.com while in
| incognito mode (very common), it's tracking you as it
| would anywhere. Websites aren't even supposed to _know_
| you 're in incognito mode.
|
| Incognito means and has always meant "fresh browser tab
| with no history". It has _never_ meant no tracking.
| malux85 wrote:
| No I'm not, I said "I love these accounts", I find them
| enormously entertaining
| eagsalazar2 wrote:
| Just apologize for baselessly attacking the gp and admit
| your condescending "high ground" is indefensible. I've
| done it on HN before, it feels pretty good vs continuing
| to defend a rash comment.
| crispyambulance wrote:
| > They can twist the words to be technically accurate, but
| not everyone is going to understand this.
|
| I think there will have to be some kind of large-scale
| privacy crisis with real and visible consequences for the
| public to ever become alert to what surveillance capitalism
| REALLY means for them.
|
| Some folks are aware that these practices are bringing us
| down as free people (rather than as individuals), but these
| voices just sound like nitpicking to most people. I am just
| concerned about what kind of tragic consequences we'll have
| to see before people get wise to this.
| trollybaz wrote:
| How would you explain this that wouldn't be considered
| "twisting"?
|
| If you're in incognito mode, and you buy something on
| Amazon, post something on Facebook, purchase a NYTimes
| subscription, do you expect none of those entities to have
| information about what you did?
| danudey wrote:
| If you're in incognito mode and you visit a website with
| an embedded Facebook Like button, and Facebook's
| Javascript uses browser fingerprinting[1] to track you
| and build a further profile of you, do you expect that
| entity to not know who you are just because they don't
| have access to their usual cookies?
|
| [1]
| https://blog.mozilla.org/internetcitizen/2018/07/26/this-
| is-...
| slowmovintarget wrote:
| A reasonable expectation would be that Amazon doesn't
| know about the Facebook post, that Facebook not know
| about the Times subscription... etc.
|
| Replace the left side of the expression with "Google" and
| you'd have what most users might expect from Incognito.
| That is, that Google not know about the Amazon purchase,
| Facebook post, or Times subscription. That Google does
| know, essentially, even from Incognito, is the problem.
| zelphirkalt wrote:
| No need to explain any different. The solution is to
| simply not track the user on websites, which they own,
| when the user uses incognito mode. That would be the
| honest way, but it will never happen, because then other
| browsers could try to pretend, that they are incognito
| Chrome.
|
| So that leaves us with "do not trust privacy protection
| of an ad company".
| jakelazaroff wrote:
| No, because I directly interacted with those entities.
| That's different from Google Analytics, where an entity
| with which I directly interact informs a third party
| unbeknownst to me.
| [deleted]
| majormajor wrote:
| > >Your activity might still be visible to websites you
| visit.
|
| This disclosure is a bit weak, really. I could visit no
| Google websites and still be tracked by them, and god knows
| who else, and that's where it gets really fuzzy around what
| things mean, I think.
| sir_bearington wrote:
| You could be tracked by anyone, not just Google.
|
| Private browsing doesn't save your search history, clears
| your cookies/sessions, doesn't save auto-complete
| suggestions. This is more about keeping things private from
| other people who might use your computer.
|
| But as far as websites' ability to track you this isn't
| really all that effective. Yes, logging out of all your
| other accounts goes a long way but there's still plenty of
| ways to track people. Incognito mode does little against
| sites that try to fingerprint browsers.
| LexGray wrote:
| It is close to fraud when you say "could be tracked" in
| quotes when you mean "almost every site you visit
| Alphabet will track you even when you configure our
| software otherwise".
| sir_bearington wrote:
| No, it's closer to "every site you could visit -
| Facebook, Amazon, Reddit, Instagram, etc. - can track
| you. And since Incognito mode doesn't announce when it's
| set, Alphabet is no different."
|
| As far as I understand it, Incognito appears just like
| any other chrome browser. It seems like you want Aplhabet
| websites to specifically exempt Incognito browsers from
| data collection. That would require building mechanisms
| to identify incognito browsers. That makes it easier for
| websites to block content if they detect private
| browsing, which is a valid concern.
|
| And it's really hard to call it fraud when Incognito mode
| explicitly tell it's users what it does:
|
| Chrome won't save the following information: * Your
| browsing history * Cookies and site data * Information
| entered in forms
|
| Your activity might still be visible to: * Websites you
| visit * Your employer or school * Your internet service
| provider
|
| Even before I knew how to program I understood that
| Incognito didn't save browsing history but websites could
| still see your IP address, and your ISP could see what
| domains you hit. I'm really not seeing anything remotely
| close to fraud here. This headline makes it sound like
| they're breaching people's privacy, when in reality it's
| just the fact that Incognito mode is a setting on your
| browser to clear cookies and not save browsing history -
| not some magically spell that prevents websites from
| tracking you.
| andai wrote:
| > _Chrome_ won 't remember your activity. That doesn't mean
| _Google_ won 't if they know who you are for some other
| reason.
|
| This has always kinda bugged me. I don't know what the hell I
| was doing yesterday at 13:42, but chances are Google does.
| Likewise, my phone company (and by extension, the government)
| knows where I was at any given moment in the last 15 years.
| sammorrowdrums wrote:
| And outside of Tor, your public IP says a lot... never mind
| profiling. It would be very hard to prevent, especially for
| the least legitimate tracking, and then if incognito makes
| itself too obvious, that info is also interesting for
| tracking...
|
| Privacy is hard
| LegitShady wrote:
| [insert youtube vpn ad here]
| swiley wrote:
| Eventually everyone will be forced to use TOR because of
| stuff like this.
| gruez wrote:
| >and then if incognito makes itself too obvious, that info
| is also interesting for tracking...
|
| AFAIK that's already trivially detectable on most (all?)
| browsers.
| sammorrowdrums wrote:
| Yeah, and there are some excellent fingerprinting testing
| sites that show it that even from a single website visit
| you can be narrowed down substantially, and from there a
| few more visits to sites working together and they could
| easily pin you down to an exact person. The discussion
| about malicious actors is insane, even legitimate ones
| can do it easily.
| wtetzner wrote:
| Sure, but Google could honor Dot Not Track, and Chrome
| could send it when in Incognito mode.
| andjd wrote:
| I mean, it's all Google, right? If Google analytics is de-
| anonymizing you in incognito mode, does it matter if Google
| build a back door into Chrome, or whether they just didn't
| develop patches in Chrome to plug whatever workaround it's own
| tool was using?
|
| Furthermore, wouldn't a reasonable person expect when a company
| offers a product with a privacy feature, that at the very least
| it would provide privacy from trackers that the very same
| company controls?
| macksd wrote:
| Yeah Google warns you when you enable Incognito mode that it's
| about Chrome won't store, and specifically says website's can
| still track you.
|
| I think the complaint is that in this case, Google wrote the
| code that is commonly used to do both. I think the lawyer is
| arguing that since Google gives the option in one product, they
| should honor it in the other. Honestly, I'm not sure how I feel
| about that argument, but it reminds me of the character Ned
| from 17 Again: "I wrote the software the prevents people from
| stealing music. Of course, I also wrote the software that
| _helps_ people steal music... " Selling weapons to both sides
| and all that.
| eternalban wrote:
| > Selling weapons to both sides and all that.
|
| I wrote software that will track you on the net, not matter
| where or when. I also wrote the software the gives you the
| impression that you can do something about tracking.
| munk-a wrote:
| I think there are some strong reasons to want marketers to
| generally be less able to track our online activity and for
| fingerprinting of the style of Google Analytics or Facebook
| to not exist _but_ Google is just one participant in this
| activity, it 's particularly ironic that Google Analytics is
| working to actively counter the work of the Chrome team's
| incognito mode but I would only really be concerned if those
| two teams colluded to give Google Analytics a competitive
| advantage.
|
| I do generally think it's quite fair to view Alphabet as an
| unreasonably large company that needs to be subjected to
| anti-trust laws - there are many companies with far too broad
| a breadth of market control in the modern world. So maybe
| that's the better tactic, actually dust off our anti-trust
| laws and break up some of these tech giants.
| numpad0 wrote:
| Is act of selling weapons to both side, ethical? Is it
| automatically unethical, that it is considered a monopoly,
| that needs to be regulated, universally across industries and
| contexts? Or is it not?
| buttersbrian wrote:
| I get the complaint, when the browser and analytics stack are
| both Google.
|
| But what if the browser is Incognito Chrome, and the analytics
| is another company, say Adobe? Does the browser industry need a
| universal way to signal browsing is in "incognito" and then all
| analytics and tracking software MUST adhere to that, or what?
| lolinder wrote:
| There's already the Do Not Track header, which is supposed to
| serve exactly this purpose. Its problem is it has no teeth.
|
| https://developer.mozilla.org/en-
| US/docs/Web/HTTP/Headers/DN...
| buttersbrian wrote:
| Yes! You are right that it lacks teeth, but also maybe
| doesn't go far enough. I think that's where some hoped the
| GPC would come in.
|
| Also, does it mean that Amazon shouldn't log general
| traffic, that they later decide the analyze? Even
| Anonymized, that data holds value to the target site, even
| if it were never traded/sold/etc.
|
| Lot of room for improvement beyond DNT, GPC, etc.
| marricks wrote:
| People often defend companies with explanations of how the world
| is, when common folk often expect (or just want) the world to
| behave differently.
|
| Is it unreasonable to want, or even expect, an incognito window
| to disable all forms of tracking?
|
| Wouldn't the world be far better if a phone alerted me to an app
| scanning my local area network or contacts? Or if I got warnings
| when it took such actions?
|
| I think us tech folks need to, collectively, stop defending
| companies reasoning and explanations for the world _they_
| created, and start standing with and for a world which matches
| common folks expectations. It really seems like a better world.
|
| ---
|
| EDIT: Ask what the layperson would think tracking is! Imagining
| the answer is pretty simple "a website [or the web at large]
| learning or remembering anything about me." If we start from
| there, rather than the mumbo-jumbo thrown at us, we can make
| progress.
| [deleted]
| glitchc wrote:
| Upton Sinclair is why you see this behaviour. Google pays well,
| very well indeed.
| jka wrote:
| You might enjoy this article about "positive" and "negative"
| definitions of liberty (and discussion about whether a a clear
| division like that really exists) from Stanford's Encyclopedia
| of Philosophy: https://plato.stanford.edu/entries/liberty-
| positive-negative...
| titzer wrote:
| Well said! We're so deep in the details that we can't see that
| every long-winded explanation sounds like total BS to regular
| people but is really just a subconscious apology.
| jeffbee wrote:
| The problem is that "tracking" has no meaning, unless you are
| trying to align the wheels on a car. It has no definition in
| the language, no definition as industry jargon, and definitely
| no definition in the law.
| cmiles74 wrote:
| I would say that, yes, no one wants "incognito" or "private
| browsing" to prevent any kind of tracking. Wouldn't this render
| the majority of websites useless? The average person is
| probably looking for something that allows tracking of some
| information by sites they deliberately want to use but not as
| much (or at all) for third party websites. Except third party
| sites that they use to log into sites that they want use. And
| so on.
|
| Neither of these features is meant to address the use-case you
| outline: browsing the internet free of tracking. I do think
| there is a market for such a mode, but both "incognito" and
| "private browsing" are meant to hide your activity from _the
| physical computer you are using._ You would want to use this
| mode if you are using a shared computer, like in a library or a
| computer lab.
| [deleted]
| ggggtez wrote:
| > Is it unreasonable to want, or even expect, an incognito
| window to disable all forms of tracking?
|
| > Ask what the layperson would think tracking is!
|
| No. No no no no no. There is a serious problem with this line
| of thinking. Lay people _cannot_ dictate how technology _must_
| work. Because they don 't understand what is possible.
|
| This post is like the famous quote from that Australian
| politician
|
| > The laws of mathematics are very commendable, but the only
| law that applies in Australia is the law of Australia
|
| It's simply _not appropriate_ to assume that just because a lay
| person wants something to be true, that it must somehow be
| possible to actually do.
| true_religion wrote:
| If lay people are misunderstanding what incognito does, and
| cannot be expected to understand how it truly functions then
| Google shouldn't be allowed to advertise it to lay people in
| the way that they do.
|
| It'd be easiest to just not provide incognito mode at all,
| than allow another footgun into the hands of the public at
| large in a way that only benefits Google.
|
| I think though that people can be made to understand with
| better education and examples in a reasonable time period.
| xmprt wrote:
| > The laws of mathematics are very commendable, but the only
| law that applies in Australia is the law of Australia
|
| Isn't this true though. If a country decided one day that
| 2+2=5 and wrote laws around it and enforced it then in that
| country you have to say 2+2=5 even if the laws of mathematics
| would disagree. It would be a dystopian place to live but
| that's just how laws work (assuming we're talking about some
| sort of authoritative regime where you can't challenge this
| law).
|
| I think programmers are at a much greater luxury though
| because there is not really a thing called the laws of
| computer science. There are certain problems like P=NP or the
| halting problem but ad tracking is so far removed from that
| to the point that if we decided one day that it made sense to
| outlaw tracking, it could be done. It would kill a lot of
| businesses and would probably be a bad thing but to say that
| we shouldn't take into account lay people's wants when
| designing software systems is wrong.
| titzer wrote:
| > Lay people cannot dictate how technology must work.
|
| That's an extraordinarily elitist view that, frankly, raises
| my hackles. It's worth remembering that the entire framing of
| entire political systems was and is done by non-technical
| "lay" people.
|
| > It's simply not appropriate to assume that just because a
| lay person wants something to be true, that it must somehow
| be possible to actually do.
|
| That's got everything backward. Regulation is about
| _limiting_ technology 's _intrusion_ into our lives,
| technology that did not exist just short years and decades
| ago. Since we lived without this technology ( _by definition_
| ) since the dawn of man, clearly it is technically feasible.
|
| The attitude above is basically arguing for a technocracy
| where the "lay" people just have to suck it up and accept
| whatever their overlords thrust on them. Hint: it's gonna be
| heavily weighted to those overlords _making money_ and
| _taking choice away_.
| loveistheanswer wrote:
| You don't think its appropriate for users to have informed
| consent?
| PragmaticPulp wrote:
| > Is it unreasonable to want, or even expect, an incognito
| window to disable all forms of tracking?
|
| "Tracking" is a nebulous term. If a company records your visit
| in their logs, is that tracking? If they increment a counter
| every time someone visits a page, is that tracking? If a user
| logs in under Incognito Mode and the site records their new
| last login IP and timestamp, is that tracking? These questions
| would have sounded facetious years ago, but now nearly every
| form of user tracking has come under scrutiny.
|
| The common confusion is that Incognito mode isn't equivalent to
| using Tor or a VPN. For 99% of cases, that doesn't really
| matter. Explaining the distinction to the average user is a
| challenge, though.
|
| > Wouldn't the world be far better if a phone alerted me to an
| app scanning my local area network or contacts? Or if I got
| warnings when it took such actions?
|
| Modern phone OSes will ask for permission if an app wants to
| access your local network, your contacts, or your photos.
| That's not the concern here, though.
| yunruse wrote:
| I'm not sure how tracking is nebulous. If you want to
| identify an anonymous counter, or keep depersonalised logs,
| or IP logs for security, that's fine; it can't identify the
| user. (Maybe IP logs could)
|
| Essentially you can boil "tracking" to two main sources: when
| there's data collected without a legitimate purpose for doing
| so, and when data is collected to the point that could
| identify a user, but no explicit consent is given.
|
| Take for example a Facebook comment section on a third party
| site. It'd be fine to click the comments and have a quick
| prompt for Facebook to interact - the comment is public, so
| it's known to all. But if the user never comments, Facebook
| has no right to be aware the user was ever there; that's
| tracking.
|
| You could make the extended argument that overcorrelation of
| data for advertising is tracking in a sense, as this would
| cover intra-site tracking (e.g. a shopping site knowing
| you're pregnant before you know yourself.) This is a little
| more nebulous to define, as it's hard to define who it
| benefits If your phone launcher suggests an app, or Uber
| suggests a location, that's because it wants to save time.
| But if a shopping site suggests a product, that's
| advertising, and should be given explicit consent.
| ggggtez wrote:
| > If you want to identify an anonymous counter, or keep
| depersonalised logs, or IP logs for security, that's fine;
| it can't identify the user. (Maybe IP logs could)
|
| Some laypeople would disagree.
|
| That's what it means to be "nebulous". A term like
| "tracking" needs to be defined in technical/legal language.
| You can't simply ask a random sample of the entire world's
| population and expect to get a consistent answer about what
| should be allowed and what should not.
| damagednoob wrote:
| I think people are conflating Chrome and Google Search. A
| better example is Chrome and Facebook. Chrome Incognito can
| appear as an anonymous user but how is Chrome supposed to
| prevent Facebook from storing ip addresses and clicks?
| nathanfig wrote:
| Man. So many comments responding with more descriptions of the
| world tech companies created. Fascinating how much even us tech
| folk don't realize how much of our work environment is subject
| to design.
| MattGaiser wrote:
| > Is it unreasonable to want, or even expect, an incognito
| window to disable all forms of tracking?
|
| Yes, because the product explicitly says it does not do that.
|
| Your activity might still be visible to:
|
| - Websites you visit
|
| - Your employer or school
|
| - Your internet service provider
| SilasX wrote:
| >Is it unreasonable to want, or even expect, an incognito
| window to disable all forms of tracking?
|
| No, because incognito doesn't have power over what sites do
| with request data.
|
| As for the layperson, I think they hold the (reasonable) model
| that an incognito session is just like using a burner phone
| that you throw away after: it creates a dummy identity separate
| from your normal one. So at worst, the places you call can
| compare notes and see that the same number called both of them,
| and they might also secretly log or record the calls. A burner
| phone doesn't prevent any of that, and neither would incognito
| (prevent the analog of).
|
| However, if the phone companies somehow learned which people
| bought which burner phones, and shared their "normal" info with
| anyone who asked about a particular burner phone, then yes,
| that would break the expectation/agreement, and it sounds like
| Google does something similar to that.
| lolinder wrote:
| Your last paragraph is exactly right: the problem is that
| it's doubtful that Incognito mode actually produces burner
| identities. If all Incognito does is create a temporary
| cookie jar, there are plenty of other ways to fingerprint a
| browser that would persist across Incognito sessions. The
| average user almost certainly doesn't realize that, and
| Google absolutely benefits from keeping up the pretense of
| privacy in Incognito.
| ironmagma wrote:
| > incognito doesn't have power over what sites do with
| request data
|
| Again, this is just a description of how the world works. It
| says nothing about how the world _could_ work. Incognito
| could turn your browser into a Tor client, or use a random
| sequence of VPNs to tunnel your traffic, or both, for
| example.
| SilasX wrote:
| Fair enough -- I agree that there's more that a browser can
| do to protect your privacy. But I was mainly speaking to
| the question of what a reasonable user can expect, given
| what incognito mode communicates to them. And that
| reasonable expectation is "browser works the same, except
| with a new dummy identity", just like a burner phone vs
| your regular cell phone.
|
| A mode like you describe is great, but I wouldn't expect a
| browser's built-in privacy mode to do all of that by
| default.
|
| (And, FWIW, even then my statement is true. Even with the
| max privacy protections, once your request data has reached
| their servers, you can't do anything about their data
| storage by technical means. So even with a Tor client, if
| you've logged in and have to persist cookies to maintain
| session state, you can expect that the site to match
| identities across VPNs/Tor endpoints.)
| cmiles74 wrote:
| My understanding was that the "incognito" mode in Google Chrome
| (or "private browsing" in Firefox) would prevent data like
| cookies or saved passwords from remaining on the physical
| computer when the window was closed. I had always thought that
| the primary use-case was to prevent data from being stored on a
| shared computer, for instance in a computer lab or a library.
|
| In my opinion, it sounds like the judge is thinking of something
| else entirely.
| boredumb wrote:
| Incognito is simply a poor name for this as it infers the
| identity is being concealed. Should be something more along the
| lines of 'unaccounted' or 'unrecorded' even 'off-the-record'.
|
| If I go incognito I expect my identity to be concealed, if I am
| unrecorded I expect my identity to be obvious but for a trail of
| my actions to be off-the-record.
| jeffbee wrote:
| Er, you are saying that it should do something other than what
| it does, and then also be called something else. Incognito
| perfectly describes what it actually does today.
| wtetzner wrote:
| No, it doesn't. In what way does incognito mode hide the
| user's identity? The article is about the fact that it _doesn
| 't_.
| jeffbee wrote:
| You open a link in a new incognito window. In what way have
| you been identified to the peer host?
| kube-system wrote:
| For starters, the header of the IPv4/v6 packet you sent
| the request in has GDPR regulated PII -- your IP address.
| jeffbee wrote:
| Did you expect it to just sit there and not establish
| connections? Try to participate in the debate in a way
| that isn't idiotic.
| kube-system wrote:
| I was directly answering your question.
|
| Note that a court is not interested in _my_ understanding
| of how Google 's products work. They are concerned about
| a layperson's understanding.
|
| Of course, the technologies that much of the internet
| uses have a lot of inherent privacy implications. The
| question is whether Google should communicate these
| accurately to people who do not understand them.
| johncena33 wrote:
| I agree with you. The TCP/IP header argument is really
| bad. It shows how internet is full of people who will
| keep arguing for the sake of argument instead of trying
| to have a reasonable, pragmatic and honest discussion.
| kube-system wrote:
| That was an entirely honest answer. While these topics
| might seem over-simplistic to an industry insider, they
| are not trivial to laypersons.
|
| In fact, Google _does_ explain that IP addresses are
| transmitted when using Incognito on this help page:
| https://support.google.com/chrome/answer/7440301
| [deleted]
| yesenadam wrote:
| Specifically how does it show that?
|
| I'm no expert, but it seems unlikely to me that "The
| TCP/IP header argument...shows how internet is full of
| people who will keep arguing for the sake of argument
| instead of trying to have a reasonable, pragmatic and
| honest discussion." That just seems like an off-topic
| rant added on there, bad-mouthing others while
| positioning yourself as one of the noble internet good
| guys. "Assume good faith".
| wtetzner wrote:
| I open a link in a non-incognito window. In what way have
| I been identified by the peer host?
|
| My point is that incognito does _nothing_ to hide your
| identity, and therefore "incognito" is a misleading name
| for the feature.
| croes wrote:
| Ever heard of Tor. That's incognito.
| ldbooth wrote:
| when this tool is compromised, as most are with time, they've got
| my calendar, 20 years of e-mail history, cellphone location
| history, website history, youtube video history. It's true they
| probably know more about me and my future trajectory than I do.
| No wonder I can't get a callback! But on the real... time to
| rethink le free web model if it isn't too late.
| jacquesm wrote:
| As he should be. It's not about what Google is able to do, it is
| all about what they should be allowed to do and clearly they are
| disrespecting users wishes in spite of pretty explicit signals.
| jessaustin wrote:
| Judge Lucy Koh prefers the pronoun "she".
| jacquesm wrote:
| I'm sure she does.
| coef2 wrote:
| I will use tor browser and duckduckgo for the rest of my life
| estebarb wrote:
| I'm concerned that judges make statements about topics they are
| clearly not prepared to do so. In how many areas they intervene
| without proper knowledge?
|
| Incognito was always a way to avoid storing visits and sessions
| locally (mostly for... Prevent family to see your Christmas
| gifts).
| gowld wrote:
| The judge didn't "make statements about topics they are clearly
| not prepared to do so". The judge asked the party on court to
| explain the topic.
| cromwellian wrote:
| Two biggest understood uses of Incognito mode:
|
| 1) When you don't want your browser history to embarrassingly be
| discovered by others who share your computer or screen
|
| 2) read news articles when your free-reading quota (e.g. 5
| articles per month) expires
| clempat wrote:
| I think incognito mode is more to not let trace on your laptop
| than on the websites you are visiting.
| clempat wrote:
| I think the incognito mode is more about not letting any trace on
| your laptop than on the websites you are visiting.
| yawaworht1978 wrote:
| Indeed it would be good to know what incognito sees and what it
| does not. If I look for a google query in incognito more, I get
| prompted with a consent pop up.
|
| Look like it does not see you oauth accounts, search queries are
| not saved, there is no history logged but you can go back in
| browser history.
|
| I have simply started using opera with the integrated vpn. It is
| good enough for my browsing.
|
| Also sites like airbnb and skyscanner kinda force you to accept
| cookies. Tested results back and forth.they They def know who you
| are. Only solution so far is vpn.
| samstave wrote:
| Can you point me to opera with VPN tut?
| yawaworht1978 wrote:
| This is a rudimentary browser tut
| https://www.greengeeks.com/tutorials/article/activate-the-
| bu...
|
| And to activate it on mobile, open the browser and click on
| the opera logo(bottom right). There you can toggle the vpn
| on. And an add blocker as well.
|
| Sure it is just a browser http proxy, sure owned by a Chinese
| company, but you can be sure google Chrome nor their wage
| slave Firefox gets to see your data.
|
| I expected the worst but was pleasantly surprised, it is
| pretty fast, the ux on mobile is beautiful.
| ev1 wrote:
| It's a HTTP proxy built into Opera, not a real VPN
| boringg wrote:
| Maybe but afaik Opera is owned in China.
| PaulWaldman wrote:
| If he is disturbed by this, image what he'd think of Tesla
| branding their level 2 autonomous driving system Autopilot.
| ape4 wrote:
| "Incognito" just means "in disguise". But think about a halo-ween
| party. If you see a guy wearing a horse's head in the kitchen
| then later in the living room you'd guess he's the same guy.
| jessaustin wrote:
| I, for one, would not mind receiving whatever percentage of $5000
| is left over after the lawyers take their cut. Google definitely
| owes me at least that!
| twodave wrote:
| I hate tracking as much as the next person, but a simple reading
| of the "You've gone incognito" screen ought to make obvious that
| its primary purpose is to hide your activity from others who use
| the same device. It's literally written on the first line:
|
| "Now you can browse privately, and other people who use this
| device won't see your activity."
|
| It goes on to list other technical specifics about what is not
| saved, but those are pretty much just sub-points. I'm not sure
| it's fair to expect Incognito to do something it's not meant to
| do.
| knjmooney wrote:
| Why not say,
|
| "Now other people who use this device won't see your activity."
|
| What does the bit before the 'and' mean?
| Bjartr wrote:
| I read it as "Now you can browse privately, and [therefore]
| other people who use this device won't see your activity."
| wtetzner wrote:
| Except that if Google is still tracking you, you're not
| browsing privately.
| gowld wrote:
| Compare
|
| "you can browse privately, and"
|
| to
|
| "you can browse privately, in the sense that"
|
| What does a _user_ think _browse privately_ means? Do they
| think it means "your browsing is shared with third-party data
| brokers that aren't displayed in the UI at all and you might
| not know exists?
|
| It's one thing to say "well obviously we can't control what you
| choose to do with foobar.com"; it's another to say, "the same
| legal person who told you 'you can browse privately' is buying
| your browsing data from foobar.com".
| MrOxiMoron wrote:
| Fun story, if you have a Gmail account and share it with many
| people. Gmail won't like it people logging in from a lot of
| different places... except when in incognito mode, then you can
| login without issue.
| rrmm wrote:
| I think this is a difference between what someone who knows
| what's going on under the hood understands the disclaimer to
| mean, and what other/most people understand it.
|
| The disclaimer put front and center is designed to tell you
| exactly what is going on. But, I'm not at all surprised that
| most people assume incognito/private modes provide far more
| protection than they actually do.
|
| This is a fairly difficult and important technical
| communication problem: To make sure that most people after
| reading something understand what is meant. It's why you end up
| with all those really stupid sounding disclaimers on various
| products not do stupid things that seem obvious not to do.
| evmar wrote:
| (I worked on Chrome.) I remember struggling over how to word
| this page. At a technical level Chrome the program can only
| control what it itself does, which is also what the page
| promises. Unfortunately despite that the result is still
| confusing to users (and judges, it appears).
| Null-Set wrote:
| chrome the program could not make network requests to known
| tracking domains
| Alupis wrote:
| uBlock Origin will do this for you, if you want that level
| of privacy. You do have to specifically allow it to operate
| under Incognito Mode, but then it "just works".
|
| Yes, it's an add-on and not built into Chrome... and yes
| you have to know about it to install it in the first place.
| I'm not exactly sure that's a problem though - if you are
| technical enough to navigate through settings menus in your
| browser, understand what the settings mean and toggle
| options (presumable to enable some built-in version of
| uBlock Origin), then you clearly have the capability to
| install the add-on.
| viklove wrote:
| Google's whole business model is user tracking though. If
| they can't spy on you they go belly up, so chances are they
| won't stop spying on you.
|
| Related: I don't understand why people choose to work for
| Google
| mikelward wrote:
| Then websites would be able to tell if you were browsing
| with incognito on. Isn't that itself a privacy issue?
| bpodgursky wrote:
| It's pretty funny how quickly the principles behind "net
| neutrality" (neutral platform, neutral pipes) fall to
| convenience.
| 1f60c wrote:
| I'm confused by your comment. Are you saying that
| browsers should connect to any host any website tells
| them to because of net neutrality?
| bpodgursky wrote:
| Yes, a browser should be content-agnostic.
|
| Browsers filtering "known trackers" is a very quick slide
| into "known malware", "known spammers", "known foreign
| propaganda", "known conspiracy theories", "known fake
| news", and more.
|
| It's the exact path that social media and other online
| platforms took, and guess what? The same companies build
| browsers.
| solosoyokaze wrote:
| A browser should let the user control their browsing
| experience and make it extremely easy to block all manner
| of user hostile content, starting with trackers.
| doakes wrote:
| I don't disagree with you, but I think parent's point
| still stands that "user hostile content" is defined by a
| company that could change their definition at any time.
| a1369209993 wrote:
| No. "User hostile content" is defined by the _user_.
| solosoyokaze wrote:
| A truly user friendly solution would be to allow
| community curation of blocklists and full user control
| over which they choose to enable. Google is not
| interested in providing a good user experience though,
| they're interested in sucking out as much value from the
| user as possible, using dark patterns when convenient.
|
| With that, I also agree that Google couldn't be trusted
| to editorialize.
| newsbinator wrote:
| I find it's the reverse:
|
| "You've gone incognito" doesn't mean what it says on the tin.
|
| It means "You've gone incognito... from other users of this
| computer, not from us. From us you're still plenty cognito."
| vinger wrote:
| When it came out it was don't save cookies so I can't be
| tracked.
|
| Now that it is known google can track you outside of stored
| cookies it should probably be relabelled to no persistant
| cookies mode and leave the idea of incognito. Using that word
| makes it seem like you are using tor.
| tiborsaas wrote:
| I learned it the hard way that Chrome adds DNT headers in
| incognito mode. I naively tried to debug a Mixpanel issue in
| incognito mode since I use a few privacy extensions in normal
| mode. I got a little mad that my code was still not working then
| I realized that everything is fine, tracking is blocked thanks to
| DNT this time :)
| ldbooth wrote:
| To non technicals the 'cool one word' branding seems to be
| misleading at times. The crazies pushing the limits of Tesla's
| autopilot & such. It's _mostly_ autopilot from what I hear, then
| again I 've never heard of airplanes landing on actual autopilot
| or avoiding birds - the assumptions seem to be built in with
| catchy names unfortunately. Is it a branding or human problem....
| gerash wrote:
| Next: Judge disturbed by the fact that Verizon still sees what
| number you called when you use a throw away phone.
|
| I don't get why on HN such clickbait articles get upvoted to the
| front page.
| AlexandrB wrote:
| A lot of people are replying to point out that this
| demonstrates the judge is technically illiterate like that's a
| _bad_ thing. I think it 's a _good_ thing. This is how a normal
| person perceives this feature and the fact that it doesn 't
| work as advertised is a failure of communication,
| implementation, or both. In my experience most technically
| illiterate people, when common tracking techniques are
| explained to them, are appalled and creeped out. There's a
| growing disconnect between what we in the industry consider
| acceptable and what the non-technical public would consider
| acceptable.
|
| And yes, it's especially galling that when you use one Google
| product in a mode that's supposed to be private _another_
| Google product still tracks you.
| gerash wrote:
| If you wear a mask to be anonymous when you enter a shop do
| you find it "galling" if the cctv still records your entrance
| or did you expect to become invisible suddenly?
| AlexandrB wrote:
| If the mask was made of a material that's transparent to
| CCTV cameras it would be "galling", yes. That's basically
| what's happening here.
| gerash wrote:
| No, the way incognito works is as if you are using a
| throw away device. If the website measures what pages in
| the website you visited it doesn't make such incognito
| "mask" any more transparent.
|
| It'd be similar to the cctv recording what aisles you
| visited in the shop while you had your mask on
| to11mtm wrote:
| > A lot of people are replying to point out that this
| demonstrates the judge is technically illiterate like that's
| a bad thing. I think it's a good thing.
|
| I think it's a double edged sword. Alsup took the time to
| learn Java, and it probably had an impact in his decision to
| rule that APIs weren't copyrightable.
|
| > There's a growing disconnect between what we in the
| industry consider acceptable and what the non-technical
| public would consider acceptable.
|
| I'm not sure I agree with this either. Most of the arguments
| I see that aren't from people who -work- at the companies
| that do the tracking. Otherwise typically what I hear from
| technical people is at worst a 'defeatist' argument; that it
| would require all of the world's governments to enforce such
| regulations against tracking, otherwise it's a zero sum game.
| pb7 wrote:
| Heavy bias against Google, Facebook, Amazon, and Apple.
| boredumb wrote:
| "'Number concealing' phone only conceals the number you're
| calling from, from the 'Number concealing' phone itself"
| CameronNemo wrote:
| It could be an important case, and it demonstrates how
| technically illiterate judges are.
| jeroenhd wrote:
| I think it's quite valuable to know how technically illiterate
| the judge is in a case that could have very real effects on the
| employment of people visiting these websites.
|
| Tracking, trading of personal information and profiling are
| very important topics in computer ethics but when these topics
| hit the courts, the judge can get hung up by just the wording
| of the incognito mode, which, as we all know, opens with a page
| that explicitly states, in non-technical terms so as many
| people as possible can understand, that this information will
| still be collected.
|
| All of the well thought-out narratives on these topics can be
| worthless when a judge bans a practice because they didn't read
| the instructions when they opened incognito mode.
| sjy wrote:
| It's strange that people are dismissing this judge as
| technically illiterate.
|
| > Koh, 45, has become the de facto face of law in Silicon
| Valley. "She has an almost peerless reputation for fairness
| and efficiency in judging the issues of the 21st century,"
| said Tracy Beth Mitrano, director of the Internet Culture,
| Policy and Law Program at Cornell University. "She gets the
| Internet in a way that other judges just don't," she said.
| "Our laws are so out of sync with current social norms and
| technology. What Koh represents is the hope that somebody
| gets it."
|
| https://www.sfgate.com/bayarea/article/In-Silicon-Valley-
| Luc...
| mdtusz wrote:
| It's not a bad thing for these to get posted. If anything, it
| highlights how technically illiterate the powers that be really
| are.
|
| It's all too easy to assume that everyone knows what http
| requests are and how a browser works when working in the tech
| industry, but the _vast_ majority of the population has no idea
| whatsoever how the (modern) technology they use and depend on
| works, on even basic levels.
|
| Most people understand that when you phone someone, it has to
| go through a telecoms company. For some reason, the internet
| doesn't have that same understanding and people are still stuck
| with this idea that browsing to a website is still just a two-
| party transaction between them and the website they visit.
| gowld wrote:
| How can you be "illiterate" if you don't have access to
| Google's source code to see what they do? How is 3rd-party
| analytics essential and obvious to the functioning of a
| website?
| recursive wrote:
| > How can you be "illiterate" if you don't have access to
| Google's source code to see what they do?
|
| By not knowing that sites work based on requests and
| responses. And that site operators can see the contents of
| the requests, otherwise they wouldn't be able to respond.
|
| > How is 3rd-party analytics essential and obvious to the
| functioning of a website?
|
| Whether it's essential or not isn't related to incognito
| mode. If that were a problem, I'd think it would be a
| problem all the time, not just for incognito.
| voceboy521 wrote:
| judge doesn't know how computers work. ok boomer
| whoopdedo wrote:
| Private-mode browsing has to just go away. It has always been
| misrepresented about what it does. Even the one, narrow use case
| it was originally intended for -- hiding browsing history from
| other users of the computer -- it never did a very good job at.
| Its continued presence confuses and misleads people, as this
| article demonstrates. I imagine the only reason it sticks around
| is so developers don't have to face the "bad optics" of removing
| a so-called privacy feature.
| recursive wrote:
| I use it regularly. I find it extremely useful to repeat a
| request without any initial cookies. _Without permanently
| removing the cookies I had_
|
| Some people probably don't have a use for it, but I'd be amazed
| if I'm the only one who does.
| croes wrote:
| Wait until she realizes what Facebook tracks.
| jb775 wrote:
| > Andrew Schapiro, a lawyer for Google, argued the company's
| privacy policy "expressly discloses" its practices
|
| At what point does society strip blanket privacy policies of any
| actual standing
| mosfets wrote:
| Is this FB trying to divert people from the Apple fight?
| ggggtez wrote:
| Kids today are too young to know that Incognito/Private browsing
| was invented as a solution to clearing your history/cookies every
| time you looked at an Adult website so your parents wouldn't find
| out.
|
| This feature is literally just a way of preventing porn from
| showing up in your URL autofill when your mom comes to look
| something up on the computer when you're not around.
| jessaustin wrote:
| You may have a different impression of "kids today" than I
| have...
| MattGaiser wrote:
| It literally says when you open Incognito:
|
| Chrome won't save the following information:
|
| - Your browsing history
|
| - Cookies and site data
|
| - Information entered in forms
|
| Your activity might still be visible to:
|
| - Websites you visit
|
| - Your employer or school
|
| - Your internet service provider
| mastrsushi wrote:
| Yes, even in Porn Mode, Chrome tracks users.
| ksm1717 wrote:
| Read too quickly and thought I may be getting $5000
| carols10cents wrote:
| From the article:
|
| > In this case, Google is accused of relying on pieces of its
| code within websites that use its analytics and advertising
| services to scrape users' supposedly private browsing history and
| send copies of it to Google's servers.
|
| From the Chrome Incognito window:
|
| > Chrome won't save the following information:
|
| > - Your browsing history
|
| > - [etc]
|
| > Your activity might still be visible to:
|
| > - Websites you visit
|
| > - [etc]
|
| I could see an argument being made from a user's point of view
| that if Chrome says it's not _saving_ your browsing history, but
| it turns out _within one incognito session_ it _is_ saving your
| browser history _and providing it to sites that use Google
| Analytics_ , that this would be misleading.
|
| Of course, if the back button didn't work in incognito mode, that
| would also be a problem from a usability standpoint.
| ficklepickle wrote:
| What a poorly edited article. Two typos in one sentence. No space
| after the previous sentence and a missing "of".
|
| "Google has become a target antitrust complaints in the last
| year..."
|
| I realize I may sound like an ass, but I find that very
| distracting. My eyes are drawn to typos and it takes me out of
| the flow.
| PastaMonster wrote:
| Google shot themselves in the foot by being corrupt. Claiming
| incognito protects you while the google analytics and google's
| other services can run around collecting your info without any
| issues. You don't give users a false sense of security. That's
| how your buildings catch fire, literally. Some do fantasize about
| doing it. Read enough forums to see that pattern emerging. I'd
| think that would be a humbling experience if a justified attack
| was executed on google buildings and server farms all around the
| planet. I would laugh my ass off from the karma google is getting
| alone from that. If coordinated correctly no lives will be lost
| either. Not promoting it, pointing out it's possible.
|
| Companies like Google, Apple, Microsoft and facebook needs to be
| forced to split up. Section 230 is also overdue for a rewrite.
| The recent example is facebook just blocked news in Australia.
| Just like that.
| anchpop wrote:
| I don't think very many people care about online privacy or
| tracking. People in the HN bubble really overestimate the
| amount that most people care that some company is giving them
| targeted ads. We're not anywhere close to the level required
| for privacy-focused terrorist cells to start forming
___________________________________________________________________
(page generated 2021-02-26 23:00 UTC)