• heyoni@lemm.ee
    link
    fedilink
    English
    arrow-up
    84
    arrow-down
    4
    ·
    10 months ago

    I don’t use chrome but this is a whole lot of nothing. It’s basically saying if you save a file or an article to your reading list it’ll still be there…and that remote websites will still stuff your face with cookies and try to track you…but it’s not like they’re giving you a special chrome cookie to link your private and non private browsing. Server side tracking never goes away, not even with Firefox.

    Anyways, who cares. Delete chrome and start using Firefox. But again, make sure you delete the files you download in incognito or they’ll still be there. And your ISP can still see which domains you’re going to if you use them as your DNS.

    • cttttt@lemmy.world
      link
      fedilink
      English
      arrow-up
      10
      ·
      edit-2
      10 months ago

      And your ISP can still see which domains you’re going to if you use them as your DNS.

      Just so you know, because TLS SNI is not encrypted and not yet universally obfuscated (adoption of this is pretty slow and one of the largest CDN providers had to pause their rollout last I checked), not-even-barely-deep packet inspection can be used to track the sites you visit regardless of your DNS provider or wherever resolution is encrypted. Just do a packet dump and see.

      Also, if a website isn’t fronted by one of the most popular CDN providers in existence, it can be possible to infer the sites you’re visiting based on their server IP addresses.

      Although this just shifts where tracking can occur, a VPN is the only reliable way to maybe prevent your ISP from tracking the sites you visit, if this is your desire.

      • heyoni@lemm.ee
        link
        fedilink
        English
        arrow-up
        1
        ·
        10 months ago

        Yep, I’m aware. It’s how that one guy hacked his airplanes wireless, by setting up a certificate with his domain and the airlines and then using that domain + port 443 as an ssh or vpn tunnel.

        So TLS rollout is slow because the websites can still be seen with packet inspection? We’re talking about TLS 1.4 right?

        • cttttt@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          10 months ago

          I’m not sure if it’s part of a TLS standard yet but I was talking about encrypted SNI (ECH, formerly called ESNI).

          Today, early on in a TLS connection, the client actually tells the server, in plain text, the domain name it’s intending to communicate with. The server then presents a response that only the owner of that domain can produce, then keys are exchanged and the connection progresses, encrypted. This was required to allow a single server to serve traffic on multiple domains. Before this, a server on an IP:Port combo could only serve traffic on a single domain.

          But because of this, a man in the middle can just read the ClientHello and learn the domain you’re intending to connect to. They can’t intercept any encapsulated data (e.g. at the HTTP level, in the case of web traffic) but they can learn the domains you’re accessing.

          ECH promises to make the real ClientHello encrypted by proceeding it with a fake ClientHello. The response will contain enough information to fetch a key that can be used to encrypt the real ClientHello. Only the server will be able to decrypt this.

    • Toes♀@ani.social
      link
      fedilink
      English
      arrow-up
      34
      arrow-down
      2
      ·
      10 months ago

      Well you see, it’s used by virtually everything. So get used to it. is all I imagine people saying, not my opinion.

    • Zagorath@aussie.zone
      link
      fedilink
      English
      arrow-up
      5
      ·
      10 months ago

      I switched away from chrome a while ago, but this is just stupid. Incognito has always said that it can’t stop sties from tracking you. It’s always been about stopping stuff from being stored locally. Here’s the message:

      If you read that and thought it did more than it said, that’s on you.

      • TherouxSonfeir@lemm.ee
        link
        fedilink
        English
        arrow-up
        1
        ·
        10 months ago

        I think what people are complaining about is that Google itself is tracking you. Not just with cookies, but with the chrome browser. Everything you do goes back to Google, regardless of their silly Google analytics, JavaScript tag that people block.

        • Zagorath@aussie.zone
          link
          fedilink
          English
          arrow-up
          2
          ·
          10 months ago

          Hey out of interest, did my comment just show up for you?

          Not just with cookies, but with the chrome browser

          Wow really? Has that actually been documented? Because yeah, that definitely changes things in my mind.

          • TherouxSonfeir@lemm.ee
            link
            fedilink
            English
            arrow-up
            1
            ·
            10 months ago

            Just like I woke up, but it was probably there for a while.

            Regarding documentation… I mean, it’s Google… C’mon. I’m sure there’s lots of stuff about them spying with minimal searching (don’t use Google.com though, hahaha)

            • Zagorath@aussie.zone
              link
              fedilink
              English
              arrow-up
              2
              arrow-down
              1
              ·
              10 months ago

              it was probably there for a while

              Nah, it might not have been. Have been dealing with federation issues that I think may only have sorted themselves out mere minutes before your comment.

              I’m sure there’s lots of stuff about them spying with minimal searching

              Eh, not good enough. They’ve got a lot of spying, but this is a specific claim. It needs to be supported by specific evidence.

              It’s like when people claim that Google devices are constantly recording audio and sending it back to base. Nobody has ever found evidence of it, and claims that they are are usually better explained by things like “they are recording your geolocation, and the geolocation of people you’re with, and the things that the people you’re with are Googling”. That’s enough data on its own, there’s no need to reach for conspiratorial claims that lack evidence.

              If there’s actual evidence that the browser itself is sending tracking data back while in Incognito which links your non-incognito profile to what you’re doing incognito, I’m concerned. But if it’s just assumptions people are leaping to, I’m gonna go back to Occam’s razor and make fewer assumptions.

    • Rediphile@lemmy.ca
      link
      fedilink
      English
      arrow-up
      5
      arrow-down
      2
      ·
      10 months ago

      I can bitch about chrome all day long… but none of that bitching will be about incognito mode as that was and continues to be an useful feature that did exactly what I expected it to do. Everything it said it did, it did.

      Just because people made up their own imaginary ideas about what they think it does isn’t really Google’s fault. If people think snorkels allow them to scuba dive and then drown, I’m not about to blame the snorkel maker that wrote ‘diving googles and snorkel’ on the packaging.

    • lolcatnip@reddthat.com
      link
      fedilink
      English
      arrow-up
      3
      arrow-down
      2
      ·
      edit-2
      10 months ago

      Incognito mode didn’t do what it was never advertised to do, and in fact does precisely what it always claimed. The horror!

      I swear people like you act like every day Google simply exists is a fresh outrage.

  • PoopMonster@lemmy.world
    link
    fedilink
    English
    arrow-up
    36
    arrow-down
    2
    ·
    10 months ago

    I’m curious as to what led people to believe otherwise before this update. I don’t use chrome but I recall it always being reffered to as porn mode. Meaning it just doesn’t save browsing history, no more no less.

    Did Google have misleading wording implying it was doing anything else?

    • anlumo@lemmy.world
      link
      fedilink
      English
      arrow-up
      25
      arrow-down
      1
      ·
      10 months ago

      It also doesn’t preserve cookies after closing the window. I’m also curious what people expect that mode to do.

      • kratoz29@lemm.ee
        link
        fedilink
        English
        arrow-up
        7
        arrow-down
        1
        ·
        10 months ago

        Well, fill incognito I guess, no trace for you, you can surf even the deep web… That for the less technical folks ofc.

        • Rediphile@lemmy.ca
          link
          fedilink
          English
          arrow-up
          14
          ·
          10 months ago

          It seems the whole last decade has been focused on dumbing the Internet down for the dumbest 10% of the population. The Internet was better when it was less inclusive.

          • kratoz29@lemm.ee
            link
            fedilink
            English
            arrow-up
            1
            arrow-down
            1
            ·
            10 months ago

            Have you seen when people cry when Netflix removes beloved content for them?

            Pathetic.

            • Rediphile@lemmy.ca
              link
              fedilink
              English
              arrow-up
              2
              ·
              10 months ago

              I don’t understand paying for streaming media at all… but I’m from the before times.

              • kratoz29@lemm.ee
                link
                fedilink
                English
                arrow-up
                1
                ·
                10 months ago

                Convenience mate, but they are making it less convenient each day so…

                Just to say this more clearly, I’d rather watch something on Stremio with Torrentio and Real Debrid than Netflix, even if it is the same movie or tv show or anime.

                • Rediphile@lemmy.ca
                  link
                  fedilink
                  English
                  arrow-up
                  1
                  ·
                  10 months ago

                  Yep, I never switched from torrents as I never found anything more convenient.

    • tastysnacks@programming.dev
      link
      fedilink
      English
      arrow-up
      5
      arrow-down
      1
      ·
      10 months ago

      I remember interviews with the development team about it. As far as I know they were always clear what was happening on the back end.

    • Ann Archy@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      6
      ·
      10 months ago

      Did Google have misleading wording implying it was doing anything else?

      Do they literally have anything else?

      • lolcatnip@reddthat.com
        link
        fedilink
        English
        arrow-up
        4
        ·
        10 months ago

        Every time I’ve read the disclaimer it has been very clear and accurate, but don’t let me cloud the issue with facts.

        • Spotlight7573@lemmy.world
          link
          fedilink
          English
          arrow-up
          2
          ·
          10 months ago

          And it’s been that way since the beginning basically and is a lot more upfront about what it does and doesn’t protect against than other browsers like Safari.

          The new language just makes it even clearer it applies to Google’s online services and I don’t see that as a bad change though.

  • uuhhhhmmmm@sh.itjust.works
    link
    fedilink
    English
    arrow-up
    21
    arrow-down
    2
    ·
    10 months ago

    I was always curious why is it called Incognito or Private mode? Temporary or Guest session would make more sense: “You’ve entered a Temporary session. Your browsing history and cookies will not be saved.”

  • Lojcs@lemm.ee
    link
    fedilink
    English
    arrow-up
    25
    arrow-down
    10
    ·
    edit-2
    10 months ago

    I find this very silly. Incognito always had disclaimers about how it doesn’t protect you from tracking. Do people not know Google is just a website that does taking (or did anyway) like any other? And how tf did Google lose that lawsuit when eulas have “this software isn’t fit for any purpose” clauses and incognito was never advertised for privacy to begin with and straight up tells you it doesnt give you privacy when you open it.

    • Crashumbc@lemmy.world
      link
      fedilink
      English
      arrow-up
      8
      arrow-down
      2
      ·
      10 months ago

      If I had to guess, is because the mode’s very name strongly tells you so?

      Definition– adjective (of a person) having one’s true identity concealed. “in order to observe you have to be incognito”

      adverb in a way that conceals one’s true identity. “he is now operating incognito”

      noun an assumed or false identity. “she is locked in her incognito”

      • Lojcs@lemm.ee
        link
        fedilink
        English
        arrow-up
        1
        arrow-down
        2
        ·
        10 months ago

        having one’s true identity concealed

        Which is exactly what the incognito mode does. Being incognito doesn’t mean you can’t be tracked in your fake identity

    • _number8_@lemmy.world
      link
      fedilink
      English
      arrow-up
      8
      arrow-down
      2
      ·
      10 months ago

      not protecting users from tracking is very different than wantonly tracking users yourself when they literally hit the privacy button

      • Lojcs@lemm.ee
        link
        fedilink
        English
        arrow-up
        2
        ·
        10 months ago

        I would think such a thing would be a bigger liability. Because even if Google stops tracking you other trackers wouldn’t. If people didn’t read and understand “this does not protect against trackers” they definitely aren’t going to do that with “this will stop Google’s trackers but not 3rd party ones”.

      • jinwk00@lemm.ee
        link
        fedilink
        English
        arrow-up
        12
        ·
        10 months ago

        Isn’t Librewolf fork of Firefox with hardened features pre-enabled?

        • TheGrandNagus@lemmy.world
          link
          fedilink
          English
          arrow-up
          8
          ·
          edit-2
          10 months ago

          It is.

          You could argue that the security patches Mozilla applies takes time to be applied to Librewolf, and also that all you need to do in Firefox is change a couple of options in the settings. People debate over which one matters more.

          In the real world I imagine it hardly matters.

    • MeanEYE@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      ·
      10 months ago

      Unfortunately I have it installed to double-check things and occasional compatibility purpose. Believe it or not, sites have started to appear who work in Chrome but not Firefox. Solution is most likely perfectly simple but developers just don’t want to deal with it so I’ve been told “just use Chrome” few times in past few years.

      • Spotlight7573@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        10 months ago

        Not quite, in 2018 they did add tracking protection to their list of goals for their Private browsing mode and have implemented features to reduce tracking/fingerprinting/etc while in it. The main focuses though were still the same at the start though: protecting against local data being saved.

        https://wiki.mozilla.org/Private_Browsing

        We target Private Browsing to 3 privacy goals; in a Private Browsing session, Firefox:

        • Doesn’t save the browsing history or display it in the Firefox UI
        • Prevents the session’s data from writing to persistent storage
        • Protects the session’s data from online tracking
  • MeanEYE@lemmy.world
    link
    fedilink
    English
    arrow-up
    5
    arrow-down
    2
    ·
    10 months ago

    Talk about easy way out. “There, problem solved. It’s not a violation if we write it somewhere in tiny font.”

    • Rediphile@lemmy.ca
      link
      fedilink
      English
      arrow-up
      5
      ·
      10 months ago

      The amount of words needed to fully explain this to tech illiterate idiots would be so many that those idiots would just argue they cannot be expected to read all of it. These people already do this with the terms + conditions documents they agree to.

      Incognito mode did every single thing it said it did and behaved exactly as I expected from day one. Is there a single user here who actually was surprised by how it worked? Did anyone honestly think it was like Tor or something? Why? Where did anyone ever get that idea at all?

  • Loce@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    10 months ago

    Every day I’m more glad I’ve got rid of that spyware browser-wannabe called Chrome.