I don’t use chrome but this is a whole lot of nothing. It’s basically saying if you save a file or an article to your reading list it’ll still be there…and that remote websites will still stuff your face with cookies and try to track you…but it’s not like they’re giving you a special chrome cookie to link your private and non private browsing. Server side tracking never goes away, not even with Firefox.
Anyways, who cares. Delete chrome and start using Firefox. But again, make sure you delete the files you download in incognito or they’ll still be there. And your ISP can still see which domains you’re going to if you use them as your DNS.
And your ISP can still see which domains you’re going to if you use them as your DNS.
Just so you know, because TLS SNI is not encrypted and not yet universally obfuscated (adoption of this is pretty slow and one of the largest CDN providers had to pause their rollout last I checked), not-even-barely-deep packet inspection can be used to track the sites you visit regardless of your DNS provider or wherever resolution is encrypted. Just do a packet dump and see.
Also, if a website isn’t fronted by one of the most popular CDN providers in existence, it can be possible to infer the sites you’re visiting based on their server IP addresses.
Although this just shifts where tracking can occur, a VPN is the only reliable way to maybe prevent your ISP from tracking the sites you visit, if this is your desire.
Yep, I’m aware. It’s how that one guy hacked his airplanes wireless, by setting up a certificate with his domain and the airlines and then using that domain + port 443 as an ssh or vpn tunnel.
So TLS rollout is slow because the websites can still be seen with packet inspection? We’re talking about TLS 1.4 right?
I’m not sure if it’s part of a TLS standard yet but I was talking about encrypted SNI (ECH, formerly called ESNI).
Today, early on in a TLS connection, the client actually tells the server, in plain text, the domain name it’s intending to communicate with. The server then presents a response that only the owner of that domain can produce, then keys are exchanged and the connection progresses, encrypted. This was required to allow a single server to serve traffic on multiple domains. Before this, a server on an IP:Port combo could only serve traffic on a single domain.
But because of this, a man in the middle can just read the ClientHello and learn the domain you’re intending to connect to. They can’t intercept any encapsulated data (e.g. at the HTTP level, in the case of web traffic) but they can learn the domains you’re accessing.
ECH promises to make the real ClientHello encrypted by proceeding it with a fake ClientHello. The response will contain enough information to fetch a key that can be used to encrypt the real ClientHello. Only the server will be able to decrypt this.
Okay Chrome lovers, talk yourself out of this one…
Well you see, it’s used by virtually everything. So get used to it. is all I imagine people saying, not my opinion.
I can bitch about chrome all day long… but none of that bitching will be about incognito mode as that was and continues to be an useful feature that did exactly what I expected it to do. Everything it said it did, it did.
Just because people made up their own imaginary ideas about what they think it does isn’t really Google’s fault. If people think snorkels allow them to scuba dive and then drown, I’m not about to blame the snorkel maker that wrote ‘diving googles and snorkel’ on the packaging.
I switched away from chrome a while ago, but this is just stupid. Incognito has always said that it can’t stop sties from tracking you. It’s always been about stopping stuff from being stored locally. Here’s the message:
If you read that and thought it did more than it said, that’s on you.
I think what people are complaining about is that Google itself is tracking you. Not just with cookies, but with the chrome browser. Everything you do goes back to Google, regardless of their silly Google analytics, JavaScript tag that people block.
Hey out of interest, did my comment just show up for you?
Not just with cookies, but with the chrome browser
Wow really? Has that actually been documented? Because yeah, that definitely changes things in my mind.
I’m curious as to what led people to believe otherwise before this update. I don’t use chrome but I recall it always being reffered to as porn mode. Meaning it just doesn’t save browsing history, no more no less.
Did Google have misleading wording implying it was doing anything else?
It also doesn’t preserve cookies after closing the window. I’m also curious what people expect that mode to do.
Well, full incognito I guess, no trace for you, you can surf even the deep web… That for the less technical folks ofc.
It seems the whole last decade has been focused on dumbing the Internet down for the dumbest 10% of the population. The Internet was better when it was less inclusive.
Did Google have misleading wording implying it was doing anything else?
Do they literally have anything else?
Every time I’ve read the disclaimer it has been very clear and accurate, but don’t let me cloud the issue with facts.
And it’s been that way since the beginning basically and is a lot more upfront about what it does and doesn’t protect against than other browsers like Safari.
The new language just makes it even clearer it applies to Google’s online services and I don’t see that as a bad change though.
All google products track you. Don’t use Google products.
Firefox’s private browsing description is pretty solid if anybody managed to read it
