87 comments

[ 3.4 ms ] story [ 160 ms ] thread
(comment deleted)
[flagged]
I'm sure everything was already sold to a third-party that will lease it back to Google for "research purposes".
Large ad firms don't tend to sell, or 'sell' that data, for five reasons.

1. The data is your competitive advantage, and costs billions of dollars to gather. You would be insane to sell it to someone else.

2. Regulatory. GDPR will absolutely destroy you for doing this.

3. Technical. Most targeted advertising relies on low-latency pipelines, with a lag time from minutes, to, at most, days between events being recorded, and ad targeting engines reacting to the event. You aren't going to sit around waiting for some third-party integration to 'launder' the data for you (Because it won't actually help you against regulatory scrutiny).

4. Practical. Ask people who have actually worked on these systems. Building it that way would be a fucking nightmare, both technically, and for the compliance pain.

Or, if you don't believe anyone, get a job at a large ad firm, and see for yourself... That there isn't any such Rube Goldberg contraption.

5. Even if, against all judgement, all of this happened, a large firm can't keep this a secret for very long, there's way too many moving parts, way too many people involved, and someone on the periphery will whistleblow, and the firm will be in a mountain of legal shit.

Points 1 & 3 & 4 are less important when you know you're in the process of negotiating a settlement for a class action suit where you will likely lose access the the data.

And yes, I worked in AdTech. People really overestimate how many people need to know these things, and how likely people are to whistleblow when the "crimes" are morally grey.

> People really overestimate how many people need to know these things

If there's a giant friggin' third-party endpoint feeding your engine a firehose of data that the firm's whole business relies on, everyone will know about it.

These systems are held together with spit and bailing wire, everything breaks all the time, everything's idiosyncrasies have to be worked around all the time, and all of the component behaviors have to be well-documented for integration and testing and release and design purposes.

This might fly in a small shop, not so much in one with thousands and tens of thousands of eyes involved. The bigger you get, the harder it is to keep a secret.

> If there's a giant friggin' third-party endpoint feeding your engine a firehose of data that the firm's whole business relies on, everyone will know about it.

But they won't know where that third-party's data came from.

Occam's razor suggests that they were to go to that much trouble, it would be much easier to just keep the data and pretend to delete it.

But there are very solid reasons that isn't what they would do (see "It's impossible to keep a secret of that scale in a 100,000 person firm").

It would be hard to keep that a secret inside Google, given the potential rewards to a whistleblower. This is a formal legal settlement that is on regulators' radar. It just takes one whistleblower to tell, and that whistleblower would make 10-30% of the hundreds of millions of dollars in potential fines Google was facing.
> that whistleblower would make 10-30% of the hundreds of millions of dollars in potential fines Google was facing.

citation needed

I know whistleblower rewards exist in tax cases, but in almost every other case I'm aware of, the only "reward" whistleblowers get is losing their career and highly paid job + becoming unhireable.

(comment deleted)
> "We are pleased to settle this lawsuit, which we always believed was meritless," Google spokesman Jorge Castaneda said in a statement, noting that the company would not be paying any damages.

> "We are happy to delete old technical data that was never associated with an individual and was never used for any form of personalization."

In other words, "We've already processed the raw data into the useful forms we want, so, sure, we'll delete the raw stuff to make you happy now!"

AI model has already been trained
(comment deleted)
You're catching down votes but this is almost certainly accurate.

A lot of that data is almost certainly not very useful beyond a one to three month time window. Google can you use traffic data on search to keep tabs on trending topics, tune the algorithm against new human behaviors, and other time boxed benefits. There isn't a lot of use for data that's 6 months old in this context.

For those who believe that "incognito" is actually something private and secret, no it is not and was never meant to be! It still can access the major part of your personal configuration and history, mostly for a convenience purpose. Its main purpose is to stop appending more data there, not to hide you. If you really want to keep your browsing private, you should be using guest mode.
> guest mode

Or a completely separate browser. Or at least a separate profile.

This is a pretty vague warning. What part of your "personal configuration and history" becomes available to websites in Incognito mode? Where did you learn this?
Which part strikes you as vague?

"""Others who use this device won’t see your activity."""

Seems like plain language to me. Anyone who thought this feature was hiding them from the websites they were visiting simply imagined that.

I can't tell what they're warning that websites are doing. Let's say I'm running a website. What information do I get from a browser that's running in incognito mode?

"Personal configuration and activity": where in the HTTP request or JavaScript API is that? What data are we talking about?

IP address, obviously, but that's not news. Or is this about browser fingerprinting?

You get nothing. No cookies no previous local storage. The whole point of Incognito is just that.

Personal configuration: for example a website can query whether a user prefers dark mode or light mode. Incognito browsing doesn't attempt to hide that. Or consider that you have a fairly unique browser window size accessible using window.{inner,outer}{Width,Height}. Incognito also doesn't hide it from websites.

None of this is inherently newsworthy. It's only newsworthy because people misunderstood Incognito and filed a lawsuit. I'd say that people seemed to have mixed up the privacy offered by the Tor browser and the privacy offered by Incognito at some point.

They didn't mix anything up, rather they asserted the definition of reasonable being employed by Google was wrong.

You say you offer an incognito mode. Google says it's clear to everyone that they and everyone else it's okay to and normal to track you through it.

Everyone else goes "that's not reasonable at all".

This is basically Google saying "Well, it was a good run while it lasted."

(comment deleted)
No, what’s not reasonable is expecting websites to change their behavior in any way because you’re in incognito mode.

They will do all the same tracking they always do, because they neither know or care what mode your browser’s in.

It's in fact perfectly reasonable to expect it when combined with an asserted DNT bit. Also, given the years of technical discourse on this very forum on how to tell "is someone incognito'd" by fingerprinting and trying to track them regardless.

Maybe you have a pony in this rodeo you don't want to change. That's fair. However, I held the entire rodeo in the first place was illegitimate. User tracking/cross-site data harvesting/tracking pixels should all have been legally strangled before an absurd number of people were unjustifiabpy enriched by selling something they had no business collecting in the first place.

There are a non-trivial number of like-minded individuals who feel the same in both our cases, and by settling,.Google handily mooted the question for now.

Now that you say "combined with an asserted DNT bit" I can see where your confusion comes from. Incognito mode doesn't imply DNT. But I can see many non-technical users (as well as technical users who purposefully muddy the waters) equating Incognito mode with the DNT bit, and equating the DNT bit to be a legally binding request to the website not to track them.
Of course it's okay and normal for a website to track a user even when they put their browser in Incognito mode. Anyone not understanding that is either not being reasonable in the first place, or so ignorant about the basics of the web that their opinion is not worth listening to.
So, you've just hit on a weakness of the legal "reasonable person principle" and, possibly, the reason Google decided to settle this case.

By settling, they've left the legal question of what a "reasonable person" should expect here open. If someone else wants to sue later over this term or some related term maybe having a different layperson meaning, they can but they're back to square one: new case, new facts, no precedent.

Had Google dragged this out, and the Court concluded that a "reasonable person" believed "incognito" meant something other than what every tech-head has understood it to mean for the past sixteen years... The industry would have been in for a world of hurt.

It might seem so simple to many people but not everyone has the same mental capacity.
To build on this, personal cybersecurity is complex in general, and only seems 'simple' if you've been blessed to grow up around computers, the internet AND have more than a simply utilitarian interest in technology.

Increasingly, the world assumes that all three of the above are true for everyone, and anyone else gets marginalized.

Cookie Banners have made the general public believe that local cookies are all that are used for tracking :-/

Smart people I’ve spoken to have no idea about browser finger printing!

>If you really want to keep your browsing private

Guest mode is wildly insufficient for actual privacy. Something like brave is about as good as a layman can do, and brave + vpn is reasonably private.

Most of privacy, however, is going to come down to hygiene. It doesn't matter how private your operations are after you sign in to google.com to check your email or facebook.com to dish out some uplikes.

Guest mode does not honor your settings. It mostly defaults to install-time configuration.

Incognito mode is fine. It doesn't persist data, it doesn't give websites access to existing main-profile data (cookies, etc), and it actually honors the settings of the profile it was spawned from.

None of this robustly prevents fingerprinting, but neither does switching to another browser or wiping your profile clean. There's just a bunch of system and network characteristics that leak info because of how the web is designed. Google didn't make it so and I don't think they're using it to serve you ads.

I think two things can simultaneously be true. Google's privacy practices aren't great, and they weren't actually doing anything that a reasonable person wouldn't expect to be happening in incognito. This was a lawsuit filed to shake them down, not to benefit the consumer. And apparently, it was flimsy enough that it started with a $5B demand, and is ending with no payout at all.

> None of this robustly prevents fingerprinting, but neither does switching to another browser or wiping your profile clean.

I'm by no means an expert, but doesn't the Mullvad browser in combination with a (trusted) VPN robustly prevent fingerprinting? It got a pretty good response when it was posted here a while ago. I'd be interested to know by someone more knowledgeable just how robustly it prevents fingerprinting.

Mullvad Browser is Tor Browser without the Tor network, so it should dramatically decrease your fingerprint-ability yes.
I just use Tor Browser. It's kind of a pain with Cloudflare always trying to de-anonymize me but I figure, it's better than using the clearweb.
What do you mean Cloudflare is always trying to de-anonymise?

Still amazes me that Tor exists simply to hide American (and no doubt other Five-Eyes) spies among the ‘privacy advocates’ and others.

I admit, I used to believe in the ‘Tor mission’ for years and years.

I mean what I say. There is no reason for Cloudflare's browser checks outside of their desire to de-anonymize Tor users.
The checks are to make sure you're using an actual browser and not some sort of automated program like curl to make 100k requests.
Tor is notoriously slow and bandwidth limited. That's not the reason.
5Tbps of botnet bandwidth isn't the only way to do a DDoS attack. L7 attacks can be pulled off with far less bandwidth.
Cloudflare attempts to guard sites using it against malicious traffic. To figure out if traffic is malicious, it has to sort out the "smell" of it: is it probably legit, or is it probably a known scraper / a penetration test attack / a DOS attack?

Some of that is done by inspecting the shape of packets but to figure out if, for example, a sudden spike in QPS is a legit novel interest in the data stored at the resource or a DDOS attack, Cloudflare's automated system will try to figure out if multiple incoming requests are actually from the same source and will throttle them all if they're determined to be hostile. Because, well, that's how you guard against DDOS in an automated fashion.

And in the middle, when Cloudflare can't determine the shape of the incoming traffic, it'll hit it with more scrutiny to check if it's automated. So if you're browsing with Tor, Cloudflare doesn't have a history on your requests to decide if they have a good past-behavior pedigree, so it ups the scrutiny: it'll try to cookie you and it'll throw up more CAPTCHAs to make you prove you're a legit human user of Tor and not someone trying to use Tor to hide a DDOS.

> was never meant to be

Since "incognito" literally means "with one's identity concealed" [1], the fact that this was allegedly never intended to be a browsing mode that concealed one's identity is absurdly dishonest.

You developers who work on this sort of crap should be ashamed of yourselves.

[1] https://www.merriam-webster.com/dictionary/incognito

Except, there has been a disclaimer for as long as I can remember that clearly states that incognito will not hide your activity from websites, your employer, or a gov agency. It has always been billed as a way to order a present without a shared user seeing that in the history.
A disclaimer is great, but like the prior post said, when you give something a name and then redefine the meaning of the name in a disclaimer, it feels dishonest.

The Honest* Browser *disclaimer: may lie

I do get what you are saying, and would agree that one should strive to use words as the dictionary indicates for clarity. But I also think that much product and marketing overloads terms and most of the time there isn't a clear definition. So, I hardly take issue with a case where there is a relatively direct contextual definition.

Also worth considering that dictionary definitions aside, things can mean different things to different people. As a silly example, we can consider the :) emoji. Apparently many young people think it is passive aggressive [0]. To me, it is just a smiley face. So, I'd argue contextual definitions are useful.

[0] - https://www.google.com/search?q=smiley+emoji+passive+aggress...

It was introduced in the era when families regularly shared computers. It was meant to hide history from people using the same machine, not from the internet.
Incognito mode and other private browsing modes can only change the local behavior of your browser. They cannot magically cause web sites to treat you in any specific way.
It was always intended to conceal from other users of a shared machine back in the day when most machines were shared, such as in a family setting.

General comprehension of the term changed because usage patterns changed.

> If you really want to keep your browsing private

...then don't use a browser built by an ad company!

More so, people using have some total la-la imagined world where signing in while incognito should count, would magically erase the whole session after.

As a Mage: The Ascension & Mage: The Awakening tabletop game fan, this attempt to cast ritual legal magic to grant everyone a reasonable level of Arcane is pretty cool. But it's definitely magic that the group is hoping for.

I mean it's supposed to be impossible for a web server to know you are using Incognito, by design, for hopefully obvious reasons. So by extension it's also impossible for websites to "respect" that you are in incognito and delete your server side session data afterwards. The browser of course handles deleting your local data once the incognito session is closed.
Or not use chrome. Try Firefox instead
Firefox private browsing is implemented almost identically to Chrome incognito mode and will not offer any meaningfully better privacy. Both will not save cookies and browsing data locally, but both can be tracked by the remote sites you access.
The big difference is that Firefox is not uploading your browsing history to the browser's creator
Does chrome do that for incognito mode windows?
Firefox won't try to actively break your AdBlock extension (which should be uBlockOrigin)

Firefox won't implement cohort user tracking. if they do, probably not in incognito like chrome, which just sets a new set.

Firefox doesn't preload hundreds of links from the page your reading, using google's dns serves despite your dns settings.

so many reasons that people here just ignore and pretend they know anything at all about browsers today.

I understand why people fall for it. It's called private browsing. Privacy used to mean seclusion from the knowledge and observation of others.

Now it means only you and a slew of corporations and government agencies from all over the planet, can know what you're doing and the data is stored in a massive database for eternity.

Seclusion from the knowledge and observation of others is still a worthwhile endeavor and I sorely miss it. It is very difficult to nurture your own mind when your body is constantly "on the record".

If you want to do something privately, the first thing you do should not be to make calls to hundreds of strangers you've never met. That is, don't use a web browser.
One way to describe incognito correctly is that it is a "porn mode". You do not want your spouse, children or anyone else to find out what you were watching. But that is it. Incognito does not prevent the browser company from seeing what you saw, the porn companies from noticing what you saw or does not stop anyone who has access to some rudimentary-sophisticated software skills (including your spouse) from figuring out what you did in your incognito.

A more appropriate thing to do however is to use a different browser altogether like Edge for such things and using it's incognito mode + some VPN protection do do whatever secret stuff you do. Even that does not give you full protection. Only the level of sophistication to beat your privacy goes up.

How can a local attacker see your past incognito content?
Install discrete screen recording software and wait for you to do it again.
Incognito mode isn't incognito, autopilot doesn't automatically pilot, unlimited internet isn't unlimited, "buy" a movie and you don't own it.

But you're the idiot if you expected words to have meaning.

Should people be angry when they're kicked out of an endless buffet for over-indulging?
Stop trusting google. It's that simple.
This one wasn't really a Google issue.

Browsing Amazon in private mode with Firefox, or, hell, Hacker News in Edge's InPrivate mode, you'd have the same issue. None of those modulate what Hacker News knows about you.

it did send do not track headers thought...
> If you really want to keep your browsing private, you should be using guest mode.

If you really want to keep your browsing private, you should be using a browser that doesn’t make its money by knowing everything about you

Chrome is good browser, Google is evil. Ungoogled chromium is a project that removes all reference to Google. Bit tricky to get the extensions work, but once it's setup works like charm.
[flagged]
Incognito mode stops the browser from logging information about its use to the local machine.

There is no technical mechanism for preventing servers on the internet from logging the fact that a client connected to them, or logging every piece of information the client is willing to divulge for that server.

No, they were recording data from every user in any browser that accessed google.com and their other sites.

That behavior is normal for the majority of sites on the internet.

AFAICT, reading the article, Google is going to stop collecting data from all browsers/machines that connect to their websites and only collect data from browsers/machines that are logged in to a google account.

Further, they are deleting data saved from browser/machines that were not logged in. Users that were using incognito-mode are a subset of all users that use their sites that are not logged in. In general, a website can not distinguish between a user in incognito-mode and a user not logged in except in that, a user not logged in but using a non-incognito mode would have manually clear their cache, cookies, local storage, etc where as in incognito-mode that is done automatically when you close the last tab.

This is why I make specific profiles for all kinds of things in chrome & Firefox. I've got a little wrapper for browser-launch that lets me pick.

It's a unique `--user-data-dir` and the like.

I've got about 100 right now. Unique to project, or use-case or special command line (eg using mitmproxy).

The funny part about this whole thing is that Google actively works to ensure that websites cannot tell that you are in Incognito mode. For instance, see [1]

If Google servers have a way to detect that a request arrives using Incognito mode, then so does everyone else, which means its a bug that Google needs to fix. And if we assume that a server cannot tell you are in Incognito mode (specifically), then there is no way to turn off the normal tracking mechanisms that a website might employ. This is one of those things where it sounds like a good idea to tell websites to not track users who use Incognito, but in practice that would actually be a bad idea, because then websites would constantly tell you that you are not allowed to browse their site in Incognito, and thus no one would use it...

Now, the kind of tracking that would work across independent Incognito sessions would be user fingerprinting, and using fingerprinting to bypass the desire of a user to shake off being associated with an identity is shady behavior. If the lawsuit is alleging that Google is using fingerprinting techniques to associate traffic without cookies to a common identity, well then why aren't they suing them for that? That's bad whether you use Incognito or not.

The whole thing is pretty dumb.

Also interesting: Assuming that Google indeed cannot tell server-side whether you are in Incognito mode, exactly what are they deleting as part of this settlement? The article does have a quote: "We are happy to delete old technical data that was never associated with an individual and was never used for any form of personalization."

I guess this means Google is just deleting old data that they were unable to associate with a person, but the entire claim was that Google was associating Incognito traffic together with a person's non-Incognito traffic- so effectively Google is doing nothing here. And yet I'm not sure what they could do.

[1] https://blog.google/outreach-initiatives/google-news-initiat...

> well then why aren't they suing them for that?

Because “they” already sued Google for misleading average people not on HN, and Google already lost.

> The whole thing is pretty dumb.

Indeed, fully half of Google's users are below average.

""We are pleased to settle this lawsuit, which we always believed was meritless," Google spokesman Jorge Castaneda said in a statement, noting that the company would not be paying any damages."

The case was Brown v. Google. The filing below has a decent summary of the case. Google's spokesperson claims Google "believed [the suit] was meritless" but at the same time Google chose to settle. Are the company's actions congruent with its alleged beliefs. Will settling "meritless" claims lead to more "meritless" claims in the future.

https://storage.courtlistener.com/recap/gov.uscourts.cand.36...

Google's spokesperson notes that "Google would not be paying any damages". However Google will be paying the plaintiffs lawyers' fees, costs and service awards; was this litigation inexpensive. Moreover, Google can still be sued for damages for wiretapping by the individual plaintiffs. For example, a first batch of 50 plaintiffs are currently suing for damages under California law. (Will Google settle these "meritless" claims.) Google will also pay damages to the class representatives as decided by arbitration.

Unfortunately the injunctive relief negotiated in the Brown settlement, requiring Google to stop collecting data via 3rd party cookies in Incognito mode, expires after 5 years.

> Lawyer David Boies of Boies Schiller Flexner LLP, who represented users in the fight, called the deal an "historic step in requiring honesty and accountability from dominant technology companies".

He isn't interested in honesty and accountability for himself or the technology companies he hires, though:

https://en.m.wikipedia.org/wiki/David_Boies

> In 2017, Boies' firm reportedly directed the Israeli private intelligence company Black Cube to spy on alleged victims of Harvey Weinstein's sexual abuse and on reporters who were investigating Weinstein's actions.[46] Over the course of a year, Weinstein had Black Cube and other agencies "target", or collect information on, dozens of individuals, and compile psychological profiles that sometimes focused on their personal or sexual histories. "Boies personally signed the contract directing Black Cube to attempt to uncover information that would stop the publication of a Times story about Weinstein's abuses, while his firm was also representing the Times, including in a libel case.

Wow, what a perfect example of a two-faced lawyer
No, I only see one face: winning the case no matter the means used.
> On Monday, Google also agreed to delete "hundreds of billions" of private browsing data records it had collected, the court filing said.

> "We are happy to delete old technical data that was never associated with an individual and was never used for any form of personalization."

How does Google know which data records to delete? Did they store data collected from private browsing sessions differently from non-private browsing sessions?

Good question. There are various Incognito detection techniques (with varying degrees of success), but we probably would've heard if google.com was employing these techniques.