How safe is Chrome’s Incognito mode? Most privacy experts (and non-experts) will recommend it if you want to enhance your privacy while surfing the web. True to its name, both Google Chrome Incognito mode and the private browsing mode you find in most internet browsers provide a more discreet experience and help cover some of your tracks. But users often overestimate the extent of the protection private browsing provides.
A recent study by researchers at the University of Chicago and Leibniz University of Hannover found that a considerable percentage of users wrongly think private browsing will protect them against malware, advertising, tracking codes and the prying eyes of internet service providers (ISPs).
Here’s what you need to know about what private browsing can and can’t do.
How does private browsing work?
What is private browsing, exactly? The private mode feature included in all major browsers is meant to avoid leaving traces on your device. When you close a private browsing window, it clears all the data you generated during that session. This includes your browsing history, autofill information and your browser cache. Private browsing also deletes cookies, the bits of data that allow you remain signed in your accounts when you close and relaunch your browser.
Basically, what this means is that when you end your private browsing session, a person who gains access to your computer won’t be able to see which websites you’ve visited or gain access to accounts that you’ve signed into using the private mode.
Is private browsing safe?
Private browsing is also a good privacy tool when you’re using a shared computer, such as in a library or the university, to browse the web and access your accounts. It will make sure that the next person who uses the computer won’t be able to spy on you. However, the power of private browsing is limited to your local device. It’s worth noting that most privacy threats come from outside your device, not inside. Here, there’s little your browser’s private mode can do.
Private browsing won’t protect you against malware
More than 25 percent of the participants in the survey conducted by Chicago University and Leibniz University believed that private browsing will provide better protection against web-based malware. They couldn’t be further off the mark.
Most malware will cause harm only after they find their way into your computer, so it doesn’t have much to do with your browser. For instance, if you open a phishing email that contains a malicious attachment, it doesn’t make a difference whether you download it with a normal or a private browsing window.
Where malware is concerned, nothing will replace a good antivirus installed on your computer.
Browser extensions are an exception. Some browser extensions manifest malicious behavior such as stealing information, redirecting to malicious website or modifying on-page content. Browsers handle extensions in different ways when using the private mode. Microsoft Edge completely disables extensions while Safari and Firefox leave them enabled by default. Google Chrome and Opera disable extensions by default in private browsing, but users can enable them if they wish to do so.
Private browsing won’t protect you against government and ISP snooping
Eric Schmidt once said, “If you’re concerned, for whatever reason, you do not wish to be tracked by federal and state authorities, my strong recommendation is to use incognito mode, and that’s what people do.”
Government agencies regularly monitor internet traffic for different reasons, but they are not alone. Internet service providers also regularly collect and analyze the browsing habits of their customers for advertising purposes or to sell them to third parties. In fact, last year, a resolution ratified in Congress and signed by President Trump gave ISPs the green light to collect and sell customer data without their consent.
As an internet user, you have every right to be concerned about who can see your browsing habits, but contrary to what Schmidt recommends, Chrome’s Incognito mode won’t help you hide your traces. Private browsing does not make you anonymous or invisible. As the gatekeeper to your internet traffic, your ISP (and by extension, government agencies) will be able to see which sites you visit, regardless of the device or browser type you use.
Also, if you’re on a corporate network, your network administrator will be able to monitor and see the websites you visit.
Private browsing vs VPN (Virtual Private Network)
To obfuscate your browsing habits, you’re going to need a virtual private network (VPN). VPNs encrypt all your internet traffic and channels it through an intermediate server which acts as relay between you and the websites you visit. When using a VPN, all your ISP can see is a stream of encrypted data being exchanged between you and your VPN provider, and it won’t be able to see any of the details, including the address of the websites you visit.
The exception in browsers is Opera, which has a built-in VPN service. Opera’s VPN will protect you from ISP snooping, but like all other VPN providers, its servers can monitor and log your activities if they choose to do so.
Another alternative is to use the Tor browser. Tor, which stands for The Onion Router, is a network of volunteer computers that encrypt and relay internet traffic. When you use the Tor browser, your ISP (or any other eavesdropper) won’t be able to see which websites you visit. Unlike VPNs, Tor’s relay nodes won’t be able to monitor your activity. But Tor does come with its own tradeoff, including a much slower internet experience.
Private browsing will not hide your search history
When you’re logged into your Google account, any search you do on Google’s website will be registered in your account’s search history by default (you can disable that, by the way). Browsers don’t transfer the accounts you’ve signed into when you open a private browsing window. This means that Google won’t register the search queries you type into a private window in your search history.
But if you sign into Gmail or YouTube in private browsing mode, Google will resume logging your searches. That means you aren’t so invisible in your account’s history.
On a side note, even if you haven’t logged into your account, Google will be able to link your private search queries to your account while you’re in private browsing mode. It has lots of footprints of your browsing habits: your IP and browser type, to name a couple.
In fact, this is true for all web applications that you use. As long as you’re using the same device and IP address, they can easily relate your private browsing activities to your account, even if you haven’t logged in.
If you’re really worried about hiding your search habits, you can use a VPN or the Tor browser and make sure you don’t log into your Google account while searching. Alternatively, you can try out DuckDuckGo, a privacy-friendly alternative to Google’s search engine. DuckDuckGo is not as powerful as Google, but at least it’s not interested in collecting and monetizing your data.
Editor’s note: This article is regularly updated for relevance.