Private web surfing is a coveted goal for many users these days. Some want to avoid online surveillance, while others seek to circumvent various restrictions imposed by website owners.
Popular browsers are equipped with features to help with privacy – Google Chrome’s incognito mode makes a good example. In a nutshell, this feature disables internet cache, cookies, and browsing history to anonymize web traffic.
Does this feature really live up to its reassuring name, though? There are caveats that may prevent your finger-printable online data from being properly hidden. Although browser developers appear to be refining their privacy practices, these efforts might not be enough.
Let’s take a look at the issues with these features and other threats to user privacy.
A recent breakthrough in browser privacy
On July 30, Google released Chrome 76 with enhanced incognito mode. As per this Google post, now the browser may enable you to bypass some paywalls that prevent you from reading more than a few articles per month before requiring you to register or subscribe.
For example, the New York Times allows you to read ten articles per month for free, while Wired lets you read four. Metered paywalls such as these account for 33 percent of all online media paywalls.
Using the older Chrome version 75, users in incognito mode were not welcome to view articles on the New York Times website at all:
In Chrome 76, bypassing the paywall has been simplified to the limit: just right-click on the link and select “Open link in incognito window.” The article counter doesn’t work in incognito mode due to the lack of cookies.
While the New York Times and other media sites used to recognize incognito mode, this “weakness” in the browser has been addressed in the latest version.
In incognito mode, Chrome disables the FileSystem API to prevent cookies or other identifying files from being written to disk. Sites can check the availability of the FileSystem API, and if it is absent, make a conclusion that the browser is using incognito mode and display an error message or alert, as shown above.
Google developers say that in Chrome 76, the FileSystem API has been adjusted to prevent such information leakage.
Now they are working on eliminating the rest of the incognito “recognition” methods. However, there are numerous such methods, and it’s likely impossible to eliminate all of them. In addition, the fundamental problem will not go away. The incognito mode in the browser simply doesn’t provide much privacy.
Data leakage through extensions
A report was recently published about the DataSpii system which tracked millions of internet users in near real-time. Dubbed “God mode for the internet,” the service was positioned as “analytical” and provides customers with paid access.
For $49 per month, the service allowed you to track the actions of employees or users of a particular company or website, for example, Apple, Facebook, Microsoft, Amazon, Tesla Motors, or Symantec. Today, actually, after the media hype, they are not taking new clients and issue refunds to all old clients
Surveillance for users was carried out through third-party browser extensions. About a dozen Chrome and Firefox extensions participated in the data collection. After notification of malicious activity, these extensions were removed from official directories, but the security hole in browsers remains. Third-party extensions still have access to users’ private information, which they can send to a remote server.
The problem is that you cannot trust a single extension. Any of them can change their functionality during an upgrade. Google promises to correct the situation with the release of the new extensions standard – Manifest V3. But experts at the Electronic Frontier Foundation explain in detail why Manifest V3 will not solve the privacy problem.
Google Chrome allows you to use extensions in “private” mode, although this function is disabled by default.
Extensions are not the only problem. There are many ways to track user activity even in incognito mode. The user’s IP address is still visible, so Internet Service Providers (ISPs), government intelligence agencies, wifi access point owners, and hackers can see which sites the user visits, what files are downloaded, and more.
Finally, the browser itself can transmit information to its developers, such as page addresses and contents. This is especially true for Google’s Chrome browser because the company is directly interested in collecting such data.
Achieving true privacy
Really, all incognito mode does is hide which pages you’ve visited and perhaps bypass some paywalls.
To ensure better privacy and anonymity, some web users opt for tools that are more reliable than a browser’s incognito mode. In some cases, a Virtual Private Network (VPN) is enough, while in others, you may need to install Tor and obfuscate traffic.
The main benefit of using a VPN service is that the internet connection is encrypted and data travels via a secure tamper-proof “tunnel.” Not only does this mechanism prevent third parties from snooping on the traffic, but it also hides one’s real IP address. Furthermore, modern VPN tools have a minimum impact on connection speed, which makes them more efficient than the above-mentioned Tor solution in terms of usability.
If you want to combine Tor and VPN it will be at the expense of speed so choose a provider that scores highly in third party speed tests such as ExpressVPN as reviewed by Comparitech.
There’s also the TAILS operating system that works with the appropriate software, including the Tor browser, to offer a high level of privacy. The name of the system – TAILS is short for “The Amnesic Incognito Live System” – stems from the fact that it completely “forgets” all previous user activity.
There are absolutely no traces of user activity left on the computer, unless you specifically create a special encrypted section where you save information. As per Wired.com, Edward Snowden used this operating system at one time (and perhaps still uses it).