This article originally appeared on VICE Germany.
With its darkened theme and old-timey spy logo, your browser’s incognito or private mode gives users the impression that they’re browsing securely. In reality, your online activity is still visible to website operators, internet providers and other data collectors – something that browsers such as Chrome, Safari and Firefox do actually disclose when you open up an incognito window.
But according to a 2018 study by the Leibniz University of Hannover and the University of Chicago, many users overestimate the privacy protections offered in private mode. Even after they were shown disclaimers, 40 percent of participants thought their location couldn’t be identified while browsing incognito, and about 22 percent believed both the government and their internet providers couldn’t track their behaviour.
These are all misconceptions, since private mode basically just deletes your browser history and cookies after you close the window.
Your browser history consists of the websites you’ve visited and the text you’ve typed into web forms (for example, when you log in to a website using an email address), while cookies are small files stored in your computer or browser, containing information about your online habits. You can easily delete both your history and cookies in regular browsing mode.
Screenshot of the incognito mode in Google Chrome. Screenshot: Google. Laptop: Pixabay | Sara_Torda. Background: AdobeStock | gaihong.
What private mode won’t do is prevent trackers from identifying individual users. In fact, your internet provider can still collect data, such as your IP address, while you browse incognito. Your IP address can then be matched with so-called “browser fingerprints”, which is information your computer makes available to websites so they can be displayed correctly, accounting for screen resolution, operating system, location and language. These browser settings might seem generic, but combined they are actually pretty unique.
The EU’s General Data Protection Regulation (GDPR) isn’t specific about how long your provider can keep personal information like traffic data. It only says it can be saved for as long as is strictly necessary, before being anonymised or discarded. It also says the companies storing your data must be able to justify how long they keep it, allowing government agencies like the police to request and obtain it.
Fortunately, there are ways to protect yourself online. One option is Tor, a free browser that forwards each request through at least three randomly-selected servers. Tor’s multilayered encryption makes it effective at hiding your location and preventing your traffic from being tracked. But even Tor is not 100 percent safe, so if you’re a privacy enthusiast, you can combine it with a paid VPN.
The most secure option is to download the Tails portable operating system (OS). Developed with financial backing from Tor, this open-source OS can be installed for free on a regular USB. Tails completely circumvents your hard drive, so it can be plugged in and out whenever necessary. When it’s plugged in, all your internet connections are redirected through the Tor network, plus the computer’s RAM is wiped after each shutdown, leaving no trace. When it’s not plugged in, you can use your regular operating system, like Windows or MacOS.
This level of protection is pretty advanced, though, so just go for Tor for worry-free Google searches. And remember: using incognito mode is the equivalent of a spy wearing a fake moustache and glasses as a disguise.