| HN Mirror

Y	Hacker News new \| ask \| show \| jobs


	by robteix 1942 days ago
	> It doesn't seem like the complaint is that Chrome collects data on you in "Incognito" mode, rather that websites (e.g. Google Analytics) still collect on you in "Incognito" mode. Isn't that a distinction without a difference though? It's not Chrome, it's Google Analytics. It's all Google in the end, isn't it?

6 comments

TheRealPomax 1942 days ago

Not in court, no. In court that is a huge difference, because Google is a company, Chrome is a product, and Google Analytics is a technology, and those are completely different things.

A good lawyer could quite successfully argue that all three being "Google" is not sufficient for the public to reasonably expect that "private browsing" means Google will still be monitoring you. And while Google would argue that its EULA no doubt contains a clause along those lines, the deception is still there, and can still be litigated (even if the verdict ends up being "this is deceptive and you must change this aspect of your product" without this particular thing, among many many others, requiring punitive measures)

GavinMcG 1942 days ago

This assertion without an argument is not especially helpful. What legal distinction must hold the line here, in your view? Why is it insufficient to suggest that a user in a Google Chrome Incognito window might reasonably expect Google to be on notice that they do not consent to Google tracking?

Edit: the parent has since been edited. It had said only "Not in court, no. In court that is a huge difference."

hojjat12000 1942 days ago

Because "incognito mode" is not about tracking! It is about saving information on your local machine. If you are in incognito mode and log into Gmail, you will see your own email! You are not incognito to Gmail. It used to be called "porn mode". I think that's a better name for incognito. It is there to stop others who use your computer to spy on you. Ofcourse you can use incognito (assuming you don't log into anything) and be reasonably anonymous (there are many other things that can track you even in incognito). I think it just need a rebranding. I vote "porn mode".

dfox 1942 days ago

“Porn mode” is bad name for the thing because for the typical porn use case the user actually wants the persistent persistent browser state (eg. so that pornhub’s “Recommended for you” shows relevant content) and only wants it to be disconnected from their non-porn online activity.

hojjat12000 1942 days ago

You can still log into the porn website and watch your recommended videos. But after you close that window, no history of that ever happening is stored on your local machine. No urls, history, or cookies.

blacksmith_tb 1941 days ago

I suspect "no-history-mode" would be an easier sell. It would certainly explain a little better what's going on, but clearly lots of folks wouldn't still understand that the 'history' is only on their end. "I wanted no history of what I was doing anywhere!" Use Firefox+uBlock, or Tor, or...

sixothree 1942 days ago

My problem here is google's attempt to correlate incognito users to their non-incognito history.

The intent of the user is clear.

charcircuit 1941 days ago

>My problem here is google's attempt to correlate incognito users to their non-incognito history.

To a web server incognito mode isn't a thing. It's a client only thing. You don't know if a user is using incognito mode, or if they just cleared their cookies / cache. There's no way to know the user's intent.

nitrogen 1941 days ago

And this is by design (even though it's actually detectable -- try watching Netflix or Amazon, or any similar DRMed content, in incognito mode), because telling the server "hey, I'm in incognito mode" is antithetical to the goal of seeming to blend in.

But I still see a problem with Google's control of both sides of the connection, and with fingerprinting in general.

grahamburger 1942 days ago

In your view should Google not allow people to log in to Gmail while in incognito mode? How can someone remain untracked by Google while in incognito mode but also interact with personalized Google services, like email?

GavinMcG 1941 days ago

By logging into one's account. Surely you see the distinction between deliberately availing oneself of a service and bring tracked on entirely separate websites without being informed, much less consenting.

pyrale 1942 days ago

> Because "incognito mode" is not about tracking! It is about saving information on your local machine.

Expecting laypeople to understand that distinction is probably a bit optimistic.

xiphias2 1942 days ago

Porn mode is also about companies and governments finding out information that they can use to blackmail you.

evrydayhustling 1942 days ago

The legal argument is not about Google's tracking in the abstract, but about whether is is misleading users in how they describe Incognito mode. As of today, the Incognito mode screen says loudly that that Chrome won't record your activity, not that Google won't record your activity, so I think it's a hard argument that users were deliberately misled.

kube-system 1942 days ago

It is placing the onus on a layperson to understand the technicalities of how third-party advertising trackers work.

What is interesting is that they do explain this more clearly in some of their help articles -- but the leave out some of those details in description embedded in chrome. It takes 4 clicks to get to this from the "learn more" link -- it's pretty buried.

> Your activity, like your location, might still be visible to: * Websites you visit, including the ads and resources used on those sites * Search engines

https://support.google.com/chrome/answer/7440301

Yet, the first click from "learn more" has even more confusing language:

https://support.google.com/chrome/answer/9845881

> Chrome doesn’t tell websites, including Google, when you're browsing privately in Incognito mode.

It seems that you really have to dig to get to the parts that tell you clearly that Google is one of the "websites that track you" that they're talking about.

kllrnohj 1942 days ago

> It is placing the onus on a layperson to understand the technicalities of how third-party advertising trackers work.

No they aren't. It's spelled out entirely when you just open incognito mode. It specifically says "Chrome won't save the following information" and also specifically says "Your activity might still be visible to websites you visit"

You don't have to dig into any help articles or have deep technical knowledge of how Google Analytics works. Open up incognito and it's all right there right in front of you.

kube-system 1942 days ago

A layperson would understand the phase "website you visit" to be the name at the top of the page. Google leaves out the fact that the vast majority of those websites you visit also include their trackers... and they do not even suggest this as a possibility unless you dig into their help articles. The initial page doesn't mention that the list of those who can track you is incomplete and is conveniently missing themselves.

d1zzy 1941 days ago

> It is placing the onus on a layperson to understand the technicalities of how third-party advertising trackers work.

Let's remove computers from laypersons because they can't understand simple English. /s

Seems to me that the end result of such a lawsuit, if it moves forward, is that Chrome will drop the feature. It's not like it has any legal requirement to provide a feature like Incognito and if the courts decide that it can be easily misunderstood (and if it costs Google actual money because of that decision) then why spend engineering time providing such a feature.

ClumsyPilot 1942 days ago

I think it's obvious that they were mislead. If you allow this form of defence, then I can, on one hand, sell you a privacy product, and on the other, have my subsidiary, which knows exactly how to get around it, spy on you and sell your data. Both entities are controlled by the same holding company, their 'separateness' is legal fiction.

Its basically like insider trading. You are playing both sides.

But suppose I were to take your argument - are the entities actually separate? Is Chrome development not funded by revenue from google ads? They would not pass any kind of test for 'independance'

matheusmoreira 1942 days ago

> all three being "Google" is not sufficient for the public to reasonably expect that "private browsing" means Google will still be monitoring you

The reasonable expectation to have is that nobody is monitoring you in the first place. This is doubly true when using private browsing features. Anyone violating this assumption is obviously guilty: the first group did not explicitly consent and the second group explicitly did not consent.

Negitivefrags 1942 days ago

It's not just in the EULA. It's in plain english right there when you go into Incognito mode.

"Chrome will not save the following information"

"Your activity might still be visible to websites you visit"

pfortuny 1942 days ago

But Nike Air is a product and Nike is a Company. What are you trying to convey????

Takata is a company. They produced defective airbags...

GeneralMayhem 1942 days ago

No. Chrome is doing exactly what it says it is. It's different data, used for different purposes, by different entities. That's a huge legal difference, and also a significant practical one.

GavinMcG 1942 days ago

Or it's by the different parts of the same entity. Why are you confident that Google's internal choices about organizing their business are what win the day here, rather than Google's interface with the consumer?

loveistheanswer 1942 days ago

No. Chrome is owned by Google. Claiming otherwise is like punching someone in the face with your right hand, and then telling the judge your right hand is a separate entity.

ttt0 1942 days ago

Is it? What about X-Client-Data header?

solidsnack9000 1942 days ago

It's all stuff from Google but in the hands of different people.

Google Analytics is installed by the owner of the website; it makes a promise to them: it collects everything it can.

If Google Analytics actually ignored data from Chrome in Incognito mode, it raises some questions:

* How does it detect that, exactly?

* Is there an unfair competition aspect to it? What about other browsers, not from Google?

unilynx 1942 days ago

> If Google Analytics actually ignored data from Chrome in Incognito mode, it raises some questions: How does it detect that, exactly?

The most honest implementation would be to set the DNT header in incognito mode (as Firefox apparently does) and to have Analytics honor it. Does not require anything shady/anticompetitive

captn3m0 1941 days ago

This. Would be amazing to have a ruling enforcing DNT on GA, even if for Incognito since that gives backing to the DNT header, which has mostly been "don't honor" for advertisers.

d1zzy 1941 days ago

As long as I can disable it (because DNT provides a pretty strong identification signal right now).

fiddlerwoaroof 1942 days ago

Yeah, making incognito mode detectable would be a huge privacy issue: it would enable blocking users based on incognito and all sorts of other bad issues.

If incognito mode is undetectable, there’s no way for Google Analytics to distinguish between “cross-device” traffic from an incognito window vs. from a phone and a laptop. Whether or not cross-decide tracking is good or bad, it’s irrelevant to this question.

postalrat 1941 days ago

How is blocking incognito a bad thing? Right there it should tell the user they need to avoid that site at any price.

I'm pretty sure incognito is detectable right now. I'm always going to assume it is.

bee_rider 1942 days ago

That second point is really interesting. It seems sketchy on both ends, really. Either they are intentionally circumventing their own privacy feature, or they are giving their own browser an unfair competitive advantage.

Huh, maybe the level of integration here is just inherently problematic and companies shouldn't try to fulfill every role in the market.

josefx 1941 days ago

> How does it detect that, exactly?

Detect that chrome didn't send the x-client-data id it sends to every google owned domain. Oh, wait, it probably still does that in incognito mode.

vinger 1942 days ago

What other browser hold 70/80% of the market?

root_axis 1942 days ago

The difference seems pretty meaningful. Google analytics really has nothing to do with Chrome in this context, the same thing would be true in any browser visiting a site with Google analytics tracking.

kevin_thibedeau 1942 days ago

Chrome is designed to give Google control of the information it collects. That is the only reason it exists. It has everything to do with GA. They're not burning millions on developers out of goodwill.

root_axis 1941 days ago

> Chrome is designed to give Google control of the information it collects

Sure, but chrome does not do this in incognito mode, same as any other private mode browser, there's nothing specific about chrome that allows GA to collect your analytics in incognito mode, GA can do so in any browser.

d1zzy 1941 days ago

Says who? Not according to the public discussions at the time it was started.

fchu 1942 days ago

Not quite. Having a blanket "Google doesn't track you" statement doesn't capture the complexity of reality: what if the website you're browsing is using Firebase for their authentication, or Google Pay for payment. I'm certain most users would want the website to function correctly, otherwise it defeats the point of using incognito. In all of these cases, Google will have a record of you, even if those records are not actively joined. Where do you draw the line?

ttt0 1942 days ago

Maybe it's the perfect time to seriously consider whether Google should be split up. They control everything. From a nameserver, through a web browser, to online services and advertisement.