[jlokier]

For me, the biggest surprise with Chrome Incognito mode was discovering that separate Incognito windows share cookies with each other.

I had been logging into accounts in an Incognito window, then opening a new Incognito window to visit other sites assuming they were new private sessions. One day I was surprised to find myself already logged in to someplace I visited, in a new Incognito window.

At that point, I discovered that much of my Incognito activity across the web for the previous few months was in fact tracked to my identifiable, logged in accounts. And that my multiple accounts (for work, other work, personal) were potentially being linked together, which I did not want.

For months I hadn't noticed because I tended not to open the same sites more than once. So I hadn't realised that cookie sharing was happening, which means cross-site tracking was happening.

Now I don't use Incognito windows any more. There's no point, they aren't what I expected.

Now I use Firefox Containers to segregate account logins and reduce unwanted profiling (e.g. with YouTube), and Temporary Containers when I want a new, ephemeral session.

Firefox Temporary Containers actually do what I'd mistakenly thought Incognito mode was for.

[ipaddr]

That's a feature I appreciate. Opening new tabs shouldn't break your session.

Firefox containers is a neat idea but creates a new session per container and wastes memory and open connections

[rastafang]

> That's a feature I appreciate.

do you work for google?

[ipaddr]

Imagine not having that and for each new window you have to relogin and on some sites it will log you out of the other session. This allows multiple tabs in private mode.

[rastafang]

my password manager makes the login process pretty fluid... but either way, incognito is not regular browsing... it is supposed to forget cookies and such tracking mechanism.

[ikiris]

Incognito was designed to prevent local eavesdropping, and was upfront about that being the feature. Why do you think it had anything to do with far side tracking at all?

[jlokier]

The issue I've described is about local eavesdropping, not only remote accounts.

It was a surprise to open an new Incognito window and find it had access to sessions active in a different window.

That defeats one of the expected use-cases of Incognito mode locally, which is when someone asks if they can borrow your computer to access their account. For example I've done this a few times in a library or hackerspace for someone I didn't know well. You open an Incognito window for them, and both you and they think it's safe for them to access their Facebook and Gmail or whatever, and then close the window. They think you can't browse their accounts after, and you think they can't browse your accounts if they stick to that window. Both turn out to be unexpectedly false - unless you know to kill all your existing Incognito windows first. Which you wouldn't do if you need to use them later, unless you know you have to close all the other windows first.

As for local vs remote tracking. Incognito documentation does not say local eavesdropping is the only feature. It talks about holding a separate session for "cookies and site data" and that those are deleted when the session is closed; and about restrictions on third-party cookies. From Chrome help:

> "Cookies and site data are remembered while you're browsing, but deleted when you exit Incognito mode. You can choose to block third-party cookies when you open a new incognito window."

Like anyone technically aware of how the web works, I don't expect this feature to prevent tracking in general, or to truly hide my identity. But I do expect a cookie session container, which Incognito mode does advertise, to allow me to login to separate accounts without ending up logged into an account unexpectedly.

The issue is not that tracking takes place. It's that the scope and duration of a session was surprising in a way I didn't expect from the UX, and it's not the most useful in situations such as the "make a window for a guest" situation described above. Getting this wrong also adds a security risk to those of us tasked with protecting other people's data via browser tools. I posted about it here because I think the behaviour will be a surprise to other people too; it should at least be more well known.

[ikiris]

Incognito was meant to protect sessions closed out. You're inventing a use case not sold and being upset that it doesn't work as if that is somehow their fault.

I would expect the opposite behavior as you describe.

[fulafel]

Chrome even supports TLS MITM[1] in incognito. It doesn't save history over sessions but that seems to be the entirety of features against local adversaries.

[1] https://support.google.com/chrome/a/answer/3504943?hl=en

[bmicraft]

Don't all browsers handle incognito/private browsing in this way? From my pov they cloud not really do it any other way as long as pulling out tabs into their own or other windows is allowed.

[slippy_lolo]

Nope, I think in Safari all tabs are completely independent from one another in incognito.

To be honest, it’s sometimes a bit of a pain (e.g. when you are using incognito to just have a different identity, like to be on a corporate/personal account.) I wish a browser offered the idea of opening windows/tabs with selectable incognito identities.

[jlokier]

> I wish a browser offered the idea of opening windows/tabs with selectable incognito identities.

That's exactly what the Firefox Containers feature is.

It's not that easy to use, and extensions that improve the UX or automate container selection are kind of messy. But it does work. It's excellent for when you need to use multiple accounts on a service.

[asiachick]

Agreed that is a pain. In fact if Google did it they'd likely be accused of making it less useful to purposely get people to not use it.