[balls187]

My understanding is that Google is tracking you across your browser sessions, even when you switch to incognito.

That’s problematic because Google (and others with such broad internet scope) tracks you regardless of whether you are interacting with Google services or not.

[fromMars]

I don't believe this is true. In incognito mode you don't have the same gaia or dblck cookie ids. Your traffic is logged in icognito mode by Google but as a different user under a different identifier.

Now certain websites could use tracking methodologies based on ip address and device signatures to identify you as the same user and set a cookie identifying you as the same user for purposes like remarketing, but Google itself doesn't join this data from their own logs.

This announcement is just clarifying that Google does log data in icognito mode as do other websites. It doesn't say that Google joins your icognito session data with your non-icognito session data.

[joshspankit]

> don't have the same gaia or dblck cookie ids

Google is incentivized to do “privacy theatre” and make sure your incognito session doesn’t show up as related to you even if the back-end systems have a clear association.

I don’t know the facts of Google’s systems either way, but I do know that absence of a visible join is not conclusive evidence that there is none.

[fromMars]

I do know facts about there internal system. Internally, strict separation is taken very seriously and the logs are keyed by cookies with separate access and physical logs for different cookie spaces and no joining is done based on ip addresses and device signatures in these logs.

It would take a determined and malicious employee to subvert these controls and possibly require multiple employees to get by code reviews to do such.

That said, I can appreciate the skepticism an outsider might have about such claims.

But, I also disagree that Google is incentivized to do "privacy theater" as you call it. For one, many already assume the worst of Google and also such theater could open them up to major lawsuits.

One could make the case that a company like Apple has invested a lot more effort in "privacy theater".

[raneocolg]

Their probabilistic systems appear to use the ip address for anonymous targeting. For example, when you watch YouTube videos using normal browsing mode on one device, it is quite obvious that they influence the Google Ads on other devices in the same household.

That doesn't mean cookies or logs are joined, and the targeting is always anonymous, so it is less precise than when using the cookie ids.

[jauntywundrkind]

Fear Uncertainty and Doubt springs eternal. People are desperate to believe in inherent badness and abuse.

[jart]

Here are the facts https://support.google.com/chrome/answer/7440301 Yes they still record your activity under some faceless uuid when you browse incognito. No they don't tie it with your gmail unless you login to gmail. Yes, it doesn't matter, since lawyers and government can access everything Google has, and put the pieces together. Policy will likely change in the future to make your full history of both gmail and anonymous browsing activity freely available to the public too.

[bemusedthrow75]

> Policy will likely change in the future to make your full history of both gmail and anonymous browsing activity freely available to the public too.

Eh? There is no chance of this. What leads you to this conclusion?

[jart]

Of course it's going to happen. Read The New Digital Age by Eric Schmidt. He talks a lot about how all the information Google records about you is permanent, can never be deleted, and any generation of lawmakers can decide to do whatever they want with it. Upcoming generations are going to want as much data as possible to train AIs, especially as the GPUs needed to do that become more affordable. You know how historians are always talking about what famous dead people wrote in their diaries and personal letters? Don't think for a moment that future generations won't do this to you.

[mynameisvlad]

That is quite the slippery slope you paint there. There would need to be several steps before we even come close to getting there.

Is it possible? Sure. A lot of things are possible. Is it inevitable? Far from it.

[bemusedthrow75]

If people in a hundred years want to read all my emails, I can assure them in advance that I won't raise any contemporaneous objections.

But that isn't quite the narrow framing you used.

[rudasn]

Yup. Absence of evidence is not evidence of absence.

[justsomehnguy]

Lol?

Google receives a ton of requests from IP 30.40.50.60 with cookies associated with fromMars@gmail.com.

Suddenly, there are a bunch of requests from:

- the same IP

- the same browser

- the same resolution

- the same OS

- the same WebSocket IP

- the same DNS servers used for resolving

- the same Adobe Fla^W^W well, not that, but I wouldn't be surprised what if you have still have it for whatever reason - it would be noted too

the same fingerprinting bits used by the most pervasive tracking company in the world

The most pervasive Internet tracking company in world: hmm, that's totes not fromMars@gmail.com!

[Kiro]

Your understanding is wrong. This is just an updated disclaimer that clarifies how it has always worked. Website owners have always had tricks to track you across sessions but Google is not granting itself any special privileges making this easier.

[gruez]

> My understanding is that Google is tracking you across your browser sessions, even when you switch to incognito.

Source? Also, can you clarify what exactly is mean by "tracking"? I would expect them to "track" me via anonymous cookies, but wouldn't expect them to tie my browsing history to my chrome login.

[spacecadet]

Yeah just watch your network traffic, browser open, no tabs open on google, amazon, facebook, no search bars set to google... tons of traffic to all 3.

[fromMars]

Also, different icognito sessions will be logged as different users since all the cookies are deleted when you close all your incognito browsers.

So the TLDR, is that yes data is being logged for an incognito session by Google, but that data isn't tied together by Google across icognito sessions or icognito and non-icognito sessions.