Become a fan of Slashdot on Facebook


Forgot your password?

Chrome Private Mode Not Quite Private 234

wiplash writes "Google Chrome appears to store at least some information related to, and including, the sites that you have visited when browsing in Incognito mode. Lewis Thompson outlines a set of steps you can follow to confirm whether you are affected. He has apparently reported this to Google, but no response has yet been received."
This discussion has been archived. No new comments can be posted.

Chrome Private Mode Not Quite Private

Comments Filter:
  • Addicted. (Score:5, Insightful)

    by Anonymous Coward on Tuesday May 18, 2010 @12:24PM (#32254196)

    Google is addicted to your information, and will do whatever they can to get more.

    They cannot help themselves.


    • and thus this is in no way surprising

    • Re: (Score:3, Interesting)

      Basically, Google is the insatiable voyeur, we are all the neighbourhood children, and Chrome is the delicious sweety used to entice us into giving the smiling man what he really wants.

      • So Google is Herbert []?
      • Re: (Score:3, Insightful)

        by Jugalator ( 259273 )

        WTF. This is obviously a browser bug. What on Earth does Google have to gain by letting the browser recall your zoom setting on the client-side? Stop trolling, please!

        Google hasn't replied, but I assume that's because the stupid article author didn't even file a bug against this. I'm a complete nobody in Chrome development, but even I has done this in 2 minutes, an equivalent time period of composing a well formulated e-mail and sending it to Google.

    • Google is addicted to your information.

      Just a few more kilobytes man, just a few more and I'm done!

    • How is this addiction any different from, let's say, the phone company?

      • At least the phone company didn't listen in on your every call.

        • But how do you know that? And how do you know Google IS doing that?

        • Re: (Score:3, Interesting)

          by JWSmythe ( 446288 )

          Are you sure about that? Your voice communications are going over the wire unencrypted. Well, at least until it hits a digital circuit, but even that's not "safe", it's just obfuscated from sticking a speaker on the line.

          They could be listening to some or all. And there's been enough information about the gov't doing it. You shouldn't believe that there are up to two listeners on any phone call. (Lowered to one when you're talking to the wife. She never listens to you, and

    • Google is addicted to your information, and will do whatever they can to get more.

      They cannot help themselves.

      No way, man, they can quit any time they want to - they've done it a hundred times!

    • And why do people continue to act surprised by it? The little seed of an idea which eventually grew to become Google was PageRank -- a DATA MINING ALGORITHM.

      Oh my God, a company founded on data mining wants data to mine! I'm shocked!

    • Re:Addicted. (Score:4, Informative)

      by LordLimecat ( 1103839 ) on Tuesday May 18, 2010 @08:52PM (#32259800)
      So, maybe Im just being an apologist here...
      But while I did verify this, and can see some disk writes in ProcMon to a tmp file (which seems to be deleted on close), is it asking too much to have a little more info before running off and declaring it to be some additional nefarious way to collect info? Any packet sniffing, or even seeing if it can be replicated in chromium or Iron? Any effort to see ANYTHING AT ALL of whats going on, or whether that data is stored anywhere except the "magnify websites to this level" database?

      I mean come on, I know Google is the new "cool to hate" company, but a 1 paragraph blog entry with NO technical details whatsoever makes REALLY poor outrage material.
  • If only we could observe something, without effecting it. Oh well.....
  • Cool (Score:2, Funny)

    My girlfriend is using Facebook in Incognito mode...
  • Didn't work for me (Score:5, Informative)

    by TimHunter ( 174406 ) on Tuesday May 18, 2010 @12:34PM (#32254324)

    using on Win7.

  • by Anonymous Coward

    Try running a strings against places.sqlite in Firefox as well after all the personal history has been cleared - I sometimes see URLs left in there.

    • by Looce ( 1062620 ) *

      I think that the clearing of private data in Firefox is a bit counter-productive, because deleting from SQLite databases merely marks the rows' storage space as being reclaimable within the file.

      I once cleared private data for a day when my places.sqlite was around 70 MiB, then checked the file size and saw that it hadn't even changed by one byte. It wouldn't surprise me if the URLs were still in there -- all of them, intact, until you visit other pages to make Firefox overwrite the reclaimable pages in pla

      • Firefox would have to shred(1) or zero out the file.

        And then there's journals.

        Still, truncating the file makes recovery much more difficult, and makes it so that any process can reclaim it, not just Firefox. Fortunately, it's not that difficult to do it yourself -- just run VACUUM in sqlite.

  • by yincrash ( 854885 ) on Tuesday May 18, 2010 @12:35PM (#32254342)
    tried it in 5.0.375.38 beta. my hypothesis is that he had other incognito windows open as well (probably with porn in them) that kept the incognito session going while he was open and closing the window.

    all incognito windows share the same session

    • Re: (Score:3, Informative)

      I just reproduced it in the exact same beta on Ubuntu. Steps are:

      1. Open new Incognito window
      2. Visit brand-new website
      3. Change zoom level dramatically
      4. Close Incognito window (all of them)
      5. Visit website in a non-Incognito window

      And people, please. What happened to "never ascribe to malice"? Chromium is an open-source project -- if you have to, fix it yourself, I have little doubt that patch would make it into the official Google Chrome.

  • by emag ( 4640 ) < minus bsd> on Tuesday May 18, 2010 @12:35PM (#32254344) Homepage

    So, since the example in TFA didn't restart Chrome between incognito windows, I decided to see what happened when I followed the steps with "4.5 Exit chrome completely, then restart", and can confirm that even when Chrome fully exits and is restarted, it remembers the zoom level used in a URL only ever visited in an incognito window.

    • by emag ( 4640 )

      I should mention this is with google-chrome-unstable 6.0.401.1-r47050 on Linux. YMMV.

    • Re: (Score:3, Interesting)

      'course, it *could* be storing a hash (salted or not) of the domain name and not the domain name itself. The test suggested in TFA is pretty poor, and doesn't prove anything about whether the actual domain name is kept.
  • A Google App that collects information, even if you ask it not to? Say it isn't so!
  • by droopus ( 33472 ) * on Tuesday May 18, 2010 @12:47PM (#32254528)

    Exactly as reported.

    I'm using 5.0.375.29 beta on an Air running 10.6.3 over wifi.

    Went to [] (the #1 resource for cheese!) and the zoom held.

    Additionally, when I opened a new tab in non-incognito mode, the zoom STILL held, so there is definitely some communication between regular and incognito windows.

    I'm devastated that my secret cheese browsing is now public.

    • Re: (Score:2, Funny)

      by theVP ( 835556 ) *
      Great, you now took down the #1 resource for cheese with the Slashdot effect. Good going.
      • by droopus ( 33472 ) *

        Bwah, so we eat Cracker Barrel for a week. This is about our pr0n privacy!

        Excellent comeback, my compliments.

  • The bug (Score:5, Informative)

    by trazan ( 667537 ) on Tuesday May 18, 2010 @12:58PM (#32254650)
    Here's the bug in question, filed about 2 weeks ago: []
    Seems like someone looked at it, prioritized and classified it (eg pri-2, internals-cookies).
    What's the big deal? It's just a bug that needs to get fixed, not a huge conspiracy by Google.
  • Um no (Score:4, Insightful)

    by coolsnowmen ( 695297 ) on Tuesday May 18, 2010 @01:01PM (#32254698)

    There are many ways to finger print something that are not reversible. For instance, this is just page viewing preference data about a site you visited. What if it takes a hash of the url and uses that to store settings like current zoom and scroll location. There is almost no way this violates the idea of 'incognito' mode.

    • Re:Um no (Score:5, Funny)

      by Rockoon ( 1252108 ) on Tuesday May 18, 2010 @01:09PM (#32254800)
      You are kidding, right?

      So I jump on your computer and browse to and find that the zoom level isnt the default value...

      Do I conclude that (A) you don't like red-hot-midget-porn?, or (B) you do like red-hot-midget-porn?

      Well in any case, I'm pretty sure that everyone likes red-hot-midget-porn, so maybe this is a bad example.
      • Re: (Score:3, Funny)

        by elmodog ( 1064698 )

        Do I conclude that (A) you don't like red-hot-midget-porn?, or (B) you do like red-hot-midget-porn?

        It depends on whether it's zoomed in or out.

  • by TerrenceCoggins ( 1601371 ) on Tuesday May 18, 2010 @01:06PM (#32254766)
    TFA only mentions zoom levels as being stored -- not any other info from users' porn-mode browsing session, just zoom levels. Chrome recently began saving users' zoom levels (if I'm not mistaken) so that pretty much explains that (while conveniently also accounting for why users of earlier versions may not experiencing this phenomenon as well.) We're all waiting for google to slip up monumentally (or "pull a facebook," if you will,) but unfortunately we'll have to wait another day.
    • Re: (Score:3, Interesting)

      by Monty845 ( 739787 )

      From the google bug tracker: "we (the UI design team) made the choice to purposefully remember incognito zoom levels."

      Sounds like the intentionally gutted the security of the incognito mode for the zoom levels... Its one thing if its an oversight, but to do it intentionally reveals a total disregard for the privacy someone using incognito expects.

    • by McDutchie ( 151611 ) on Tuesday May 18, 2010 @02:35PM (#32255972) Homepage
      You're missing the point. If Chrome records zoom levels for particular sites, each such record is proof by implication that you visited the site. The Incognito mode is supposed to prevent recording of what sites you visit.
    • by jonnythan ( 79727 ) on Tuesday May 18, 2010 @02:36PM (#32255978)

      If it remembers zoom levels for particular websites, it must remember the websites themselves. That also means someone can potentially obtain a list of URLs you visited in incognito mode.

      That defeats the entire point of incognito mode. It's not supposed to remember anything.

  • Google is a marketing/sales/advertising company. They can only be trusted to a certain point. Their motives are not those of a generous and altruistic organization. Their motives are consistent with those of the type of business they are. It is as simple as that.

  • by Tumbleweed ( 3706 ) on Tuesday May 18, 2010 @01:21PM (#32255018)

    Be aware of the version you're using. Chrome v4 *may* not save the zoom level, so it wouldn't show it anyway. I'm on the dev channel, and thus am using the newly-released v6, and it's definitely reproducible.

  • by rcamans ( 252182 ) on Tuesday May 18, 2010 @01:30PM (#32255154)

    Submitted by rcamans on Friday October 23 2009, @01:21PM
    rcamans writes "Visit a bunch of sites in Chrome incognito, and then look at your history in IE 7. Oh My God! A few of the sites you did not want in history are in IE history? How did they get there? A nasty in Windows XP OS. Oh, man...
    These sites do not show in Opera history, Safari history, Chrome history, or FIrefox history. So maybe it has to do with IE integration into the Windows OS. Do not trust Chrome incognito until this bug is fixed. If it can be fixed.

    Also, IE7 search history shows Chrome incognito search items. Oops

  • I have the Chrome 5.0.375.38 beta from Ubuntu 10.04. Browsing Incognito appears to still change a number of files on disk, though I haven't investigated what is changed or stored. Finding the zoom problem is straightforward, though:

    Per-site zoom levels are stored in a Preferences file (.config/google-chrome/Default/Preferences for me) in a "per_host_zoom_levels" section. It appears that the key is the domain name and the value is the zoom level. These seem to be saved when Chrome exits and, at least in my v

  • Simple explanation (Score:4, Interesting)

    by jeti ( 105266 ) on Tuesday May 18, 2010 @01:35PM (#32255228) Homepage

    Chrome is very likely to hold the DOM of visited pages in the cache so that f.e. hitting the back button will quickly render the previous page. That does not necessarily mean that the information gets persisted on the hard drive or is available to other pages. On the other hand it's not unlikely that the information sometimes gets paged out to the hard drive and persists until it gets overwritten.

  • I've noticed that previously visited sites still flash up as suggestions immediately after purging the history. These seems to go away after a page refresh. There's probably some caching going on that isn't deleted correctly.

Always leave room to add an explanation if it doesn't work out.