'Incognito Mode' Isn't Really Private. Try Browser Compartmentalization

tedlistens writes: One of the most common techniques people think can help hide their activity is the use of an "incognito" mode in a browser," writes Michael Grothaus at Fast Company. But "despite what most people assume, incognito modes are primarily built to block traces of your online activity being left on your computer -- not the web. Just because you are using incognito mode, that doesn't mean your ISP and sites like Google, Facebook, and Amazon can't track your activity."

However, there's still a way to brew your own, safer "incognito mode." It's called browser compartmentalization. Grothaus writes: "The technique sees users using two or even three browsers on the same computer. However, instead of switching between browsers at random, users of browser compartmentalization dedicate one browser to one type of internet activity, and another browser to another type of internet activity.
Specifically, the article recommends one browser for sites you need to log into, and another for random web surfing and any web searches. "By splitting up your web activity between two browsers, you'll obtain the utmost privacy and anonymity possible without sacrificing convenience or the ease of use of the websites you need to log in to." It recommends choosing a privacy-focused browser like Brave, Firefox, Apple's Safari, or Microsoft's Edge. "As for Chrome: It's made by Google, whose sole aim is to know everything you do online, so it's probably best to stay away from Chrome if you value your privacy."

The article is part of a series titled "The Privacy Divide," which explores "misconceptions, disparities, and paradoxes that have developed around our privacy and its broader impacts on society."

Use Tor

[Anonymous Coward]

duh.

Re: Use Tor

[Carewolf]

Doesn't help if you keep using the same time. The sites can identify your browser

Re:

[Carewolf]

And all your settings. They can identify your specific instance and track you that way. That is what we call fingerprinting.

I work from home sometimes

[rsilvergun]

and if I go to YouTube for a training video I see recommendations from my home PC in the sidebar. So I don't think this'll really work. They track by more than just browser and IP nowadays. There's an entire field of "browser fingerprinting" that aims to figure out who you are whether you like it or not. Short of a VPN I don't know what would work.

Re:

[Calydor]

Yeah, you're still connecting from the same IP when you're working from home. Do that just once and they'll be linked.

What's impressive is that if I'm at a coffee shop

[rsilvergun]

they still know it's me. Again, browser finger printing.

Re:I work from home sometimes

[gurps_npc]

The entire idea of this is using two or more browsers. For example, one browser for your snake fetish porn, and another for your plans to rob a bank. Browser fingerprinting can never connect two different browsers. The only real thing you need to worry about is IP address, which, depending on your ISP, you can change.

Note this won't stop your ISP from knowing what your computer is doing, but it may make them think it is two different people sharing a computer, common among families.

The main issue is it takes immense discipline. Get lazy once and use the wrong browser merely because it happens to be open and you are done for.

Re:

[easyTree]

You should totally out yourself and not feel shame, my basket-weaving buddy :-)

Re:

[DontBeAMoran]

He hasn't told you what he's using the baskets for.
I mean, underwater basketweaving? I bet mermaids are involved. Or tiny rocks. Either way, he's right to keep that private.

IP address, credit card. Login on time. Work vs pe

[raymorris]

IP address I one big indicator, sure. Also if you use the same credit card, if you ever once log in an Profile A account using the Profile B browser, and some other rather technical factors.

That said, I'd definitely suggest at least a work browser and a personal browser, ans never shall they meet. It does a reasonably good job of keeping things separate. On my desk I have my work computer and my separate personal computer. In the rare case I use the work computer to log in to a personal account, I use a di

Re:

[chuckugly]

Why not just RDP into the personal computer for personal stuff? I doubt a VPN/RDP session would attach any tracking info.

Re:

[raymorris]

> Why not just RDP into the personal computer for personal stuff?

Windows? ROTFL

But seriously, I'm a career security professional. I banned Windows from my network 18 years ago. Granted, Windows security has improved since then. It's now nearly as good 1998 Linux in some ways, still more than 20 years behind in others. Windows does have DAC now, which is an improvement. Linux upgraded to MAC fifteen years ago.

VNC would work, but it's inconvenient for quickly checking something. Back around 1998 I thought

Propagtion was broken, so it was pretend

[raymorris]

Even in the $350 NT Professional, permissions propagation was broken, so an admin could label a file so it looked like the user didn't have access, but the user could give themselves access. "The user doesn't have access unless they give themselves access" is pretend security.

Re:

[dhasenan]

Some browser fingerprinting is specific to the computer you're using instead of the browser and computer. For instance, the set of installed fonts will be the same no matter what browser you use. If you run your browser windows full-screen, Javascript will detect your screen size the same no matter what browser you use.

They'll use other means

[rsilvergun]

For one thing they can and will pay attention to how your mouse moves. Same with typing patterns. It's easy to track with JavaScript and it's been shown positively Id individuals when done right. Ad networks will share information too, so any general browsing will get you tracked.

There's more to it than that, and it quickly gets more complicated than an average programmer can follow, but they don't have to. You can buy off the shelf software to do the fingerprinting for you. Your bank uses this to try a

Re:

[thepigwanker]

"I saw the best minds of my generation writing spam filters." -Neil Stephenson

Re:

[kenwd0elq]

"Note this won't stop your ISP from knowing what your computer is doing, but it may make them think it is two different people sharing a computer, common among families."

Or, two computers connected to the same NATted router, because your ISP's IP address is assigned to your router, not to any of the devices connected to your router.

"Get lazy once and use the wrong browser merely because it happens to be open and you are done for."

Save only your bookmarks for that one "persona" on that one browser, and and t

Re:

[Mousit]

The advantage of having a SOCKS5 proxy somewhere, if you can swing it. Point the browser at it without needing a full VPN, and you can have multiple ones at the same time that way. I've been doing this for years, a combination of browser compartmentalization and SOCKS5's as needed. Spin up a bottom-end Linode, or the option now of the even cheaper bottom-end AWS Lightsail instance, SSH to it with a dynamic port forward since OpenSSH acts as a SOCKS5 proxy (with DNS usable through it too) by default when

Re: I work from home sometimes

[guruevi]

Not just browser fingerprinting. We can track you simply based on your interests in combination with some geographical indicators.

You can game the system too but you have to start from scratch with a very clean browser environment eg Pandora and YouTube currently think I'm looking to purchase a house in my area because I started an Internet activity profile while on a trip in another state and then occasionally that "profile" has gone online, lately more frequent, in various places (restaurants, stores etc)

Re:

[fahrbot-bot]

Probably depends on the the type of transmission, like foreign or domestic -- Ford, Honda ... -- manual, automatic or CVT ...

Re:

[account_deleted]

Comment removed based on user account deletion

Honestly, if anyone didn't know that...

[MindPrison]

...it's time to revoke their internet access.

Incognito mode perfectly explains that it only hides the history of activity etc, locally and that your employer or isp will still see your activity etc.

If the user want's to go "REAL" incognito, then an secondhand, unmarked laptop - connected anonymously to an random hotspot, using tails (tor browser on an USB stick or CD), is the way to go.

Or, alternatively - just that solution via your home network, but...your ISP will know you're using TOR (which they can use for exactly bubkis), I don't trust VPN's so I won't recommend that, so if you're truly paranoid - use the laptop suggestion I suggested above.

But no anonymity in the world will protect you from yourself. So don't search for things you normally search for when you normally surf the web, don't use family members names or acquaintances, not even gamer names or similar - nothing you're known for being interested in, because all of this can relate to you, and if the tor-exit point and entry point happens to be the same provider and owner, well - it's still encrypted, but there's a fairly large chance, you're not as anonymous as you may dream of being. So stay safe!

THINK before you surf.

Re: Incognito mode is far more insidious and dange

[nullchar]

If you already have these great privacy extensions, why are you using the "broken" incognito mode?

If you want the "wipe everything when I'm done with a session", simply use two FF profiles, one that persists select cookies and history and such (while blocking most), and another session with the same settings, except you set it to purge all sorted content on quit.

Also, I'm surprised no one has mentioned the latest FF (65?) anti-fingerprinting setting, which alters various header values such as time, time zon

Re:

[ilsaloving]

While you aren't wrong, I have to wonder at what point all these measures constitute an undue burden on people. If you need to invest in a burner laptop just to you can have a modicum of control of your own privacy, there is a serious issue here. At what point is enough enough?

Comparing this to, say, rape, you could say it's the women's fault because they shouldn't have worn sexy clothes. They should have carried a stungun, or one of those crazy electrified jackets. Victims should take whatever measures the

Re:

[anarcobra]

> what can we do to take the fight to Facebook, Google, et al?
Stop using their services.

That's not enough.

[drinkypoo]

If you really want to be safe, you're going to need separate computers.

If you want a reasonable expectation of safety, you're going to need to run each browser in its own virtual machine. There are exploits to escape browser sandboxing all the time. There are fewer exploits to escape virtual machines, but those exist too. Still, the odds that someone will combine the two in a timely fashion (you are doing updates, right?) are small.

If you're trusting browser compartmentalization to keep you safe, you're too trusting.

Firefox Containers

[Anonymous Coward]

It's why they exist.

Always necessary

[Sigma 7]

At least one of the browsers I use seems to like bleeding information into incognito mode, and since there's behavior differences elsewhere, makes multiple browser use necessary. The bleeding is as simple as logging into one site as ZacharyA, and having that username appear for another side where you sign in as LisaR.

On a more practical level, it's necessary since some browsers behave differently in some circumstances, whether it's getting rid of flash (and not reimplementing it safely and securely), handl

Compartmentalization doesn't work either

[JoeyRox]

Because they can use your IP address to associate all your internet activity, irrespective of how you partition your activity between browsers.

Right...?

[jargonburn]

If anyone ever bother to read the short summary [imgur.com] of this mode provided by either Firefox or Chrome, they would know this. It isn't a secret. And to anyone with some understanding of the nature of the internet, this would always have been obvious.

It does work if you quit between uses too

[SuperKendall]

Incognito mode will share data across other incognito mode instances - in memory.

But if you simply quit the browser and re-launch, all of that is wiped (the whole point of incognito mode).

So you don't need several different browsers, just a main browser and an incognito browser you quit between tasks. I use Safari as my primary browser, then chrome for banking sites and other places, quitting between each use.

Re:

[phantomfive]

But if you simply quit the browser and re-launch, all of that is wiped (the whole point of incognito mode).

In Firefox all you have to do is close all incognito windows, no need to quit the whole browser.

Hmm, guess Chrome does also...

[SuperKendall]

In Firefox all you have to do is close all incognito windows, no need to quit the whole browser.

Good to know, I just tried the same thing in Chrome and it appears to work the someway, as soon as the last incognito window is closed the next one opened will not have access to anything from before.

That does make things even easier, thanks!

Wait...what?

[grasshoppa]

How does compartmentalization help prevent your ISP from tracking where you go? That was one of the reasons given for this wondrous "new" idea.

Now that I'm thinking about it; now does compartmentalization help with keep sites from tracking you any better than incongnito mode? Would seem to me that merely using different browsers ( or indeed, different profiles in the same browser ) would leak *more* data, not less, to online trackers, as you now have history to share.

Premise of the article is flawed.

Irony?

[easyTree]

When clicking to RTFA (\o/), I was faced with a pop-over detailing the hundreds of partners the site wanted to share my browsing data with.

For those outside the EU, it's required by the new GDPR laws.

Question for those outside the EU, do you see these intrusive, experience-destroying pop-over too?

Sounds kinda like Qubes

[stevegee58]

I've experimented with Qubes off and on for a few years so I'm not sure if it's ready for prime time yet. But the concept described in the OP is what Qubes does. Browsers are sandboxed in their on Xen-based VMs (Xen is great. Bare metal virtualization, unlike VirtualBox) and you dedicate VMs to activities based on activity and safety.

Multiple configurations.

[devslash0]

I've been using compartmentalisation for a long time (5 years?). In a nutshell, I keep 4 different Chrome profiles which I later pass to respective launchers using command line params. 1. Sensitive browsing - All cookies blocked by default. Allowed extensions: NoScript. Password managers disabled. Used for banking and government websites. 2. Trusted browsing - All cookies blocked by default. Extensions: AdblockPlus and Ghostery. 3rd party password manager enabled. Used for casual browsing on trusted websites which require logging in. 3. World Wild Web browsing - Cookies enabled by default except for 3rd party. Extensions: AdblockPlus, Ghostery. Password managers disabled. Used for all other browsing: random searches, uncharted web territories, news etc. Saved data expires after closing the browser. 4. Fap Browsing - Just an ordinary Chrome profile with ABP and Ghostery but inside a stateless virtual machine which gets wiped (:wink:) out after use. All three profiles are supported by: 1. host-based ad/malware/shock/annoyance blocking (https://someonewhocares.org/hosts/) 2. Disabled built-in password manager. 3. Disabled form auto-completion, payment methods, addresses. 4. Disabled synchronisation, prediction service and navigation errors resolving. 5. DuckDuckGo search. 6. Disabled a zillion of optional extensions.

Security snake oil

[Sarten-X]

This certainly sounds like security snake oil... Of course, Slashdotters usually love that stuff, so I'm not surprised to see it here.

Your ISP will still see everything coming from your connection, and as far as they're concerned, it's all attached to the account owner. Especially for residential connections, they really don't care who's doing what. If one person in the house fits a certain profile, it's a good match others in the household will fit similar profiles, at least as well as advertising is concerned. Others in this discussion have suggested using isolated computers. That doesn't hide anything from ISPs, either.

Both browser-swapping and computer-swapping open the door to another issue, as one commenter mentioned [slashdot.org]: any data stored locally is data that can be leaked. This highlights the damage caused by articles like this. By suggesting a half-baked solution to a security threat, other vulnerabilities are overlooked, often resulting in a net loss to overall security. Along similar lines, suggestions to use Tor or VPNs usually neglect to cover the wide range of opsec practices that must be followed perfectly to actually gain any privacy from those services.

If you really want to have privacy while using technology, it is absolutely necessary that you follow four steps:

First, you must analyze your threat model. If you're worried about your government spying on your communications, that requires a very different approach than if you're concerned about advertising tracking or common hackers. Online threats require different countermeasures than disgruntled or untrustworthy coworkers. Those are all different from common petty crime threats (for example, the theft of a cellphone), which can also cause significant hardship.

Next, identify your countermeasures. Maybe a VPN is appropriate for you. Maybe you need a different browser, or maybe just keeping your computer updated is enough. Maybe you need an encrypted microwave link to a remote terminal in a foreign country. These decisions must be based on your threat model, not on the advice of random schmucks on the internet. Their threats are not your threats, and their assumptions are not your assumptions.

The most-overlooked phase is an important one: Research your solutions and their shortcomings. For example, before you dive headfirst into a VPN, you must understand what traffic often isn't sent through the VPN's tunnel. Every solution is designed to solve one particular problem, and you will likely need several solutions doing entirely different jobs to fully protect yourself. You must fully understand the ways that information can leak around your protection, and depending on your threat model, you may need to go back to the previous phase and add new countermeasures. All this must happen before you start relying on any solution for privacy, or you've likely failed from the start.

Finally, you must use your solutions perfectly. If you've decided, for instance, that you will use a VPN to access Slashdot, then you must always use that VPN to access Slashdot, and must never use it for any other site, and never access Slashdot without that VPN. If you do, that other site (or Slashdot) could trivially link your VPN and non-VPN identities, negating the use of the VPN in the first place. It's not easy, and definitely not convenient, but it's necessary to have protection against the threats you identified.

You will fail.

It is accepted and expected that all security measures will eventually fail. You'll forget to enable a VPN, or leave your phone unlocked, or click a link without checking where it actually goes. These things happen. It is important, though, that you understand exactly what those actions mean for your security posture, and what you have to do to remain safe. You might not care, and just consider it an inconvenience that an advertis

Incognito Mode - Multiple Browsers

[shel10]

Using multiple browsers when surfing the web won't keep your browsing private. Google, Facebook, Amazon, etc. track your activity by I.P. & Device MAC address. Your browser uses this to identify who you are. Ever notice that Amazon does not ask you to log in?

Don't understand people

[thegarbz]

People in general don't give a shit about being tracked by Google or their ISPs. Incognito mode is being used for exactly the purpose people want it for, keep their parents out of their porn collection.

Very few people are afraid of the "faceless" surveillance. It's the people they know that they are trying to avoid.

Re:

[thegarbz]

You idiot. Cable ISP's share your browsing traffic for 6 months w/ the NSA to make cumulative dossier's and apply alerts via filters for pre-crime.

I'm not sure how pointing out that people don't care about this make *me* the idiot. Try following the conversation rather than ranting senselessly.

multi-accts, no JS, openbsd, DNSSEC, cookies off

[lcall]

The balance I have chosen, with a goal of preventing local compromise more than of not being tracked (some of both I guess), consists of:

1- a separate user account for each type of browsing (other activities are also separated: banking from general browsing, apps depending on how much I trust them to have been audited). In Debian (or Devuan) GNU/Linux, I could do this by having multiple Ctrl-Alt-Fn instances with X in each one (using startx), each under a different user account and infrequently moving inf

MS Edge? Safari?

[fbobraga]

[...] It recommends choosing a privacy-focused browser like Brave, Firefox, Apple's Safari, or Microsoft's Edge. [...]

Really?

Pretty sure "most" people don't make this mistake

[kriston]

I'm pretty sure "most" people don't make this mistake.

Every time you turn it on a warning appears.