What everyone’s getting wrong about Google’s Chrome incognito saga

If you’ve spent much time wading around this warbly ol’ web of ours lately, you might be feeling a teensy sense of unease over your internet browsing history.

The reason, in case you’ve been living under a metaphorical boulder for the past several days, is the revelation of a new legal settlement related to Google’s Chrome browser and its incognito browsing mode.

Or, to more accurately reflect the most common drive-by misinterpretation of the news: “Google is, like, totally spying on you, bro! Everything you do in incognito mode is being logged to your account and sneakily used for advertising, and all your deepest, darkest web browsing secrets have probably been sold to other privacy-prying companies already.”

It may sound outlandish to the level-headed among us, but the existence of this distortion is no exaggeration. I’ve lost count of the number of news articles, blogs, and social media mentions that convey these exact conclusions — sometimes even whilst including the very facts that contradict them and suggest (gasp!) a far more nuanced and less shocking reality. (Imagine that!)

So before you sever all connections, blow your browser to smithereens, and take shelter in the nearest metaphorical bunker, allow me to provide a teensy bit of desperately needed perspective.

[Get level-headed knowledge in your inbox every Friday with my free Android Intelligence newsletter. Tips, insights, and other tasty treats await!]

The Google Chrome incognito lowdown

First things first, let’s take a sec to catch up on the Chrome incognito quandary and what exactly has transpired.

Last week, a legal filing let us in on the fact that Google had settled a lawsuit claiming the company had been misleading users about the nature of Chrome’s incognito mode and causing them to believe their incognito browsing was entirely “private” and invisible to everyone.

As part of that settlement, Google agreed to delete “billions” of data records related to incognito browsing and to bring a beefier disclosure into Chrome’s incognito splash screen that explains how incognito browsing actually works. It also agreed to block third-party cookies by default for Chrome users when incognito mode is activated — a change it’ll maintain for the next five years, at a minimum. And it agreed to stop using internal systems that were able to detect when a user was browsing incognito and make note of that selection.

That’s the gist. Now, from that, people — even prominent news websites! — are concluding that Google was collecting all sorts of details around incognito web activity, associating it with users’ broader Google advertising profiles, and then somehow even selling it or otherwise sharing it directly with other companies.

Sensational of a story as that may make, none of it appears to be accurate. And, based on all the available info out there, most of the panic around this saga seems to be a case of premature conclusion-jumping along with a healthy pinch of misunderstanding around how the web actually works.

Incognito, unraveled

In reality, y’see, a browser’s incognito mode is all about making sure your activity isn’t logged into the browser itself or any associated profiles. That means when you go incognito, any sites you visit aren’t stored in your local browser history or the history associated with your Google account. And that, in fact, is how incognito mode on Chrome (as well as most other browsers) has always been positioned.

An official statement from a Google spokesperson explicitly confirms this. The broadly cited statement — one I’ve seen mentioned right alongside contradictory conclusions in more than a few respected media outlets — notes that the “technical data” collected from Chrome incognito browsing “was never associated with an individual and was never used for any form of personalization.” That somehow widely glossed over fact is critically important to the actuality of this scenario.

As for the “selling your secrets to the highest bidder” bit, that’s a common misconception around Google and privacy that stretches back decades. And as has always been the case, there’s precisely zero truth to it.

For a quick refresher —  to quote a certain reality-obsessed writer I know:

Google’s always been very clear about the fact that it doesn’t go down that road. It uses customer data only internally, as part of an automated system, to programmatically pick ads it thinks are likely to be relevant and interesting to you based on the sorts of stuff you’ve looked at over time. It does that instead of just serving up random ads that have nothing to do with what you care about, as such non-targeted ads would likely be (a) far less interesting and potentially useful for you and (b) far less effective in terms of their performance.

That, of course, gets at the heart of how Google makes most of its money. And that is how the company’s able to offer us exceptional services like Gmail, Docs, and Photos — not to mention Google Search itself — without charging us to use all of those entities (at least in their core, non-enterprise-oriented forms).

And if that doesn’t assure you enough about the hype vs. reality of this situation, there’s plenty more data-driven info to chew over. (Mmm….data.)

Google’s Chrome incognito settlement, up close and personal

I dug in deeper to the thickly worded legal documents around this settlement to make sure I wasn’t missing anything, and while the heavy legalese is about as fun to digest as a mayonnaise-slathered Linux manual, the actual messaging within it is as clear as can be.

And here’s exactly what it tells us: 

Data collected while users were in Chrome’s incognito mode did have some manner of “unique identifier” along with a designation that indicated it was seen in incognito mode.

And Google employees agreed that the incognito mode disclosure could be confusing to users and should be improved (which, notably, it already has).

But nothing in the settlement document so much as suggests any data was ever associated with any specific user profiles or Google accounts in any way — or that it was ever used for any manner of ad targeting.

And absolutely nothing suggests any manner of user data at Google’s disposal was ever shared with anyone externally or sold on any level.

Now, the data associated with Chrome incognito activity could be associated with a user — in theory — if someone were to gain access to every shred of information about you and then meticulously line up all the variables to piece a puzzle together. But there’s no indication that anyone ever did that or that Google itself ever so much as attempted to use any of this data as part of ad targeting. And, again, there’s nothing to suggest that any of this data was ever shared outside of Google or used in any nefarious way.

More than anything, it seems like the practical concerns around this mostly come down to a misunderstanding of how the web works.

When you’re browsing the web in Chrome’s incognito mode, that doesn’t mean the various tracking mechanisms on sites around the web are magically eliminated based on your browser setting. So, yes, it is technically possible that your activity could be tracked on some level while you’re in that mode, as any activity could ultimately still be traced back to your IP address — even if you aren’t actively logged into or associated with your standard Google profile at that moment.

The same is true in any browser. That’s why people who really want to protect their privacy and keep activity from being traced back to them rely on a virtual private network, or VPN, to mask their actual IP address as well as more advanced script-blocking mechanisms in addition to simply signing out of their browser’s own local-collection state. And even then, of course, law enforcement or other motivated parties can conceivably still piece things together and trace activity back to its source, if they’re really so inspired.

None of this is a closely kept secret. You can always view your entire Google ad profile anytime to see exactly what the company (thinks it) knows about you — what its algorithms have determined you’re interested in, in other words, based on all the online activity it’s associated with your user profile — and then take control of that to remove inaccurate or unwanted info and customize exactly what types of ads you’re shown.

But, as you’ll see, whatever material you might’ve been viewing incognito won’t be in that list. (And not to worry. I won’t ask for specifics.)

Online privacy is a complicated, nuanced, and very relative subject in our modern-tech era. As usual, though, a little logic, perspective, and level-headed assessment can go a really long way.

Want even more Googley knowledge? Check out my free Android Intelligence newsletter to get next-level tips and insight delivered directly to your inbox.

Browsers, Chrome, Data Privacy, Google, Privacy, Vendors and Providers