Reply #6 dooper's post
In reply to dooper: Google's policy changes are not really related to private/incognito mode nor is it related directly to the tracking capabilities that already exist on the web (that's right you are being tracked even before Google made this announcement)...
Incognito/Private browsing (by default) only eliminates browser data on your *own* computer after you're done browsing. Many ad companies (amongst which include Google) have been tracking our online movement for a long while now and going incognito/private mode does not generally prevent them from tracking browsing habits. As you mentioned:
"Going incognito doesn't affect the behaviour of other people, servers, or software. Be wary of:
- Websites that collect or share information about you".
So why doesn't private/incognito mode offer you protection from existing tracking?
- Most browsers implement private/incognito mode such that it allows cookies temporarily (default configuration) and removes them only when the browser is closed. This means you can still be tracked by this cookie till you close the browser;
- If you change the settings so that cookies are be blocked completely by your browser (and note some websites won't work properly if you do this, which is why many browsers default to accepting cookies and deleting them when you close your browser), then servers still have the capability to track you via IP address combined with the the HTTP header (see below).
- Some variables in the HTTP header are sent by default by most browsers whenever requesting a webpage that give away info. You'll be amazed at what your browser may send. For example, HTTP_referer tells the web server where the browser was previous to the URL it is requesting now.
Have you ever wondered how a website automatically fills in the postal address with the country or knows to redirect your browser to Google.com vs Google.de vs Google.com.au? It's usually done by IP address and as a backup it might possibly look at the header variables the browser offers up to the web server. You're currently relying on these companies to honour their word of only collecting aggregate/non-identifiable data (i.e. not store your IP address against the browsing habit data they collected), so as TheButler mentioned - if someone put the two together we're all pretty screwed.
I can think of only this combination to completely block tracking:
- Never browse with your own IP address. Since most people want to do this from the comfort of their our own home, they must setup the browser so that all traffic goes through a good anonymous proxy that removes or falsifies header information (e.g. headers like HTTP_VIA, HTTP_X_FORWARDED_FOR, HTTP_FORWARDED, REMOTE_HOST should never have your IP address). Note that using a proxy in general will be slower since there is a now "middle man" (and free anonymous proxies tend to be very slow probably because they get abused). So just be aware it may take your browsing experience back an era  .
- Completely block cookies in your browser (and accept the consequence that some websites will stop working properly).
- You may need to block JavaScript (pretty powerful these days) and other features/addons in your browser (e.g. not sure if Flash uses the browser's proxy or goes direct - if it did the latter it will reveal your IP), because these too may be able to return trackable information and be used to circumvent the proxy you set up.
- Don't be logged into something like your Gmail or Youtube account when browsing (because that's linked to everything else Google offers - it's becoming one single Google account).
As you can see, it's quite a lot of effort to prevent tracking. What Google is doing by making changes to their privacy policy is firming up their abilities to continue tracking people. However, instead of tracking people for each Google application separately, they will now pool all this info against your single Google account. Combined with Google+, they will be able to track you very specifically for what you like/dislike and whatever else they care to get from your browsing habits across their applications (including searches, Youtubes, etc). At first people were worried about Facebook data mining user data, but I predict Google is going to be way worse 
Other info:
- A newish feature has started to be implemented in newer browsers called "Do Not Track", but this relies on an honour system (i.e. the web server receives a "Do not track" flag in the HTTP request header from the browser and it's up to the web server to honour it). Unfortunately, this doesn't guarantee tracking is prevented completely as there are no laws at present to enforce the "Do Not Track" flag be honoured. Most browsers are jumping on board with this.
- Google's Chrome was one of the first browsers to encourage users to allow Google to track their "non-identifiable"/"aggregated" browsing habits through Chrome. And amongst the only new browsers to not support the "Do Not Track" feature. You can supposedly get plugins for Chrome that will perform the "Do not track" functionality.
Further reading/Sources:
- http://donottrackplus.com/learn/pbrowsing.php
- http://donottrackplus.com/learn/wit.php
- http://en.wikipedia.org/wiki/HTTP_referer
- http://en.wikipedia.org/wiki/Google_Chrome#User_tracking
- http://en.wikipedia.org/wiki/Do_not_track_header
- http://en.wikipedia.org/wiki/Proxy_server#Accessing_services_anonymously | |
.