Google Secretly Stealing User Data From Incognito Sessions

User safety and privacy have really been tested lately, with concerns across industries as Google’s Incognito Mode scandal is coming back to light. This is a feature where users felt they could browse the internet with some privacy- but that wasn’t the case.


What Happened With Incognito Mode?


Google has been found collecting data from users in Incognito Mode, a feature designed for private browsing. Despite expectations of privacy, it had come up that Google was taking personal information without user consent.

This revelation led to a lawsuit, with claims that Google engaged in “illegal surveillance” by tracking over 136 million US users.


What’s The Fallout?


A US District Judge approved a settlement that requires Google to delete billions of data records related to this case. While Google has not been ordered to pay damages anymore, the lawsuit’s resolution mandates major changes to how Google handles data in Incognito Mode. According to the consumers’ lawyers, this is to make sure that “Google will collect less data from users’ private browsing sessions.”

Google must now revise its disclosures about data collection during private browsing.

Incognito users will have the option to block third-party cookies for five years.

Google’s spokesperson, Jose Castaneda, had commented, “We never associate data with users when they use Incognito mode.” Users remain concerned, nonetheless.

What Does This Mean For You?


This landmark case is a testament to the importance of understanding the privacy features of the digital tools we use daily. Here are a few things to take from this:

Be Informed: Always read the privacy policies and understand the extent of data collection, even in “private” modes.

Exercise Your Rights: Users have options to opt out of data collection practices. Get yourself familiar with these and exercise your rights to protect your privacy.

Stay Updated: Technology and privacy policies evolve. Keep yourself informed about changes to ensure your data remains protected.


David Boies, representing the consumers, described the settlement as “a historic step in demanding transparency and accountability from dominant technology firms.”


The Adjusted Warning Note On Incognito Tabs


In January, after the search engine company was given a $5 million (£3.9 million) settlement, many users noticed that the note you find as you open an incognito tab, had changed.

It went from “Now you can browse privately, and other people who use this device won’t see your activity. However, downloads, bookmarks and reading list items will be saved. Learn more” to “Others who use this device won’t see your activity, so you can browse more privately. This won’t change how data is collected by websites you visit and the services they use, including Google. Downloads, bookmarks and reading list items will be saved. Learn more.”

So, in short, Google will not see the following today:

  • Browsing history
  • Cookies and website data
  • Form entries


The settlement payout seems to have been revoked, and Google is required, as we have seen in the recent news, to delete all the data instead.


How Else Is Google Ensuring Safer Browsing?


A few weeks ago, Google announced on their blog that they will be taking measures for safer browsing as a whole by enhancing the capabilities of Safe Browsing and introducing new password protections on Chrome.

These updates aim to fortify defenses against rapidly evolving cybersecurity threats, ensuring users are alerted to potential dangers in real-time and have strong, secure passwords.


What Measures Are Being Introduced?


Real-Time Protection with Safe Browsing: Google’s Safe Browsing feature, which already shields over 5 billion devices, will now offer real-time URL checks against a server-side list of known malicious sites. This update aims to block 25% more phishing attempts by catching dangerous sites that often only exist for a brief period.

Enhanced Password Protections: On iOS, Password Checkup will not only highlight compromised passwords but also identify weak and reused ones, encouraging users to maintain strong, unique passwords for each account.


How Does It Work?


Privacy-Preserving URL Protection: The real-time checks are conducted in a manner that ensures complete privacy, using encryption and other techniques to prevent anyone, including Google, from knowing which sites the user visits.

Smooth Browsing Experience: Despite these enhanced security measures requiring more processing power, Google has bettered the experience to make sure that browsing remains fast and efficient.

User Warnings: If a site poses a risk, Chrome will display a warning, providing users with information about the potential threat and advising caution.


Jonathan Li, a Product Manager for Safe Browsing, spoke on the importance of staying ahead of hackers, stating, “Cybersecurity attacks are constantly evolving, and sometimes the difference between successfully detecting a threat or not is a matter of minutes.”

You can find the 2020 lawsuit here