• PM_Your_Nudes_Please@lemmy.world
    link
    fedilink
    arrow-up
    5
    ·
    edit-2
    8 months ago

    You know all those “share on”… Twitter/Facebook/whatever links? When they load, from Facebook, it asks the referer URL, and checks the browser for any cookies that might associate that browsing to a person for ad customization. Incognito isolates that information, so while Facebook/X(Twitter)/whoever may know that someone went to that URL, they have no cookie data to link it to a person uniquely, so they have information that the site was visited, but no idea who visited the site since any session cookies I have for those services are in my non-incognito browser.

    I mean, this is a little outdated by today’s practices. Any ad tracker worth their salt will be using browser fingerprinting as well.

    Imagine this scenario: You have a user with a specific browser, with specific extensions installed, (which you can derive from the fact that your ads are getting blocked by a specific ad blocker, they have the “Do Not Track” flag enabled, you have a nice monitor with a large aspect ratio and you’re browsing in full screen so the site can see that aspect ratio, etc…) from a specific IP address. In normal browsing, this user has a tracking cookie so your “share on Facebook” buttons can see what sites they’re visiting.

    But now you’re seeing an identical browser, with identical extensions, on an identical IP address. But this time it doesn’t have your tracking cookie. Sure, there’s the chance that two people are using identical settings. But as your extension list grows and your browser becomes more unique, your fingerprint becomes more easily identifiable. So now, even without that tracking cookie, they’re able to use that fingerprint to infer that you’re the same person and link your incognito browsing back to your regular browsing.

    • MystikIncarnate
      link
      fedilink
      English
      arrow-up
      1
      ·
      8 months ago

      Except by default, extensions are not enabled in Incognito mode unless you specifically tell your browser to allow it.

      On top of that, if a browsers incognito has the same browser ID of the non-incognito version, that’s probably not good. I would expect a browser to randomize any unique information like that when launching a private window.

      So all you’ve got, as a savvy tracker, is the same aspect ratio, which, big deal, not like there’s a huge selection of monitor sizes, and the same IP address, which, again, big deal, since any one client IP can have an almost unlimited number of users behind it.

      You can presume it’s the same person, but bluntly, that’s a wild guess. It could be a visitor, or a different user logged into the same computer or another computer at the same location with the same (or at least a similar in resolution) screen. It’s honestly a crapshoot. Assuming that’s the person you know accesses your site from that IP is a bit of a stretch.

      Any tracking cookies created in an Incognito or private window are going to get shredded when the window is closed, as long as the browser is doing what it’s supposed to do.