Security
Headlines
HeadlinesLatestCVEs

Headline

Google’s “browse privately” is nothing more than a word play, lawyers say

Categories: News Categories: Privacy Tags: Google

Tags: Chrome

Tags: Incognito

Tags: private mode

Tags: fingerprinting

Tags: cookies

Tags: tracking

Private browsing is not what users expect it to be

(Read more…)

The post Google’s “browse privately” is nothing more than a word play, lawyers say appeared first on Malwarebytes Labs.

Malwarebytes
#web#google#perl#chrome

Google will have to appear in court after a judge denied their request for summary judgment in a lawsuit filed by users alleging the company illegally invaded the privacy of millions of people.

Lawsuits against big tech over privacy issues are not much of a surprise these days, unfortunate as that may be. What makes this case stand out is that Google allegedly misled Chrome users by implying that they could browse privately by using the Incognito mode.

The judge in the suit said that Google appears to confuse users by portraying Incognito mode as a distinct offering without clearly articulated privacy terms for the service.

But despite the implied promise of privacy, Google’s cookies, analytics, and tools in apps allegedly continued to track internet browsing activity even after users activated Incognito mode.

Incognito is an option which is often used in troubleshooting browser issues, since it disables extensions and caching. Two factors that are often at play when websites do not get displayed properly.

This mode is also useful in that it essentially starts up a fresh identity for you to browse the web with, then wipes it all as soon as you close the window. This is nice if you are using a computer that isn’t your own and you want to limit your footprint.

The option to start an incognito window can be found under the hamburger icon (3 vertical dots).

At the time of writing Chrome displays this information when you start an Incognito window.

Incognito Splash Sereen

Note: the “Block third-party cookies” section was not present years ago.

Google’s motion hinges on the idea that plaintiffs consented to Google collecting their data while they were browsing in private mode. The court ruled otherwise, because Google never explicitly told users that it does so.

Whenever a user visits a website that is running Google Analytics, Ad Manager, or some similar Google service, Google’ software directs the user’s browser to send a separate communication to Google. This happens even when users are touring the web in private browsing mode, unbeknownst to website developers or the users themselves.

The lawsuit was filed in 2020, and the plaintiffs are seeking a $5,000 in damages per user, which could end up amassing $5 billion.

Let the record show that all major web browsers include a private browsing mode that does not store browsing history, cookies, or temporary files across browsing sessions. Unfortunately, users have misconceptions about what this mode does—misconceptions that are encouraged by the wording these very same browsers use when describing their own features.

A 2018 study based on user surveys among 460 participants showed that participants use private mode to hide browsing activity, prevent the saving of log-in information, and avoid cookies. A very common and big misconception, that 56.3% of participants believed, was that even though a user was logged into a Google account, their search queries would not be saved while in private mode.

One of the conclusions of the study was that of the thirteen browser disclosures about private mode that were tested, only the current and old versions of Chrome’s desktop disclosure led to significantly more correct answers. Meaning that other browsers were doing an even worse job. The term “private” is heavily overloaded and the name “private mode” implies unintended meanings. The disclosures fail at the task of correcting misconceptions users derive from the name “private mode.”

It’s important to realize that a browser can be fingerprinted even in private mode and that many online tracking systems use techniques that are much more advanced than the use of cookies.

Malwarebytes EDR and MDR removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.

TRY NOW

Malwarebytes: Latest News

Explained: the Microsoft connected experiences controversy