WingNews logo WingNews
top | item 23554056

(no title)

pacala | 5 years ago

Does Google Chrome set DoNotTrack by default in incognito mode? If not, why not?

discuss

order

_-david-_|5 years ago

I am not a Google employee but Chrome does not send the dnt header in incognito mode. It only sends it when you have it turned on, in which case it will send it in both regular and incognito mode.

kevincox|5 years ago

I don't think it does. One possible explanation is that they don't want the "Edge Effect". If the header is set by everyone than people will just ignore it. Since Edge started setting it for everyone the header is basically useless already.

It would also provide an interesting way to identify incognito users which chrome has been trying to prevent websites from doing it. Of course it won't be perfect, but probably more than 99% of DNT headers would be incognito if they did this because I would bet that very few people enable it manually.

pacala|5 years ago

If everyone has a lock on their door, then people will just ignore it and break into the house anyways.

pmiller2|5 years ago

I'm not sure if they do, but one potential reason not to do it is that setting DNT literally gives the server 1 additional bit of information about your configuration. This could be used to track you more effectively.

pacala|5 years ago

1 extra bit is the last of my concerns, there's plenty of bits to uniquely fingerprint a browser anyways. I'd gladly trade one inconsequential bit, which requires malicious intent to misuse, to keep my privacy safe when dealing with honorable entities like, I presume, Google.

https://blog.mozilla.org/internetcitizen/2018/07/26/this-is-...

What goes into one's fingerprint:

1. navigator.userAgent, 2. navigator.language, 3. navigator.doNotTrack, 4. screen.width, 5. screen.height, 6. screen.colorDepth, 7. Intl.DateTimeFormat().resolvedOptions().timeZone, 8. navigator.platform, 9. navigator.hardwareConcurrency, 10. GPU vendor and renderer, 11. isTouch, 12. storage types, 13. font-list, 14. canvas-hash

fsaintjacques|5 years ago

Because it would be a trivial indicator that you're in incognito mode.

staticassertion|5 years ago

DNT is broken for the exact reason stated earlier, it adds one more signal to use to track users.

The lawsuit is ridiculous. Incognito mode is extremely clear about what it does and does not protect against.

The irony brought up is that for Google to respect incognito they would have to then break it even more.