That’s pretty much all I use it for. To keep my porn browsing off of my history.
Not to hide it from anyone, I don’t live with my mother anymore and I don’t think my SO would care. More so that when I google something, I don’t get porn auto complete entries in my everyday browsing.
I’m fully aware that my traffic is able to be monitored by my ISP (at least to the extent that there’s a connection that exists. HTTPS is still not capable of being easily decrypted), and my DNS is resolving the address for the porn sites, and that Google (or whatever search engine) is logging that the search happened… Or that the sites see my connection, from my IP, and know what I watched.
My only objective is that they can’t link that to my normal browsing or accounts.
You know all those “share on”… Twitter/Facebook/whatever links? When they load, from Facebook, it asks the referer URL, and checks the browser for any cookies that might associate that browsing to a person for ad customization. Incognito isolates that information, so while Facebook/X(Twitter)/whoever may know that someone went to that URL, they have no cookie data to link it to a person uniquely, so they have information that the site was visited, but no idea who visited the site since any session cookies I have for those services are in my non-incognito browser.
You know all those “share on”… Twitter/Facebook/whatever links? When they load, from Facebook, it asks the referer URL, and checks the browser for any cookies that might associate that browsing to a person for ad customization. Incognito isolates that information, so while Facebook/X(Twitter)/whoever may know that someone went to that URL, they have no cookie data to link it to a person uniquely, so they have information that the site was visited, but no idea who visited the site since any session cookies I have for those services are in my non-incognito browser.
I mean, this is a little outdated by today’s practices. Any ad tracker worth their salt will be using browser fingerprinting as well.
Imagine this scenario: You have a user with a specific browser, with specific extensions installed, (which you can derive from the fact that your ads are getting blocked by a specific ad blocker, they have the “Do Not Track” flag enabled, you have a nice monitor with a large aspect ratio and you’re browsing in full screen so the site can see that aspect ratio, etc…) from a specific IP address. In normal browsing, this user has a tracking cookie so your “share on Facebook” buttons can see what sites they’re visiting.
But now you’re seeing an identical browser, with identical extensions, on an identical IP address. But this time it doesn’t have your tracking cookie. Sure, there’s the chance that two people are using identical settings. But as your extension list grows and your browser becomes more unique, your fingerprint becomes more easily identifiable. So now, even without that tracking cookie, they’re able to use that fingerprint to infer that you’re the same person and link your incognito browsing back to your regular browsing.
Except by default, extensions are not enabled in Incognito mode unless you specifically tell your browser to allow it.
On top of that, if a browsers incognito has the same browser ID of the non-incognito version, that’s probably not good. I would expect a browser to randomize any unique information like that when launching a private window.
So all you’ve got, as a savvy tracker, is the same aspect ratio, which, big deal, not like there’s a huge selection of monitor sizes, and the same IP address, which, again, big deal, since any one client IP can have an almost unlimited number of users behind it.
You can presume it’s the same person, but bluntly, that’s a wild guess. It could be a visitor, or a different user logged into the same computer or another computer at the same location with the same (or at least a similar in resolution) screen. It’s honestly a crapshoot. Assuming that’s the person you know accesses your site from that IP is a bit of a stretch.
Any tracking cookies created in an Incognito or private window are going to get shredded when the window is closed, as long as the browser is doing what it’s supposed to do.
I use it to browse products and content that I dont want in my ad profiles. Like, sometimes I’d like to take a look at what my resident right wing nut case posted, but without having the ad brokers think that I need an AR15 and a Trump bible.
They can see the entire URL, not just the domain. They just can't see the contents themselves. But they can still see "dudesfuckingfurniture.com/gettingfreakywithadresser.mpeg"
Are you sure? The file path after the domain would not be necessary for an ISP to see, only the domain. I’m not sure how all that works, but it’s definitely not a technical requirement thay they can see the complete URL.
They’d also theoretically see the size of the URL, and the size of the page, along with the transport type. So they can infer a lot of information from the exchange, but they couldn’t say for sure what you were viewing on a specific website.
And hopefully in the future they won’t even he able to see the domain. I wonder why they never considered giving out certificates for IPs to solve this problem. Seemed like the easiest solution to me.
There was a demo for a technology put out recently that circumvents this. I don’t remember the exact mechanisms, but it obscured DNS such that your ISP couldn’t see the DNS record you requested, and then used a proxy to route traffic before it hit the final endpoint eliminating exposing the IP to your ISP. It worked very similar to a VPN, but without the encrypted connection, and had some speed focused optimizations including the proxy being proximate to your ISP. It was pretty interesting.
It doesn’t really help. The ISP needs to route you somewhere to get the data, so they’ll need to know who you want to talk to. Even if they don’t see the DNS name (like if you used a third party DNS server) they can still associate the IP address with someone.
There’s things like TOR and VPNs that can route your information through other third parties first, but that impacts performance pretty significantly.
Yeah, but often enough multiple sites share a single IP. It would already be better if the ISP (and everyone in between) didn’t know whether I wanted pink-fluffy-unicorns.com or hardcore-midget-bdsm.com.
Depending on where you’re going even IP addresses are getting to the point that they aren’t helpful. IP addresses are likely to belong to a cloud provider, and unless they are hosting email or a service that requires a reverse record, all you’d get is the cloud provider’s information.
Yeah, that’s what I meant originally. But I still don’t know how to enable that in my Apache. My Google-Fu isn’t good enough. All I see is ads for CDNs and conflicting information about whether it’s supported in Apache or not.
How does that help? You can tell any computer it’s Google.com or IP 8.8.8.8. you can tell your device that the other computer is correct, and middle man yourself
Except, we have one key to rule them all, one key to bind them. There’s literally a group of people who split the root key among themselves, and scattered it across the world (when they went home). They get together ever year or two, and on a blessed air-gapped computer, unite the key to sign the top level domains again. Those domains sign intermediate domains, and down the chain they sell and sign domains.
If any of these root domains fall to evil, these brave guardians can speed walk to the nearest airport and establish a new order
(I think we actually just started installing all the root and some trusted intermediate domains on every device directly, so I’m not sure if they still bother, but it’s a better story)
The solution you’re looking for is DNSS, where we encrypt the DNS request too so they can’t see any of the url. Granted, they can still look at you destination and usually put the pieces together, but it’s still a good idea
Ultimately, packets have to get routed, all we can do is do our best to make sure no one can see enough of the picture to matter. There’s more exotic solutions that crank that up to 11, but the trade offs are pretty extreme
Only in Chrome? In every browser using private mode, private mode only delete the local storage (wbSQL, Serviceworkers, cookies, cache, etc), no other things, it hide nothing, for webpages which log you (or the search engine you use, AI and some other extensions which you use in "private"mode) it’s irrelevant if you use private or normal mode. It’s a very frecuent missconcept to believe that the private mode is the same as anonym browsing, simple extensions, like Cookie Autodelete or SiteBleacher do exactly the same as browsing in private mode, but with the feature that you can partial or full whitelist the pages where private mode isn’t needed.
More or less Private only if you use VPN, SPN, MPR, Snowflake or at least a proxie.
Well, all browser have incognito or private mode, it’s nothing special. Vivaldi in this moment has released in the last snapshot an inbuild MPR in test, this will be a real private incognito mode.
As someone who hosts my own dns server I can confirm that I can see everything that is accessed but the not the whole url, I can see the base url like if you access YouTube, I’ll see that you pinged YouTube.com, what you received exactly I don’t know but I can tell that you went on YouTube.
A VPN isn’t magically solving all privacy and security issues. Personally, I would trust Mullvad, Proton and IVPN with my data over my ISP. They’ve been audited, and they’ve been put to test multiple times, and not been able to give away data. But it all really boils down to personal needs, and each to their own on that. If you don’t want a VPN, then don’t buy into one.
Set https everywhere. Use secure DNS servers. Install TOR along with all that. Tell me how your VPN provider can “see everything you do” with many layers of encryption, decentralization, and propagation of your data?
It protects you only if you have chosen the right VPN provider.
Of course if you choose some random VPN that was advertised in a youtube video that may as well be a downgrade depending on what your ISP does with your data already.
But if you choose a honest VPN provider, who’s values aligns with yours, and does not share (neither collect) any data on your usage and traffic, then that can easily be better.
Also keep in mind that ISP’s often operate knowing that they are the only provider in the area. Or the only usable one, or that the others aren’t better either. There’s no competition, and they make use of the fact that they can do whatever they want that is legal (a lot of things is), because the user can’t just switch to another that does not do it.
However, there’s a competition between VPNs. Unfortunately most of that competition is driven by lies, but fortunately not all of it is.
some people just want to bypass geolocked content, this only requires having a vpn in whatever region you want content in.
those who only care about piracy and avoiding dmca claims, they need a VPN who do not keep logs. or is hosted in a country that does not respond to DMCA requests
those who need a VPN for privacy reasons, theres tiers of it. basically some people will refuse to use VPNs hosted in Five Eyes/Nine Eyes countries as the government would likely know your actions. some people dont care of government knows, others do.
Have you ever eaten one, though? They’re delicious and are colloquially known as the roast beef of the sky. I think they’re so tender and delicious because they don’t hold anything back, immediately letting all anger and negativity out as it arises.
The typical default configuration has the ISP providing DNS services (and even if you use an external DNS provider, the default configuration there is that the DNS traffic itself isn’t encrypted from the ISP’s ability to analyze).
So even if you visit a site that is hosted on some big service, where the IP address might not reveal what you’re looking at (like visiting a site hosted or cached by Cloudflare or AWS), the DNS lookup might at least reveal the domain you’re visiting.
Still, the domain itself doesn’t reveal the URL that follows the domain.
So if you do a Google search for “weird sexual fetishes,” that might cause you to visit the URL:
Your ISP can see that you visited the www.google.com domain, but can’t see what search you actually performed.
There are different tricks and tips for keeping certain things private from certain observers, so splitting up the actual ISP from the DNS resolver from the website itself might be helpful and scattering pieces of information, but some of those pieces of information will inevitably have to be shared with someone.
The joke is making fun of anyone who does assume incognito mode is hiding anything from third parties.
All the Chrome bashing around this issue is pathetic. Every major browser has the same feature and none that I know of give it a name that makes the purpose any more clear. It’s obvious a lot of people have an irrational hatred of Chrome and don’t understand the actual issues involved.
Yes I get the joke. But the reason it's focused on chrome is because it is far and away the most popular browser by an insane margin, so "incognito mode" is universally known and understood.
DoT also encrypts the request, so the ISP cannot spy on the Domain Name you have requested.
And thanks to Https the ISP only sees the IP address which cannot in every case be resolved to a unique Domain, especially large sites that are hosted on service providers like Cloudflare, amazon etc etc
But what’s not encrypted by either is the Server Name Indicator or SNI, ie: the initial request to a webserver stating which host you’re trying to reach at that IP, before establishing the TLS connection, contains the domain you’d requested via DoH/DoT, in plaintext.
It will prevent the ISP from snooping on, or tampering with, the DNS request. However when you go to use the IP you’ve retrieved via DoH/DoT; your first request establishing a TLS connection to that IP will contain an unencrypted SNI which states the domain you are trying to use. This can be snooped on by your ISP.
It seems many more browsers support it than last I’d looked. I’m curious to see how much of the general web has adopted support for it onnthe server side. I’ll have to look into that more, and see what it’ll take to setup for self-hosting.
Those ambulatory kickballs are a damned nuisance. Pro tip: never stop your car when they’re crossing the street unless they have young with them. Just slow down to idle speed and creep forward. They’re stupid, but not suicidal, and we’ll get out of the fucking way.
slrpnk.net
Active