Chrome + duckduckgo!
Yeah I’m not so naive to think it actually makes a difference.
Chrome is garbage spyware. Use Firefox.
Homer? Who is Homer?
Oh, my God, this man is my exact double! That dog has a fluffy tail!
Tehehehe here puff!
Especially when you do this, considering a lot of privacy extensions are disabled by default in incognito mode (at least in FF), so there’s less blocking of tracking elements.
(Also, unless you change your DNS provider or use a (proper) VPN, I believe your ISP sees everything no matter what, though I could be wrong about the latter.)
This is only true if you set your browser that way. On firefox I have all extensions be able to work in incognito. I believe you can do this on chrome too but I don’t use that.
This is why I said “by default”.
I’m pretty sure the FF default is to ask whether you want any extension to work in private windows, too.
Yeah and I love this little prompt. For chrome, you have to dig through the menus for every extension
HTTPS sends the domain in plaintext with SNI. Has to work that way due to IPv4 address exhaustion.
Sometimes having those privacy extensions make you a lot easier to fingerprint.
ISP can’t see pages. They can see domains or IPS but that’s it.
They can’t even reliably see domains when you use HTTPS, because some IP addresses serve many domains.
That’s not entirely true. It’s only very recently that browsers have started using a new system called Encrypted Client Hello which hides the domain of the request. Prior to this all requests needed too have the Host field unencrypted so the receiving server knows which certified to respond with. I imagine there’s still quite a few servers which don’t support the new setup still.
And we wouldn’t need any of that if we implemented IPv6.
I don’t know about that. Technically it wouldn’t be necessary but I can see providers limiting you to a single IP instead of a /64 and needing to do it anyway, because the tech exists anyway. Or for privacy reasons. There is IPv6 NAT, after all…
Most ISPs are also the default DNS resolver for a lot of people, so they see the domain you’re requesting an IP for.
Who cares about trying to MITM the HTTPS when chances are they’re sending DNS requests to the ISPs DNS server on unencrypted UDP/53? Comcast is the only ISP doing large scale DNSSEC, and even then that’s with their DNS, so they could still see what you’re looking at.
I may not know what specific page you’re looking at but I can sure as shit make some assumptions about all of the DNS lookups for FurAffinity.net or Missile-Gayboy.com. That’s probably enough for marketing purposes.
Correct me if i am wrong but DNSSEC has nothing to do with encryption of your request. It is used to verify that the record you received is from the correct authority. Furthermore your DNS requests have to go through your ISP even if you don’t use their DNS server as it is your only connection to the Internet.
The only thing you could do is encrypt the traffic somehow (dns over https exists), but then you have to trust that provider instead, and your ISP can still see the IP addresses you try to reach after you know them and might be able to still do a domain lookup using DNS if it is also configured to return the domain when looking up the IP. If they would put in the effort of course.
Correct, DNSSEC is like a signature, you can be reasonably sure that DNS wasn’t poisoned. If you’re looking for encrypted DNS, use DoH (DNS over HTTPS) or DoT (DNS over TLS).
While I have great confidence in my ISP, I use Quad9 as they also provide the above plus don’t do ECS (optional) and block malicious domains.
That’s a good point. Almost everyone uses their ISP’s DNS.
They can still (mostly) sniff SNI for now which gives them a domain even when the IP isn’t unique.
Technically incorrect unless you use http for some weird reason. The ISP can see the domain only, and (afaiu) not even that if encrypted client hello is used. At least kinda: they still see the IP which is not always unique.
But the IP can also sometimes be meaningless if there are proxies or vhosts used.
Yes, this is why you should use DNS over TLS. My router signal to every DHCP client that it is the DNS resolver, and internally use DoT/dnssec to query IPs. It also intercepts every request on DNS port in case of some DNS are hard-coded on some devices.
DNS over TLS won’t save you thanks to SNI. As there is a huge shortage of IPV4 addresses, same IP addresses serve multiple hostnames, and to provide a working encryption, TLS handshake includes the requested hostname in plain text so that SNI can be used to determine which certificate should be used. That plaintext hostname is something your ISP can easily log.
Rule of thumb is, Https does not provide anonymity, only encryption.
I use incognito so I can search for the word pork sandwich without it autocompleting to a pornhub video of fem dom bdsm.
Yeah. Though also so I can not be treated like I regularly search stupid questions I have
I think you’ve got when to use regular and incognito mixed up.
Everyone knows you should be using Firefox private mode to look up pork sandwiches.
I use incognito so I can search for some completely normal thing that I’m embarrassed I don’t already know
Spelling basic works like experience or similar
ME.
Ya got me pegged.
… Which incidentally I also use incognito for.
I use incognito so I can sign into multiple accounts on the same websites at once.
FYI most browsers have built-in options for user profiles, so you can have that benefit without the second account on a given website being logged out every time you restart the browser.
incognito is still handy when you’re logging in to a website with a lesser-used second account, though.
Firefox containers is your friend. It’s way better. I can sign into dozens of separate pages for different clients in a single browser window in different tabs if I want.
Is that a permanent solution or do I have to set it up every time? I just use profiles. about:profiles there you can setup a new one and launch it in a new window. I like to theme the windows in a different color to not get confused. Bright red is for 18+
Firefox containers are basically just named cookie sets: they don’t have per-container settings, they just let you create containerized tabs that don’t share cookies between each other (maybe local and session storage too, idk).
They’re useful if you want to make it a bit harder for websites to track you around, or for selectively keeping you logged into a website (alt account usage comes to mind), but your use case seems to be centered around actual profiles.
Oh this is going to come in handy for testing the web app at work. I’ve just been using private windows
If you’re frequently creating new containers I suggest the Temporary Containers extension, it saves you having to manually clear everything when you’re done with a specific session and want to start another
NextDNS
As soon as Chrome first launched incognito mode, it immediately felt like the “Alert Google to start tracking you” mode.
start tracking you
As if they ever stopped…
A simple spell, wish it was effective.
Incognito is only good for one reason: Not having those sites in the browsing history.
It’s good for using someone else’s computer without having to worry about passwords being saved or making sure you logged out before leaving
And even then, those sites can easily be retrieved by someone committed to finding them
And like the traffic at home through Adguard Home I see logs. More competent networks elsewhere will certainly be able to see what you’re doing.
back in the day (before chrome or incognito mode) I used to manually delete specific history items, individual cookies and temporary internet files one by one to leave no trace, while not making anything look suspicious, all so my nosy brother wouldn’t stumble on any evidence and use it to mock me
As someone else put it, it’s for making sure your wife doesn’t get suspicious if the weird ads you’re getting, and when she checks the browser history it’s clean.
Meanwhile Google, your ISP, and the NSA all know you’re looking at freaky old lady bondage porn.
Except some sites seem to use your IP, so if you’re both using the same WiFi, you’re going to get ads for other party. And for anyone else who used the same WiFi, too
Yes but I trust the NSA to safeguard the integrity of the National Dick Pic Database. I can’t say the same for my ISP.
The NDPD is a strategic resource and there is little doubt it is guarded jealously by the boys at Ft. Meade
I know this isn’t the point of your comment, but seeing “making sure your wife doesn’t get suspicious” reminded me that some people actually hide such things from their partner.
I find it a pity that some feel the need to hide their browsing habits from their S.O.
I feel lucky to have married a person who loves knowing all the depraved stuff I enjoy so they can incorporate it into what we enjoy together.
Honesty and communication are the bedrock of any relationship. I understand not sharing everything with every friend or family member… but if you can’t be honest regarding what you like with the person you literally decided to partner with for the rest of your life with whom to have sex… then who else in the world can you truly be honest with?
I was raised to be ashamed of anything I enjoyed. So I damn well am going to hide everything from anyone who knows me.
I’ll be in my corner with the rest of the abused people, alone.
🫂
Buddy, I don’t even like what I like a lot of the time.
I use it to get around website article limits when they try to force me to sign up.
Websites with actual web devs block and track usage with ip instead of cookies/cache, nothing a vpn can’t stop tho. More reliable to is to the way back machine on archive.org. Can also use a browsers reader mode to get around it too sometimes.
It’s handy when you need to make sure that someone else can access a url ok without having to sign in to the website or anything. If you can immediately see the page in incognito mode without signing in, they’ll have no problem
I remember having to use an incognito browser for testing at work one time, and it felt very wrong to pull it up on my work laptop instead of the personal laptop.
The pile of crap that is docusign will only work for me in incognito mode.
I contacted support and they suggested I tried it and it works, so they closed the case
🤦♂️
That’s a good trouble-shooting step, but it’s not a solution. That’s some bullshit, sorry that happened. Maybe try clearing your browser cache and cookies if you haven’t already? Basically my reasoning is if it works in incognito mode and only in that mode, then there’s probably some saved state that the website is getting snagged on (state that a new incognito window wouldn’t have).
The simple solution if you don’t want your history to be seen is to have one account per user on your computer.
Doesn’t solve the autocomplete issue when you’re trying to show someone something. I also don’t get ads for things I searched for while in a private window. And don’t forget how useful it is when you’re logging into some of your accounts when it’s not your machine, or logging into two accounts at once.
Threat model. Most people never need that protection, but anonymization in front of their ISP etc
“privately” “chrome” pick one
I’d rather not.
Well they’re mutually exclusive so good luck
It’s worse than that:
