this post was submitted on 23 Apr 2024
1050 points (97.0% liked)
Memes
45726 readers
882 users here now
Rules:
- Be civil and nice.
- Try not to excessively repost, as a rule of thumb, wait at least 2 months to do it if you have to.
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I mean, this is a little outdated by today’s practices. Any ad tracker worth their salt will be using browser fingerprinting as well.
Imagine this scenario: You have a user with a specific browser, with specific extensions installed, (which you can derive from the fact that your ads are getting blocked by a specific ad blocker, they have the “Do Not Track” flag enabled, you have a nice monitor with a large aspect ratio and you’re browsing in full screen so the site can see that aspect ratio, etc…) from a specific IP address. In normal browsing, this user has a tracking cookie so your “share on Facebook” buttons can see what sites they’re visiting.
But now you’re seeing an identical browser, with identical extensions, on an identical IP address. But this time it doesn’t have your tracking cookie. Sure, there’s the chance that two people are using identical settings. But as your extension list grows and your browser becomes more unique, your fingerprint becomes more easily identifiable. So now, even without that tracking cookie, they’re able to use that fingerprint to infer that you’re the same person and link your incognito browsing back to your regular browsing.
Except by default, extensions are not enabled in Incognito mode unless you specifically tell your browser to allow it.
On top of that, if a browsers incognito has the same browser ID of the non-incognito version, that's probably not good. I would expect a browser to randomize any unique information like that when launching a private window.
So all you've got, as a savvy tracker, is the same aspect ratio, which, big deal, not like there's a huge selection of monitor sizes, and the same IP address, which, again, big deal, since any one client IP can have an almost unlimited number of users behind it.
You can presume it's the same person, but bluntly, that's a wild guess. It could be a visitor, or a different user logged into the same computer or another computer at the same location with the same (or at least a similar in resolution) screen. It's honestly a crapshoot. Assuming that's the person you know accesses your site from that IP is a bit of a stretch.
Any tracking cookies created in an Incognito or private window are going to get shredded when the window is closed, as long as the browser is doing what it's supposed to do.