Article Lead Image

Top Google exec mistakenly suggests Chrome’s incognito mode can foil the NSA

Bad advice.

 

Patrick Howell O'Neill

Tech

Posted on Dec 16, 2014   Updated on May 29, 2021, 11:31 pm CDT

Between foreign hackers and the National Security Agency (NSA), how is an innocent Internet user supposed to browse the web free of government surveillance?

Eric Schmidt, the executive chairman of Google, has an answer: Use incognito mode in Chrome.

Except that’s wrong—completely, absolutely wrong. The casual and ill-informed suggestion, delivered from the highest levels of the company responsible for Chrome, is dangerous to anyone looking for real security advice.

Incognito mode does not protect users from surveillance. Schmidt’s statement was so blatantly incorrect that a member of the Google Chrome security team—i.e., one of Schmidt’s own employees—could only respond with a very exasperated facepalm.

Schmidt’s comments came during an interview at the Cato Institute in Washington D.C. He was asked if Google received detailed information from Chrome users that other browsers do not receive and, if it did, whether there was a danger that federal authorities would track said data.

“If you’re concerned, for whatever reason, you do not wish to be tracked by federal and state authorities, my strong recommendation is to use incognito mode, and that’s what people do,” Schmidt explained.

So what’s the problem here? Incognito mode is designed for—and serves—a completely different kind of privacy protection than the one Schmidt implied.

https://twitter.com/csoghoian/status/544872712465043456

Incognito mode deletes Chrome’s browsing history and other detritus that help track users around the Web. Chrome users who deploy incognito mode can, for example, prevent other people who access their computer from seeing their search history. Importantly, this deletion of local history logs does not at all affect external entities’ access to said history. ISPs can still see the traffic going back and forth between customers’ machines and their servers.

In other words, Schmidt’s comments suggest that he has never even opened incognito mode himself. If he had, he’d have seen this warning message.

Screengrab by author

Anyone who is concerned about snooping by federal authorities—the scenario in Schmidt’s example—will not find solace in incognito mode. Using incognito mode does not prevent IP address logging or online-behavior tracking, as the warning above makes clear.

Schmidt is, at least initially, referring specifically to incognito mode’s ability in regard to Google’s own data collection rather than in regard to government surveillance. However, he does go on to vastly overstate incognito modes overall abilities when he says it will help stop government tracking. 

What Schmidt should have said was something like this: Use incognito mode if you don’t want your spouse to see the porn you look at and Tor if you don’t want the government looking over your virtual shoulder.

Editor’s note: This story was updated Dec. 18 for clarity. 

Illustration via Fernando Alfonso III

Share this article
*First Published: Dec 16, 2014, 2:42 pm CST