If you’re browsing the web anonymously in Incognito mode on Chrome and need to check your Gmail, you may want to use extra precaution. A new report released by trade organization Digital Content Next suggests that Google could use cookies to associate your Incognito browsing to your Google account if you log into a Google service during your anonymous web session, an assertion that Google disputed.
“This allows Google to connect the user’s Google credentials with a DoubleClick cookie ID,” Vanderbilt University computer science professor David Schmidt and the study’s author said. “While such data is collected with user-anonymous identifiers, Google has the ability to connect this collected information with a user’s personal credentials stored in their Google Account.”
When you begin a private browsing session in Chrome, websites use cookies to serve you ads based on your history. So when you log into a Google service in Incognito mode, Google could theoretically connect your Incognito web history to your Google account by associating cookies from the browser.
A Google spokesperson refuted Schmidt’s claims in a statement to AdAge but did not give a full denial. “We do not associate incognito browsing with accounts you may log into after you’ve exited your Incognito session,” Google said. “And our ads systems have no special knowledge of when Chrome is in incognito mode, or any other browser in a similar mode (ex: Safari Private Browsing, Firefox Private Browsing). We simply set and read cookies as allowed by the browser.”
Schmidt said that it wasn’t clear if Google was connecting Incognito histories to a Google accounts, but he said that “if you read the fine print on ‘incognito’ mode it brings up a whole lot of disclaimers.” Given that Chrome is the leading web browser with more than 1 billion monthly users, Google has the capability to collect even more data if it did apply this practice. Google discredited the report, noting Schmidt is biased given that he was a witness for Oracle in that company’s lawsuit against Google.
Regardless, if you’re browsing in Incognito mode, it’s probably a good practice to not log into personal services, and you should refrain from logging into your Google account until after you have exited your incognito session.
This latest report follows a recent discovery that Google is still tracking users’ location on Android phones, even if they turn off location tracking in the Google Maps app. Google had subsequently revised its terms of service to note that location data may still be collected based on your web history. Schmidt confirmed this in his study, noting that Google will get a user’s location every time an Android phone connects to Wi-Fi or a cell tower. This helps Google identify, when combined with the phone’s sensor, if the user is walking, running, biking, or riding a bike, car, or train.
