1. 29
  1. 14

    Is private browsing mode meant to make you anonymous or is it meant to prevent sites from showing up in your browser history and, therefore, autocomplete suggestions? I always thought it was the latter.

    1. 20

      when it was invented everyone called it “porn mode” which was essentially the use case. Vendor marketing said it was for “buying surprise gifts for your loved ones”, but let’s be real. Its main use-case is not having porn sites in our browser history.

      1. 17

        Speak for yourself.

        The primary use case is checking to see if you need credentials, and testing login flows during development, or before sharing links.

        1. 9

          The primary use case is checking to see if you need credentials, and testing login flows during development, or before sharing links.

          Careful with that – as someone condemned with the dark and evil knowledge of blessed with the knowledge to support OIDC/SAML integrations, private browsing can cause heartburn. Chrome for sure shares cookies across private browsing sessions, and at least used to maintain existing sessions when you opened private browsing.

          Firefox’s multi-account containers can work great, but if you don’t practice really good hygiene you can have headaches there too.

          I’ve been bitten by these problems often enough that I simply use Chrome as my “isolation browser”: as soon as I open it I clear all state so I know I’m not going to spend an hour chasing ghosts.

          1. 4

            Dead right. This is the primary reason I use Safari as my day-to-day browser. It doesn’t share cookies or any other session data between private tabs. I also like that it’s the most MacOS-native ‘feel’ but that’s icing on the cake.

          2. 1

            Ah, don’t be emberassed. It is fine. Everyone does it.

          3. 15

            Last year I actually did buy a surprise gift for my wife using private browsing. I felt so weird, like I was the first person in history to actually do that.

            1. 0

              You probably were

            2. 4

              I think browser vendors who want to compete with Chrome need to lean into this more. Reducing embarrassment is more viscerally appealing than increasing privacy and may be easier to implement. For example, being able to keep things in browser history but hiding them from autocomplete.

              1. 1

                Either go to porn sites or don’t. Your choice. Hiding it seems silly.

                Hiding surprises, or checking what a page looks like when logged out, or temporarily logging in to a different account on a website… So many legitimate uses for this feature, we don’t need to resort to such base assumptions

                1. 7

                  Big difference between “this person, like a large portion of the population, occasionally visits porn sites” and “this person visits these porn sites for this amount of time and searches for these things while they’re there”.

                  1. 2

                    Hiding it seems silly

                    Some people have religious nuts as parents and benefit from hiding their online activities. Not everyone is an independent adult living in a progressive western society.

                    1. 1

                      What are the use cases for the general population (non techies) though? Don’t tell me it is there for QA reasons, if that was the case, it was part of developer tools, not in the main menu.

                      1. 3

                        Getting around paywalls.

                  2. 11

                    Primarily the latter. Browser vendors attempt and pitch a weak version of the former sometimes, too.

                  3. 4

                    I suspect this website’s “trick” won’t surprise anyone in the lobste.rs community, but it’s a cute demonstration nonetheless and seems like a good educational tool for people less familiar with concepts like fingerprinting.

                    1. 3

                      I’m not exactly sure about the reasons, but my Brave with uBlock successfully blocked the attempt of the site to identify me. Usually all shields are up, but for testing this site I enabled JS + storage (cookies/localStorage) to actually reach the point where I can enter a name.

                      1. 1

                        Same, uBlock, AdBlock, Firefox Strict Cookie mode w. a pi-hole and got no capture.

                      2. 2

                        The current data points used for generating fingerprints are: user agent, screen print, color depth, current resolution, available resolution, device XDPI, device YDPI, plugin list, font list, local storage, session storage, timezone, language, system language, cookies, canvas print

                        Curious if a browser plugin that randomizes or obfuscates these exists.

                        1. 5

                          The tor browser (which is a set of firefox configurations + extensions) blocked this successfully for me.

                          1. 5

                            The Tor browser does the best possible thing: it gives everyone the same UA, resolution, etc. And more importantly, it picks the most common values that are observed on the web for those. Every Tor browser user looks like the most statistically average web user in the world.

                          2. 5

                            Firefox has privacy.resistFingerprinting, which I’ve used reasonably successfully. Sometimes it breaks sites that display time e.g. Gmail other times it breaks in bigger ways e.g. when writing to a <canvas> element. So it’s not uncommon for me to need to temporarily disable it for a one-off basis.

                            1. 3

                              I’m running Firefox from the Debian repos with essentially all the privacy settings enabled as well as a bunch of extensions for fingerprint blocking, tracker blocking etc and it seems to have stopped this site from doing its tricks :)

                              1. 1

                                Brave has something builtin AFAIK

                                1. 2

                                  I temporarily installed brave just to test this, then removed it because I find other things about it worrisome. But it did successfully block this specific site from identifying me. Vanilla firefox did not block it. tor browser successfully blocked it. So did vivaldi.

                                  1. 1

                                    What were worrisome parts? May be I can evaluate too.

                                    1. 5

                                      They have, in the past, decided it was OK to inject content into websites for their own financial gain. Here’s an example. This is related. Their administration of the “Brave Rewards” program (stripping ads from sites, showing their own stuff, and holding payments until the sites step up and ask for them) is also a little disturbing if less likely to be privacy-violating.

                                      In short, if I want an alternate blink-based thing, I think Vivaldi is less likely to have a profit motive where they benefit from compromising my interests. And If I want something really privacy focused, I don’t think a blink thing is likely the smart play anyway. So there’s no upside to make me want to keep Brave around given what they’ve shown me.

                              2. 2

                                The key question that I always ask myself with these articles is “anonymous to whom?” There are is many blog posts and articles and oberviews and (secretly) VPN buying guides that intermingle all the threats (spouse, ISP, active network attackers, web trackers, ..)

                                To be fair this article is somewhat explicit (except the headline:))

                                1. 1

                                  Nice demo. And it’s not even using IP address, at least not directly.