back to article $5bn+ sueball bounces into Google's court over claims it continues to track netizens in 'private browsing mode'

Google has been sued for billions of dollars in a proposed class action alleging the adtech company identified and tracked users who adopted its browser's incognito mode to avoid such tracking. The complaint, filed in Northern California yesterday [PDF], claims that through a combination of means ranging from "Google Analytics …

  1. chivo243 Silver badge

    Feed the lawyers

    Google... defend itself vigorously against the claims 5 Billion will be down to millions(see title) and the payout to each user will be less than the cost of a bank transfer, and therefore something, something and they won't do it...

    1. Pascal Monett Silver badge

      Re: Feed the lawyers

      Exactly. Another bunch of lawyers have found the trough to feed themselves.

      I am thrilled.


  2. mark l 2 Silver badge

    Where as I am no fan of Google tracking your every move, how has this law suit even got started since at no point does Google claim that Private browsing/incognito mode makes you anonymous on the internet?

    Both Chrome and Firefox warn you that your ISP and website that you visit can still track your activity. It only the local PC that isn't logging any history or keeping cookies after you close the session.

    1. Joe W Silver badge

      Ah, but it's not the isp nor the websites you visit that are tracking you. It is Google, through the ads....

      1. Magani


        It is Google, through the ads....

        Google has ads? When did that happen??


      2. Version 1.0 Silver badge

        Google will say in court: "This is a fake claim, we are only collecting data. We TRACK nobody when they select this mode, we just collect data which the user agrees to as the T&C when they use our products for free."

    2. Anonymous Coward
      Anonymous Coward

      at no point does Google claim ...

      This is just a suggestion, but perhaps the claim might be said to occur when they called or referred to something as "private browsing" or "incognito mode'.

    3. doublelayer Silver badge

      I agree, actually. Incognito mode doesn't mean there's any more protection from Google. The case as it is needs to be changed. Instead of pointing out the incognito mode problem, they should point out that Google is gathering information by sneaky means without disclosure no matter what, with little ability to stop it short of aggressively blocking all Google services. That takes the potential plaintiffs list from those who use Chrome in incognito mode up to the entire population of the country, and that's mostly because I don't think U.S. courts make it easy to include most of the internet users in the world in a class action.

      You perhaps are focusing too much on the wording. They warn about the ISP, but they never warn about what Google themselves are doing. They don't offer any way to stop their tracking. But they do have a button that tries to imply that it might help. Just as they have switches that imply they stop collection of location history from Android phones but in actuality do nothing. It's dishonest, misleading, and harmful. If some lawyers can find a way to make that cost Google, I say go ahead.

      1. jmch Silver badge

        Telling Google Chrome to not track you does not mean you are safe from tracking from every other tentacle that the Google octopus has wrapped around the Internet

    4. Anonymous Coward

      @Mark I 2 Thats not the point...

      Its the fact that google can still track you even though they claim not to.

      Why wont El Reg ever comment on why they still use Google analytics in this day and age when they could capture and process their own just as easy...

      1. big_D Silver badge

        Re: @Mark I 2 Thats not the point...

        Google-analytics is blocked on all of my devices, either DNS level on my local network or with NoScript and uBlock Origin in the browser.

        1. Version 1.0 Silver badge

          Re: @Mark I 2 Thats not the point...

          I would not bet on that, it would be nice if you are right but I doubt that life is that simple when you are up against Google.

    5. big_D Silver badge

      Because incognito mode doesn't even protect you from Google tracking you. It doesn't go, "oh, you are in incognito mode, I'll block all Google tracking," it just carries on as normal.

      1. Wellyboot Silver badge

        It restricts 3rd party snoopers from reading all the cookies on your machine, giving big G the advantage.

        It was never for your benefit.

    6. John Brown (no body) Silver badge

      "Private browsing/incognito mode"

      So, you're saying that "Private browsing" and "incognito mode" are just names and not descriptive? Like the Same Day Cleaners who take a week to clean your suit because "Same Day" is just the name not the service provided?

  3. Anonymous Coward
    Anonymous Coward

    U$ Law

    The incognito tab from Google and others is the same as the autopilot from Tesla, in legalese all is right, but on a human level it is just lying, getting fucked and earning money for the different actors in this Spiel.

  4. Lorribot

    Its your choice

    If you worry about privacy at all don't use Google anything.

    If you don't care then have at whatever you want. Just don't whinge about it later and be aware google makes a lot of money from you and doesn't pay you a penny for it.

    1. Philip Lewis

      Re: Its your choice

      The point of the suit is that you get snooped on despite not using anything from Goggle

      1. Maelstorm Bronze badge

        Re: Its your choice

        It's up to the individual websites if they use Google Analytics or not. The user has no control over it. The only thing that the user can do is block the URLs that they don't like, which is a double-edged sword because some functionality of the site may break.

        1. Anonymous Coward
          Anonymous Coward

          Re: Its your choice

          I'd highly recommend the plugin for Firefox and Chrome (although if you really care about this, I don't know why you'd use Chrome).

          With's strict filtering it'll block all Analytics, including Google.

          1. Maelstorm Bronze badge

            Re: Its your choice

            Well, for me personally, I have Google Analytics blocked at my DNS server, as well as a few others that are anyone?

            1. Version 1.0 Silver badge

              Re: Its your choice

              And your DNS server is not using or

              1. Maelstorm Bronze badge

                Re: Its your choice

                Those are blocked at the firewall. If my DNS server needs to look a domain up, it goes to the root servers.

          2. John Brown (no body) Silver badge

            Re: Its your choice

            "With's strict filtering it'll block all Analytics, including Google."

            Except when you need to enable something like so the site will work. Only Google knows how much analytics is happening through that and other "necessary" URLs you might, even temporarily, need to whitelist. You can't rely on the name of the URL being descriptive as it may be a bit like "incognito" or "private", ie just a word, not a description.

  5. KorndogDev

    Stupid web developers

    Idiots write apps and web pages that suck in files from other (than their own) domains like fresh bread. If we end this common stupidity, privacy will prevail.

    1. Maelstorm Bronze badge

      Re: Stupid web developers

      That's the bad part of it. The reason why it's done that way may surprise you. It's to reduce the bandwidth for the server, and to reduce the cache space on the client. "How?" one might ask. Well, I will tell you:

      Taking my website for instance, it uses jQuery 3.3.1. The file is 84.8kb. I also use Bootstrap 3, which has multiple files totaling 1.56mb. Now since I'm a software engineer, I have all these files and frameworks locally on my server and sends them to the client without having the client pull anything else from anywhere else. So for every client that connects to my server, I'm sending the entire framework to the client. That takes up network bandwidth. My network bandwidth. So websites, in an effort to save on that bandwidth, have the clients pull the frameworks from the framework publishers, thereby saving bandwidth on the server. Furthermore, the browser caches files based on where the file came from. So if 100 websites all use the same frameworks from the same publishers, then the client only needs to download it once from the publishers for the 100 websites that use those frameworks. That saves bandwidth on the client, the server, and the framework publishers. Furthermore, it reduces the amount of disk space used on the client. The reason for this is that only one copy of the framework is in the disk cache. On the flip side, if each of the 100 sites sent their own copy of the frameworks, the client would have 100 copies of the same files on their computer.

      That is the main reason why websites pull files from other servers. It reduces total bandwidth consumption on the internet and makes things faster (which is a good thing). As you pointed out, now the framework publishers can track all the users of those 100 sites. So like everything else in life, there is a trade off.

      1. John H Woods Silver badge

        Re: Stupid web developers

        So ... is there any reason why pro-privacy groups can't mirror those frameworks on other servers where the request isn't tracked? (no sarc, genuine question - I just don't know)

        1. doublelayer Silver badge

          Re: Stupid web developers

          Any reason why they can't? No. It would be straightforward. Any reason why they won't? Several. They include these:

          1. Administrative hassles keeping the libraries up to date.

          2. Cost of the bandwidth they're now using.

          3. Getting website developers to use their system.

          4. Convincing developers and users that their system is secure and won't result in malware-laden versions of those libraries being injected.

          5. Convincing developers that the system isn't going to go down without support at some point, requiring emergency edits to their pages.

          It's quite unlikely, but it is possible.

  6. Maelstorm Bronze badge

    Forensic analysis of Google Chrome's Incognito Mode

    When I took a class on digital forensics, my team's semester long project was browser forensics. I personally focused on the abilities of Google Chrome's incognito mode. What I found was that this mode was actually quite good. Starting from a clean browser profile, opening incognito mode, and then browsing the internet visiting quite a few different sites, then fully closing the browser. Using Autopsy, I performed an analysis of the browser profile before and after. Nothing, and I mean NOTHING was saved in the browser profile. Now some information was saved in the operating system's paging file (Windows), but that is outside the control of the browser. However, Windows (and others I'm sure) can be configured to clear the page/swap file on shutdown, so when the machine turns off, there is no trace on the machine at all. The instructor asked if I tested that. And yes, I did.

    I'm not one to sing Google's praises, but in this case, the lawsuit is flawed. Google Analytics is used by many websites regardless of the browser that is being used. Therefore, they are going to track you no matter what. Browser fingerprinting is a thing. The ISPs can see what IP addresses you are connecting to, and possibly your DNS queries. If you are using HTTP instead of HTTPS, then they can see that too. The websites themselves gets a whole slew of information when you connect to them. I know because I see it in my server's logs. I also see it in the application logs as well. I don't use adverts on my server, but Google does because that is how they make their money.

    1. Anonymous Coward
      Anonymous Coward

      Re: Forensic analysis of Google Chrome's Incognito Mode

      While nothing is left on the device that initiates the request over the internet, you don't say anything about the plethora of sites used during the request and how much data is leaked to Google etc.

      Did you ever put a tool like Wireshark on your network when doing your tests?

      The logs from that are a dead giveaway. I block over 400 google owned domains at my firewall.

      From time to time I have to enable in order to get those stupid captcha things to work.

      You can avoid most of google or at least dramtically reduce your exposure to them if you take a bit of time.

      Oh, and having worked for an ad slinger (on a temporary basis) I saw how bad it could get so I started blocking google in 2009. I have no intention of going back.

      Posting AC just to keep the google sniffers at bay for a while longer but one day they'll come knocking at my door. Such is life with the Borg (aka Google) in control of the internet.

      1. Maelstorm Bronze badge

        Re: Forensic analysis of Google Chrome's Incognito Mode

        The sites themselves were beyond the scope of the examination. The examination was done to see if any information was saved to the computer using incognito mode, which there wasn't any. Yes, I did run a Wireshark session. The only thing the browser did when starting up was phone home to Google to check for updates. Apparently Chrome does this every time it starts up. Go figure. As for the other stuff, everything is becoming encrypted so it's very difficult to see what exactly is being sent.

        The real threat to privacy today is browser fingerprinting, which can more or less uniquely identify you, even in a browser's privacy mode. Plugins such a Privacy Badger work to stop this, but it's quite rampant. You could delete all cookies when you close the browser, and Chrome has such a setting. But fingerprinting is hard to defeat.

        1. doublelayer Silver badge

          Re: Forensic analysis of Google Chrome's Incognito Mode

          If network traffic was out of your remit, then you're completely unable to make a claim about the case being flawed. The case concerns data going to Google. You only know about data going to the hard disk. Those are not the same, and you've now admitted you have little information about what Google did or didn't collect at the time. Given that they are known to use Chrome to report back to Google with extra identifiers and you have admitted that you don't know whether they're still doing that, your comments seem entirely without merit.

          In addition, I wonder about several of the things you talked about. You mentioned data storage. How about data retrieval? Did you check if data from the profile was read off the disk, potentially leading to transmission? Did you check methods of exfiltrating data that should not be visible from an incognito browser? Did you check whether any fingerprinting methods were successfully prevented; if the mode works as even Google claims, there are some that should have been blocked. From the sound of it, you only used a clean profile, so by definition you could not check that latter point, but I only saw the summary so you might have. If your only concern was data left on the disk after use, I'm afraid I think you focused on the simplest and least concerning aspect.

      2. John H Woods Silver badge

        Re: Forensic analysis of Google Chrome's Incognito Mode

        "Therefore, they are going to track you no matter what. "

        Ok, fine. So don't have an "incognito mode" then. Chrome says:

        Your activity might still be visible to:

        Websites you visit

        Your employer or school

        Your internet service provider

        It doesn't say anything about "and we [Google] will still track you"

  7. Charles Smith


    So that's why I've been getting advertisements about riding whips and tall boots when I've been searching for Hymns and Sermons.

  8. steviebuk Silver badge

    And just look at....

    ...Google Meet. The amount of information it collects for the admins in GSuite admin and I think sends to Google directly.

    I've removed my GSuite details.

    Client logs upload

    Applied at 'DOMAIN NAME HERE'

    Include web-browser and mobile app logs with diagnostic data sent to Google.

    Logs include users' email addresses and additional info.

    Client logs upload Users’ web browser and mobile app log information is sent to Google. This includes users’ email addresses and other information. Google uses it to help troubleshoot support requests from your organization.

    When a meeting is going on you can see who is in it, even if they aren't related to your company. See their e-mail address and if the score they give the meeting at the end if they reply.

    Meeting code






    Network congestion

    % of meeting

    Packet loss

    average (max)


    ms avg (max)



POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like