back to article When you tell Chrome to wipe private data about you, it spares two websites from the purge: Google.com, YouTube

Google exempts its own websites from Chrome's automatic data-scrubbing feature, allowing the ads giant to potentially track you even when you've told it not to. Programmer Jeff Johnson noticed the unusual behavior, and this month documented the issue with screenshots. In his assessment of the situation, he noted that if you …

  1. Claverhouse Silver badge
    Meh

    Quelle surprise !

    1. JimboSmith Silver badge

      I think I'd have been more surprised if it hadn't excluded Google stuff. Seriously surprised, like fall of my seat in shock.

    2. Zolko Bronze badge

      Quelle surprise !

      actually ... I tried this with "Ungoogled Chromium" and it also has the same behaviour: "clear all cookies and site data when you quit Chromium", and then I closed the window but it didn't clear the Google cookies and site data. Darn.

      But then it dawned on me: did I actually, really, quit Chromium ? a killall chromium confirmed that no. So how do you quit Chromium ? In the right side the small button with ⋅⋅⋅ has the magical "Exit" function, and then Chromium really does suppress the cookies, even the Google ones. May-be ungoogled chromium changes that behaviour, who knows ?

    3. Anonymous Coward
      Boffin

      Now you know why...

      US just sued Google for anti-trust anti-competitive behavior.

  2. Eeep !

    How did they think this wouldn't be noticed ?

    It's like they want to distract you with little stuff so you aren't thinking how you are being exploited in the BIG picture !

    No a conspiracy nut - just suggesting you read the words rather than follow the bouncing ball.

    1. Anonymous Coward
      Anonymous Coward

      Re: How did they think this wouldn't be noticed ?

      Stupidity maybe.

    2. Anonymous Coward
      Anonymous Coward

      Re: How did they think this wouldn't be noticed ?

      They simply don't care.

      1. seven of five Silver badge

        Re: How did they think this wouldn't be noticed ?

        Probably less than that.

    3. DS999

      Re: How did they think this wouldn't be noticed ?

      They knew there would be no consequences when they were. Sure, there is talk about breaking them up in the EU and now the US, but talk is cheap.

      I've seen claims that if Google were forced to spin off Chrome it couldn't survive on its own, Given that Google pays Apple billions to be the default search on Safari and Safari has far less browser market share than Chrome does, I would think that an independent Chrome would be quite a profitable business. But much less threatening to the future of the web once no longer part of Google.

      1. The obvious

        Re: no consequences

        Sounds like SOP for google.

        It was never really “don’t be evil” and more “don’t get caught, if you do then pretend it was a mistake”

  3. jake Silver badge

    "We asked Google for an explanation."

    Can I take a guess at the inevitable answer? Something along the lines of:

    "It was test code that was never supposed to be released to the public. We have no idea why it was left in the released code, but we are looking into it in order to see that it never happens again."

    Hey, it's worked for them all the other times!

    Shun go ogle and everything else under Alphabet. They are a disastrous societal accident in progress.

    1. I ain't Spartacus Gold badge

      Re: "We asked Google for an explanation."

      Nope. Good guess though. After all, it's worked before. But the article has now been updated to say "it's a bug that will be corrected". Which is another favourite.

      There's a story, I don't know if it's actually true mind, about Macy's department store in the 1920s. If a customer cut up really rough, and was a really entitled arse abot their complaint then the manager could summon a particular guy. Don't know what his day job was, but his side role was to be sacked. So said manager would listen to the complaint and then tell the customer that they'd deal with the person responsible. This guy would then be summoned, dressed-down in front of the customer and told that they were dismissed. Then it was back to wherever they came from an on with whatever they were doing. Unless Macy's had so may annoying customers that the guy was getting "sacked" every half hour...

      Anyway I feel that it's time Google got themselves a nice sacrificial engineer - perhaps with a particularly fetching hat - that they can publicly wheel out and sack whenever they want to use this excuse. It can be the same one every time, its not like they don't know that we know that they're lying through their teeth. But at least it makes the pretence more interesting. Perhaps a trained actor, who can cry on cue and give us a better show...

      1. Steve Davies 3 Silver badge
        Holmes

        Re: "It is a bug..."

        They don't say when it will be corrected AND if the correction will not be rolled back at some later date (another bug naturally).

      2. heyrick Silver badge

        Re: "We asked Google for an explanation."

        "This guy would then be summoned, dressed-down in front of the customer and told that they were dismissed."

        Reprimanded in front of the customer? Wow, how utterly unprofessional (even if it was a ruse).

        1. Stoneshop Silver badge

          Re: "We asked Google for an explanation."

          Reprimanded in front of the customer? Wow, how utterly unprofessional (even if it was a ruse).

          Totally credible a hundred years ago.

      3. fidodogbreath Silver badge
        Big Brother

        Re: "We asked Google for an explanation."

        "it's a bug that will be corrected"

        I'm guessing the fix will be "hide Google and YouTube local storage from the UI on browser start when the delete on exit setting is enabled, until the user visits a Google property."

      4. MutantAlgorithm

        Re: "We asked Google for an explanation."

        This was the premise of an excellent book by Daniel Pennac called 'The Scapegoat', well worth a read :-)

      5. Sok Puppette

        Re: "We asked Google for an explanation."

        It may very well *be* a bug. But if it is, it's only a bug because Google's sites are *intentionally* getting some *other* special handling.

        Google needs to be forced to divest Chrome and anything related to it, and Google's pressure on browsers like Firefox needs some government monitoring, too.

      6. Anonymous Coward
        Anonymous Coward

        Re: "We asked Google for an explanation."

        "So said manager would listen to the complaint and then tell the customer that they'd deal with the person responsible. This guy would then be summoned, dressed-down in front of the customer and told that they were dismissed. "

        When I was IT manager in our Japan office, we had a period of high instability with our trading platform. I used to employ a person on my team whose role was to be a professional apologizer. I would take him with me to the meetings at the banks and he could sincerely apologize with every ounce of his being. The sort of person that you could imagine was still apologizing half an hour after the meeting finished.

    2. Psmo Silver badge
      Childcatcher

      Re: "We asked Google for an explanation."

      A rogue engineer ?

      1. Fruit and Nutcase Silver badge

        Re: "We asked Google for an explanation."

        Bound to be the same rogue engineer. Just the one bad apple in the company

  4. Anonymous Coward
    Anonymous Coward

    BleachBit is your friend!

    BleachBit works a treat for clearing out cookies, vaccuuming out SQLite databases and other PII from storage and is even in the Linux repositories.

    You can also assign BleachBit to clear out custom folders or files within the preferences settings if what you want purged is not already listed.

    I set up a bash alias to clear everything out using the command terminal after I'm done browsing the web.

    https://www.bleachbit.org/

    1. Shadow Systems Silver badge

      Re: BleachBit is your friend!

      I'd probably be interested in installing something like what you mentioned, except I've already uninstalled Chrome entirely.

      I noticed that Google & Youtube were *not* wiped even though I told it to wipe everything; I noticed that it kept banging on about JavaScript issues even though I had explicitly turned it off; and I had gotten beyond frustrated at it constantly rendering sites into indecipherable glop. Case in point: NewEgg.com has Edit fields for Price, but Chrome kept being unable to render the maximum value Edit field. I have no idea why, but load the exact same URL under IE11 & the site renders just fine.

      I finally gave up & uninstalled Chrome. Imagine my (lack of) surprise when I found Chrome data splooged all over my system that the uninstall "accidentally" missed. I restored my system to the point prior to having installed it thus ensuring all such orphaned data got purged, & have given up on Chrome.

      I don't know what/why sites won't render properly *except* under IE11, but it irks the piss out of me that sites (like Youtube) scream at me to use a "modern" browser (ignoring the fact that there's a copy of IE11 in Win10) because "older unsupported browsers will fail to render our site properly", yet I have to use said pseudo-outdated browser to get their sites to render in such a way as to be accessible.

      I'll go back to using FireFox ESR for those few times I want to determine just how screwed up the web has become under a "modern" browser. =-\

      1. jake Silver badge
        Pint

        Re: BleachBit is your friend!

        Just for the record, although I test out most other browsers[0], I use Firefox ESR exclusively for actual web browsing. It's the only one that always works, every time, for the things I need a browser for.

        Obviously advice is worth what you pay for it, and YMMV. Have a beer anyway.

        [0] Can't convince a client that their marketing driven choice is a piece of crap unless you know exactly why it is a marketing driven piece of crap.

        1. Primus Secundus Tertius

          Re: BleachBit is your friend!

          @Jake: I have used Firefox since its version 1. I save selected pages from the web; Firefox does this reliably, Internet Explorer would frequently fail to save. I have always avoided Chrome.

      2. Snake Silver badge

        Re: uninstall BleachBit

        If you are using Windows, and you restore, there is no guarantee that some data structures are modified through the restore process; Restore does exactly that, restore pretty well, but Delete was never a great part of the program. RTM, Restore doesn't try to damage a lot of user data, of which Chrome is creating.

      3. Ken Moorhouse Silver badge

        Re: load the exact same URL under IE11 & the site renders just fine

        Now rinse your mouth with BleachBit for uttering those words.

        1. veti Silver badge

          Re: load the exact same URL under IE11 & the site renders just fine

          Stop fighting last decade's battles. There is absolutely nothing wrong with IE11.

          1. jake Silver badge

            Re: load the exact same URL under IE11 & the site renders just fine

            "Stop fighting last decade's battles."

            I did, last decade when I quite using or supporting products from Redmond.

          2. Phil O'Sophical Silver badge
            Coat

            Re: load the exact same URL under IE11 & the site renders just fine

            There is absolutely nothing wrong with IE11

            Yet.

          3. Robert Grant Silver badge

            Re: load the exact same URL under IE11 & the site renders just fine

            Weird that Microsoft have been trying to kill it for years, then.

      4. Claverhouse Silver badge

        Re: BleachBit is your friend!

        scream at me to use a "modern" browser ...

        .

        Seems to be a new united push to a monoculture: some sites just read from the same words issued by Google [ no doubt ] that only 5 browsers are acceptable, 4 of which happen to be Chrome-based.

        .

        The Twitter Version

        We officially support versions of the following browsers from the past year on twitter.com:

        Edge (https://microsoft.com/edge)

        Safari (https://www.apple.com/safari)

        Chrome (https://www.google.com/chrome)

        Firefox (https://www.mozilla.org/firefox)

        Any browser based on Webkit / Chromium engines (Opera, Samsung Internet, UCBrowser, etc.)

        .

        .

        [ from my thread in the Pale Moon forum ]

        .

        And 15 minutes ago I looked up on Google Image a still of a charming 1940s actress, and though I think the identification was off, nearly all the results were from rotten tomatoes, and that foul site just refused to let me in at all

        https://www.rottentomatoes.com/unsupported-browser?err=custom-elements,shadow-dom

        To enjoy RottenTomatoes.com, try using a newer browser like Google Chrome, or Mozilla Firefox.

        As ever, like with tracking insistence etc. etc. / American Media going mental over GDPR, if they put up barriers, one just leaves and lives without them.

        And if they're too thick to work that one out, no wonder their dying marketing is crap.

        1. Robert Grant Silver badge

          Re: BleachBit is your friend!

          I'm struggling to understand this. Firefox, Chromium and Webkit browsers are not a monoculture.

      5. Dagg
        Joke

        Re: BleachBit is your friend!

        BleachBit - also has the D Trump seal of approval against COVID-19

    2. NetBlackOps Bronze badge

      Re: BleachBit is your friend!

      Google, among others, is why I have installed.

    3. Anonymous Coward
      Anonymous Coward

      Re: BleachBit is your friend!

      No BleachBit is a clever bit of software for clever people to use and has no impact on how Google behave.

      Don't install extra shit to neuter Google shit. Uninstall Chrome.

      1. jake Silver badge

        Re: BleachBit is your friend!

        "Don't install extra shit to neuter Google shit. Uninstall Chrome."

        And actively shun go ogle ... and everything else owned by Alphabet.

        1. DJO Silver badge

          Re: BleachBit is your friend!

          Beware the Chromejub bird, and shun

          The frumious Googlesnatch!

          1. David 132 Silver badge
            Happy

            Re: BleachBit is your friend!

            Tried that, but the slythey toves continued to gyre and gymble in the wabe. Oh, and the mome raths definitely outgrabe, too.

            1. Anonymous Coward
              Anonymous Coward

              Re: BleachBit is your friend!

              Never occurred to me before that Carroll was apparently well versed in Vogon poetry

              1. jake Silver badge

                Re: BleachBit is your friend!

                Nah. Carroll's is quite pleasant to listen to.

        2. Anonymous Coward
          Anonymous Coward

          Re: BleachBit is your friend!

          Anyway, ideograms are the future, ditch the alphabet!

  5. fireflies

    Shock news as shock news is neither shocking or news

    For a start, this isn't something discovered recently. Just a mere google (heh) for google.com and local storage shows that someone asked this very question 6 years and 9 months ago ("Why does chrome never delete google.com localstorage?") so seeing this on El Reg over 6 years later is just baffling.

    The article also seems to conflate cookies and local storage. Sure google could *potentially* store cookies in the local storage, in the same way they could *potentially* sell your browsing habits and IP address to any takers. The question is what is possible, but what are they actually doing or intending to do?

    Given this has been happening for so long already, and no clue as to how far back this particular behaviour actually goes, it does sound like an attempt to make much of an issue than it really is - hence the article emphasising what google could do if they decided to put cookies in the local storage.

    When much of the argument is based on a hypothetical premise to support its doomsaying, it merely highlights the severe lack of substance otherwise.

    So google has been doing this for over 6 years at least. What have they hidden in the localstorage after all that time? If there is something to show for it, then that is where the article should be going.

    Otherwise, if you want to decry google for hypothetical situations, you may as well pop down the pub and re-create Harry Enfield's Self Righteous brothers.

    Google has enough skeletons in their closet already - no need to find another closet and postulate how many skeletons they could fit in there.

    1. sabroni Silver badge
      Facepalm

      Re: When much of the argument is based on a hypothetical premise to support its doomsaying

      Good grief, so many words to say:

      "I knew about this already, I found out six years ago.

      They haven't stored cookies in local storage and they could have. You should investigate that."

      Postulate my arse.

    2. IGotOut Silver badge

      Re: Shock news as shock news is neither shocking or news

      So why bother patching?

      That great security hole MAY get used, but I haven't seen anything yet.

      And so you have proof they are NOT already using what's in local storage to identify you.

  6. Anonymous Coward
    Anonymous Coward

    The Purge

    One night a year, all Crime is Legal *

    * = Unless you are the UK Government †† or Google, in which case it's 24/7, 365 days a year

    † = United Kingdom Internal Market Bill

    † = Covert Human Intelligence Sources (Criminal Conduct) Bill

  7. 759b954e-617b-408b-a2b1-f5a42c3688d4
    Facepalm

    "Bug"

    Riiiiiiiiiiiiight...

    Do they think we're stupid?

    1. Alumoi Silver badge

      Re: "Bug"

      Do you use Chrome?

      If the answer to my question is yes then the answer to your question is yes.

    2. Anonymous Coward
      Anonymous Coward

      It will be interesting to see a diff...

      - if !urlContains( "google" ) purge();

      + purge();

    3. veti Silver badge

      Re: "Bug"

      They, of all people, probably have a better idea of our IQs than we do.

      1. jake Silver badge

        Re: "Bug"

        What does IQ have to do with stupidity?

      2. IGotOut Silver badge

        Re: "Bug"

        Apparently they got the info from Facebook after some people filled in an online quiz.

    4. Anonymous Coward
      Anonymous Coward

      Re: "Bug"

      They're just looking at their BOFH Excuse of the Day without bothering to hide. It's completely irrelevant to them whether we believe them or not, as it's not going to impact them in any way.

  8. Dinanziame Silver badge
    Paris Hilton

    What's "site data"?

    I never heard that there was anything kept in the browser except cookies and cache. What's even the point of having data that is not stored as a cookie? Isn't it functionally the same? Is information that you are logged in to a website part of "site data", or is it a cookie (which is what I assumed)?

    1. Weiss_von_Nichts

      Re: What's "site data"?

      Also called "local storage", was introduced with HTML5 as a W3C standard several years ago. Reasonable browsers allow you to select which sites (if any) may store site data on your machine. Others cheat, others again (like Adobe) use plugins (i.e. Flash) to secretly store stuff.

      1. sabroni Silver badge

        Re: What's "site data"?

        A cookie belongs to a domain and is always sent when a browser sends a request to that domain.

        localStorage belongs to a domain but isn't sent when the browser sends a request. It is available to code served from the domain so gives a site a way of accumulating state without bulking up the http requests.

      2. Tigra 07
        Coffee/keyboard

        Re: What's "site data"?

        Flash still exists?

        1. I ain't Spartacus Gold badge
          Happy

          Re: What's "site data"?

          Flash still exists?

          Don't you mean, "Gordon's Alive?!?!"

          Dum! Dum! Dum! Dum! Dum!

          "Deespatch Var Rocket Ajax to breeng back his body!"

          1. deadlockvictim Silver badge

            Flash

            I love you Flash but...

            I have to watch this film again now. I thought it was cheesy when I was 10. God knows how this has aged.

            Hopefully the Queen video isn't the best bit.

            1. I ain't Spartacus Gold badge
              Happy

              Re: Flash

              deadlockvictim,

              It is cheesy. But in a good way. I wouldn't say that the special effects haven't aged well, but only because they weren't all that good in the first place... But the soundtrack is great, I particularly love the bit when the Wedding March starts up, and it's full-on Queen guitars-a-go-go.

              It's good, leave-your-brain-at-the-door fun. And no worse for it. Even when future Blue Peter presenter Peter Duncan is failing to act and saying, "spare me the madness" before being killed off by future James Bond Timothy Dalton.

              If I wasn't at work I'd crank up the speakers right now and chuck a bit of Queen on.

        2. Strahd Ivarius Bronze badge

          Re: What's "site data"?

          It looks like Adobe is starting to ask users to remove it... (when you have the auto-update feature activated)

        3. Jellied Eel Silver badge

          Re: What's "site data"?

          Flash still exists?

          It's still lurking in the background, generally refusing to die. For me, not installing Flash was one of the best browser performance mods, as well as neatly denying all those fecking annoying Flash ads. I think last time I allowed it on a box was to try out the ITV Player. That was based on Flash, and did fun things like allowing ads to unmute speakers and maximise volume. As for local storage, it seemed demanding. Plugin had options to automatically increase it's local store, or set a size. I figured 100KB should be fine for cookies. Then error saying it'd run out of store. Then by the time it demanded >10MB, I'd given up on it and vowed to terminate with extreme prejudice.

    2. chuBb. Silver badge
      Black Helicopters

      Re: What's "site data"?

      Its a useful tool with a lot of potential for damage, often will be used to buffer images for uploading, or use it as a cache to resize in the background (on your device) the images so you send over the wire much smaller files, as one example, but thats a trivial hello world use. But its really a SQLLite DB createable on a per site basis, and not that easy (for the non dev minded) to inspect.

      The real issue is that due to the law lagging behind the tech, as long as the tracking ID is stored in the local DB instead of as an actual cookie (a text file in browser cache folder) and programatically sent i.e.

      var bollocks_to_dnt = localdb["sneeky_tracking_id"];

      HTTPWrapper.SetCookie("data_hostage_id", bollocks_to_dnt);

      Then my understanding of the current laws and regulations is that, its ok to do that because its "not" a cookie, as its something more ephemeral (pep pills vs speed). When used like that its actually much worse than a cookie, as a cookie is limited to being pretty small in size (off top of head 1kb plain text payload), where as using local storage like this, well you could dump the entire db (limited to 5mb unless you grant permissions which people do because they like getting alerts on cat videos) and send as a binary stream over a websocket, which is a LOT harder to pick apart for the average joe, as even if they can find the network tab in dev tools know to look at the websockets, they still would have to be able decode the binary protocol in use.

      This is one of the things that scares the hell out of me with web assembly, as currently it should be possible (no matter how obfuscated the JS is) to set a break point and examine the data in the browsers JS debugger before it gets encoded and sent. Cant see that being easy to do with a strongly signed web assembly, especially one that implements a non text based protocol for comms, and does end to end crypto/mutual TLS. Assuming you can access your private key, and can decode the protocol then at best you will be able to view the response sent back to you, encoded with your public key, while what you send i.e. the data us privacy minded are probably most concerned about would remain opaque and unknowable without the co-operation of who ever is ingesting the sent data. All from little black boxes controlled by those who profit from our data, instead of now where they at least all have to use common web techs. Of course when people realise the problem it will be too late as they traded it for some free to use service or convenience.

      1. Tesseract

        Re: What's "site data"?

        My understanding is probably wrong, but while that would not trigger the cookie eprivacy banner, you still need to consent to being tracked per GDPR if they are doing anything with that identifier.

        1. chuBb. Silver badge

          Re: What's "site data"?

          Probably but until that scenario gets prosecuted i imagine it will be interpreted as "rule as written not rule as intended" by the data slurpers ambulance chasers and given the green light until a court says specifically no.

          And even then GDPR will be harder to enforce with web assembly due to the potential of side stepping any of the web techs that covers, and drop down a level to be TCP/IP level legislation, and frankly the law would be too broad and unenforceable if it covered any potentially identifiable token sent over a network (i.e. **this is a massive stretch but...** ARP tables could be under that description, and how would you grant permission on a per device basis as your packets are routed), and even then i dont think that GDPR would be grounds enough to force a data slurper to publicly document or share private keys for a proprietary encrypted protocol for public scrutiny, and even if they did it would be trivial to code in a VW emission scandal test fudger to behave compliantly when being watched (they would just have to have examine the thumbprints of the private key in use, strip idents if using the scrutiny thumbprint, slurp away if using the real private key).

          Hopefully it never gets that bad, but i have little faith in the unholy union of tech and politics

  9. chivo243 Silver badge
    Meh

    chrome for work

    Unfortunately, we use g-stuff at work, against my recommendations. I use chrome only for the Admin Console.

    1. Dan 55 Silver badge

      Re: chrome for work

      Try another Blink-based browser if posible, but not a defanged version of Chromium because there's still a Google stuff buried in there that could slip through the net. Perhaps something like Opera or Vivaldi.

  10. RyokuMas Silver badge
    FAIL

    *cough*Bollocks!*cough*

    "We are aware of a bug in Chrome that is impacting how cookies are cleared on some first-party Google websites. We are investigating the issue, and plan to roll out a fix in the coming days."

    Anyone here remember the early days of the BOFH excuse calendar? Because I'd be more inclined to believe "Solar flares!" or "Magnets!" right now...

    1. chuBb. Silver badge

      Re: *cough*Bollocks!*cough*

      Elves is my goto answer.

      Non Tech Boss: "So how does this work?"

      Me: "Do you want the technical answer which will raise more questions than answers, or the answer that will make you happy, but ignorant to how it works?"

      Non Tech Boss: "Just because im marketing doesnt mean i cant understand technical answers"

      ### 40 mins later ###

      Me: "...so once the feed from supplier b has been manipulated to this format, we can then start processing this batch as the data it refers to now is available via this api"

      Non Tech Boss: "But what does that have to with the feature i asked about"

      Me: "I call it ice berg dev, your concerned about the tiny percentage above the water, but the whole thing relies on whats under the water, if you dont understand that you will want to know why that icon changes in this scenario and i will have to explain it anyway, or do you want the other answer?"

      Non Tech Boss: "OK whats the other answer?"

      Me: "Elves, digital voodoo, reticulated splines and a sky hook covered in tartan paint"

      1. Psmo Silver badge

        Re: *cough*Bollocks!*cough*

        I've been on both sides of this conversation.

      2. heyrick Silver badge

        Re: *cough*Bollocks!*cough*

        "reticulated splines

        Calibrated, I hope...

        1. seven of five Silver badge

          Re: *cough*Bollocks!*cough*

          bzzzp. bzzzp.

          and another power line. bzzzp.

          Llama sightings: 12

          1. fobobob

            Re: *cough*Bollocks!*cough*

            "YOU CAN'T CUT BACK OUR FUNDING! YOU WILL REGRET THIS!"

      3. EnviableOne Silver badge
        Pint

        Re: *cough*Bollocks!*cough*

        "Elves, digital voodoo, reticulated splines and a sky hook covered in tartan paint"

        my new stock response, have a beer that man!

  11. Anonymous Coward
    Anonymous Coward

    It's simple, people!

    You need IE6.

    (Do I win £5?)

    1. EnviableOne Silver badge

      Re: It's simple, people!

      I have a version of Netscape floating for some obscure stystem that doesnt support IE

  12. petethebloke

    Incognito is a farce too

    I noticed this ages ago. It's why I use Chrome for my work stuff (the office has G Suite) and Firefox for everything else. The inconvenience is worth it for the peace of mind.

    I haven't tested it lately, but I also remember that "incognito" allowed leakage of Google cookies across windows.

    1. firey

      Re: Incognito is a farce too

      An important thing to be aware of about Incognito mode (and Private Browing in Firefox) is that it only isolates the Incognito windows from non-Incognito windows - all Incognito windows & tabs open at the same time share the same state.

      So if you want to browse 2 different sites which both have google (or other) trackers, and try to avoid google making the connection - you need to do all your business in the 1st site, then close all Incognito windows, open a new Incognito window, then do your business in the 2nd site.

      Firefox's Private Browsing works in the same way, which is why I use Firefox Temporary Containers instead of Private Browsing - much more powerful.

      1. petethebloke

        Re: Incognito is a farce too

        Thanks. That's worth knowing.

  13. Anonymous Coward
    Anonymous Coward

    I'm really surprised

    they got found out

  14. Anonymous Coward
    Anonymous Coward

    Anyone an idea about Chromium?

    As Google is basically using Chromium as the basis for this, has there been any information about Chromium itself?

    Might be a safer alternative without losing the benefits of Chrome - as yet, NONE of the other browsers come even close to its support for WebRTC. I have no idea why the rest are so rubbish at it, but it's a sad reality.

  15. Anonymous Coward
    Anonymous Coward

    Just a programming error..

    ".. just like our wholesale grabbing of WiFi data when we were running Streetview. The fact that we had a complete back end ready to receive and process all that juicy data was a complete coincidence."

    Face it folks, it's about money and it's a US company. The past decades with Microsoft ought to have give you an idea what that means regarding ethics, principles and respect for law, because Google is following the exact same playbook, also because fines normally tend to be minuscule compared to their income from such illegal activity. That was why the corridors of Brussels were filled to the rafters with Google (and others*) lobbyists when the EU were debating the levels of GDPR fines, thankfully to no avail.

    * Oracle, for instance, which I found rather interesting.

  16. Zippy´s Sausage Factory
    Unhappy

    Let me guess... they wanted to be able to test third party websites, needed the clear function, but couldn't be bothered to write an extension that cleared everything without logging them out of their corporate email and chat?

    And I could just have about believed that if just google.com was involved. But YouTube? No, I don't think so. Back to the naughty step for you, Google.

  17. mark l 2 Silver badge

    Of course it was deliberately set up to work that way in Chrome. Its easy for Google to play ignorant and claim it was a bug or accidentally left in developer code once they get caught. That way they get to track millions of additional people they would have missed if site data had been removed when the implemented the wipe private data feature.

    Just switch from Chome to another browser, Firefox would be my preferred choice but if you need one that runs the Chromium engine then Brave is another good choice

    1. The obvious

      Odds are it’s in chromium too, so it’s netsc^h^h^h Firefox or nothing on most platforms.

  18. Howard Sway

    Excuses, excuses.....

    Back in the old days, dreadful programmers (and companies) used to say "It's not a bug, it's a feature" to excuse bad stuff.

    Now, since whenever it was we passed through the looking glass and truth became lies and lies became truth, the excuse has been reversed too.

    "It's not a feature, it's a bug".

  19. matjaggard

    Nonsense

    Why is this even news? Chrome explicitly tells you that you won't be logged out of Google sites - so of course they can still track you, you're still logged in. Who cares if they forget to delete a couple more cookies or local storage than the ones they've already told you that they're not going to delete??!

  20. Updraft102

    Microsoft has used the same technique with some of its self-favoring changes to Windows 10, like how it would reset all of the privacy settings to their most blabby with each feature update. When people complained, it became a "bug" that they would fix in time, but it's the same peculiar type of bug that just happens to serve the interests of the makers of the software containing the alleged bug. It's a self-serving bit of code that becomes a bug if anyone raises a big enough stink about it (does that mean it became a stink bug?).

    If you can call it a bug and be off the hook, why not include these kinds of things and see if they slip under the radar if you are a Google or a Microsoft?

  21. JohnMurray

    My NHS appointments are now via web video......I could chose to use either google chrome, or safari......

    choices, choices

    1. EnviableOne Silver badge

      mostly now Chromium Edge, share my dat with both G and M$

  22. Anonymous Coward
    Anonymous Coward

    Chrome is spyware

    we just have to get used to the fact that Google really, really wants our life history and will literally stop at nothing to get it.

    Facebook is just as bad if not worse..

    Use them at your peril. You have been warned.

    1. The obvious

      Re: Facebook is just as bad

      Except you actually can choose not to use Facebook - just block their ASN at the firewall, job done.

      Try that with google. See how long you can last, it won’t be long.

      1. jake Silver badge

        Re: Facebook is just as bad

        "Try that with google."

        Done.

        "See how long you can last, it won’t be long."

        Well, it's been around 20 years now, so ...

  23. jason 7

    They don't delete anything.

    Really they don't.

  24. Wolfclaw

    It's a known bug, OK Google honestly answer if you know how to, when did you learn of it and why no immediate fix? Too busy grabbing illegal data maybe, do you have you engineering scapegoat ready to take the fall, maybe by a wi-fi drive by ?

  25. ryokeken

    Never the human’s name responsible attached to Company name

    Google this and Other Big Companies names that but never the person/s responsible for controversial many times criminal actions, Your bluster is as effective as making fun of a wall full of graffiti, as if the wall was a real being. I watch This Week In Tech, (TWIT) I’ve seen you and heard youses.clutching them pearls about giant companies yet always yielding to whatever drivel anonymous spokesperson (“don’t blame the messenger excuse has been thoroughly debunked by observing Trump’s interactions with the press) and wondering out loud what can be done,”oh so sad the state of tech” why don’t you begin by attaching more names responsible for the shite you report. From suspicious changes in code to the regular big bro stuff you report.I’ve heard that github can help with some of this, dunno, maybe it an urban legend. regardless you call yourself journalists be one or let someone who will,be.

  26. Mike 137 Silver badge

    "A Google spokesperson has been in touch to say the issue is a programming error, and will be fixed"

    More truthfully, the error was making it too easy to find.

    In over 30 years of software development and development management I've never encountered a genuine bug that resulted in a benefit to either the user or the vendor. Goooooooogle must have some absolutely magical developers. Even their mistakes produce useful outcomes.

  27. Tesseract
    Paris Hilton

    Can somebody remind Paris why we gave up Firefox

    for this privacy nightmare POS.

    1. jake Silver badge

      Re: Can somebody remind Paris why we gave up Firefox

      Who is "we", Kemosabe?

  28. jason_derp Bronze badge

    Oh, "bug" is synonymous with "getting caught"!

    It all makes sense now! Back to drinking draino and running headfirst into pitching machines for this user!

    1. jake Silver badge

      Re: Oh, "bug" is synonymous with "getting caught"!

      "running headfirst into pitching machines"

      One wonders if the author of the above realizes that go ogle could be considered a pitching machine.

  29. martynhare
    Facepalm

    There really is nothing to see here - I'm serious.

    The developers integrated Google Account authentication with the browser and reused what was already there to track state (why wouldn't you?) for maintaining authorisation tokens. If someone clears every bit of data from their browser, then it would lose that state information and result in you needing to log back into your Google Account. As it's assumed that Chrome users would want their seamless Google Services integration by the very nature of the browser's design goals - protecting the data from deletion makes more sense than duplicating code when it comes to efficiency. Unlike Microsoft Edge, which has a dedicated set of system services that ship with Windows to act as a broker for authenticating to Microsoft Accounts (and/or Azure AD) to achieve a form of authorisation persistence, Google doesn't have that luxury.

    Common sense shall always reign supreme. This isn't a deliberate act to benefit any form of privacy invasion. It is a user-first policy to make things work the way they're intended to, while minimising bloat.

  30. Henry Wertz 1 Gold badge

    Programming error? *rolls eyes*

    Programming error? I'm rolling my eyes at that one. I don't do the cookie clearing anyway, but exempting themsleves and only themselves from it's not at all cool. Definitely not a programmer error either; but, at least (now that they've been caught red-handed...) at least they're fixing it instead of making some excuse about how it's not a problem or something.

    1. Lorribot Silver badge

      Re: Programming error? *rolls eyes*

      More like fixing the programming error that made it so obvious what they were doing.

      Trust and Google are so far apart they may as well just not bother trying to deny any of it. They should just say you bunch of sucker could not care less what we do with your data so just shut up and let us get on with taking over the world.

      Now we are going to buy Oracle and make all that nonsense go away. Literary as we we pull support for Oracle DBs after 6 months just before we shut down the Stadia servers.

  31. ForthIsNotDead
    Big Brother

    HATE THEM

    They are literally the shit on the shoe of humanity. I would say that history will judge them, but since they de-facto control history these days, I doubt it.

  32. Hey Lobotoman! CALL -151!

    We're so sorry...

    ... that we got caught.

  33. KevinFanch

    Let's stop using Google products

    Just a bug? I wonder if it would have ever been fixed if it wasn't reported.

    Isn't it time to escape Googles grip o our private data. I found the easyest way to delete my Google account and switch to /e/ from e foundation on my mobile, which is ungoogled android made for privacy. Because it doesn't share data with Google, I can still use android apps while being private.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021