• JamesStallion@sh.itjust.works
    link
    fedilink
    arrow-up
    170
    ·
    edit-2
    7 months ago

    Everytime this is reposted in a new template I remind everyone that no one is using incognito mode to hide from their ISP they are using it to hide from their spouse or partner.

    • Sotuanduso@lemm.ee
      link
      fedilink
      English
      arrow-up
      53
      ·
      7 months ago

      I mainly use it for random things that I don’t want to influence my recommendations, like clickbait YouTube videos.

    • herrcaptain@lemmy.ca
      link
      fedilink
      arrow-up
      35
      ·
      7 months ago

      Beyond that it’s legitimately useful for logging into a second account on a site or for various testing purposes as a web developer. Though if you’re consistently using it for the former, containers are a better solution.

      • bandwidthcrisis@lemmy.world
        link
        fedilink
        arrow-up
        7
        ·
        7 months ago

        Also useful for testing links that might only work if signed in.

        For instance, if I share a link to a OneDrive file, will it force the receiver to sign up with Microsoft before they can view the file.

    • Bonehead@kbin.social
      link
      fedilink
      arrow-up
      19
      ·
      7 months ago

      …and so that typing in a url doesn’t automatically auto fill with a site you’d rather not let anyone else see.

        • Bonehead@kbin.social
          link
          fedilink
          arrow-up
          16
          ·
          7 months ago

          Yes, but I want auto fill turned on for some websites because they go straight to the section that I want instead of navigating through the site every time.

    • solarvector@lemmy.zip
      link
      fedilink
      arrow-up
      16
      ·
      7 months ago

      Eh, or they just don’t want a forever history stored on their own computer any more than they want it stored on someone else’s computer.

    • henfredemars@infosec.pub
      link
      fedilink
      English
      arrow-up
      8
      ·
      7 months ago

      I’m not even hiding it in the sense that I’m being sneaky. My spouse just rather not see it in the suggestions!

      • Senseless@feddit.de
        link
        fedilink
        arrow-up
        2
        ·
        7 months ago

        I’m in my thirties, single for years and occasionally make sexual jokes. People know I fap. Everyone faps (huh, could be the title for an educational children’s book…), I don’t hide my browser history. Other question is who from? I live alone.

        • DanVctr@sh.itjust.works
          link
          fedilink
          arrow-up
          1
          ·
          7 months ago

          What about when when the police go through your computer after you slip and die on a banana peel? That could be embarrassing you know

    • ares35@kbin.social
      link
      fedilink
      arrow-up
      7
      ·
      7 months ago

      i use private windows mainly so i don’t clutter up browser histories with useless stuff i won’t go back to (if i do run across something to save, it gets bookmarked or printed to pdf).

      • mexicancartel@lemmy.dbzer0.com
        link
        fedilink
        English
        arrow-up
        4
        ·
        7 months ago

        Yeah thats why I use Firefox Focus on mobile. It has no feature to save history. I use normal Firefox in case I want to save history or login permanently

        • pyre@lemmy.world
          link
          fedilink
          arrow-up
          1
          ·
          edit-2
          7 months ago

          I use DDG browser for the same reason; if I want to go back to something I use Firefox on mobile instead.

    • Mongostein@lemmy.ca
      link
      fedilink
      arrow-up
      6
      ·
      7 months ago

      No doubt. Whoever’s making these memes obviously wasn’t around when Incognito/Private browsing was introduced. It was never advertised as hiding anything from your ISP.

    • BolexForSoup@kbin.social
      link
      fedilink
      arrow-up
      6
      ·
      edit-2
      7 months ago

      I don’t need the obvious URL’s popping up whenever I start typing. I’m just one fat finger away from a bad mistake and subsequent loud sounds on my studio speakers when anyone could be around if I don’t do that.

      It’s best to keep that stuff separated out to spare yourself some incredibly avoidable embarrassing moments.

      • ILikeBoobies@lemmy.ca
        link
        fedilink
        arrow-up
        4
        ·
        edit-2
        7 months ago

        Firefox containers

        Put all your accounts in different containers and just open the page outside of them (also great for multilogging and not being cookie tracked)

    • JackFrostNCola@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      7 months ago

      I use private mode for a whole bunch of stuff, visiting shopping sites i dont want coming up in targeted ads, watching youtube videos that are out of my usual jam and not wanting to get endless suggestions for crap im not into because i wanted to see a plumbing repair how-to or listen to a song wildly out of my usual genres because i was in the mood.

        • 𝘋𝘪𝘳𝘬@lemmy.ml
          link
          fedilink
          arrow-up
          2
          ·
          7 months ago

          Yes, they do. I use 4 different browser profiles for various things. But everyone who uses my computer while I cannot control what they do, gets their own user account or can use a guest account.

          • lolcatnip@reddthat.com
            link
            fedilink
            English
            arrow-up
            2
            ·
            7 months ago

            My brother in Christ, you are literally giving an example of how browser profiles and OS accounts solve different problems.

            • 𝘋𝘪𝘳𝘬@lemmy.ml
              link
              fedilink
              arrow-up
              1
              ·
              7 months ago

              I still don’t get what you’re trying to say.

              Do not let people use your OS account if you don’t want them to have access to all of your data, including all of your browser profiles.

              Browser profiles are not a security feature.

    • variants@possumpat.io
      link
      fedilink
      English
      arrow-up
      1
      ·
      7 months ago

      I’ve always been used to browser clearing everything on exit. On my phone I set Firefox focus as the default browser so whenever I search anything I just dump it after

      • Rediphile@lemmy.ca
        link
        fedilink
        arrow-up
        47
        ·
        7 months ago

        And it was always clearly stated as such. It’s absurd that anyone was upset by this. I have yet to find a single user on here who did not properly understand what it was for, or at least none willing admit to being that dumb.

          • sgtskully@feddit.de
            link
            fedilink
            arrow-up
            6
            ·
            7 months ago

            Very non tech savvy person here, that is just a normie reddit refugee. I know what Linux is, but have never really worked with it. Don’t have an opinion about it. I recently installed a pi hole in my home network by following step by step instructions. That’s the most techy stuff I ever did in my life and I would have never dared to try it, if I hadn’t read a comment on lemmy that linked an easy introduction into working with raspberry pis.

            • szczuroarturo@programming.dev
              link
              fedilink
              arrow-up
              6
              ·
              7 months ago

              Have you tried because of lemmy? Or was it something you flirted with before. Because your post do scream im secretly a technical person

              • sgtskully@feddit.de
                link
                fedilink
                arrow-up
                1
                ·
                7 months ago

                I did know of pi hole before, but had no idea how to even start to set it up. Without the instructions I wouldn’t have tried it.

              • sgtskully@feddit.de
                link
                fedilink
                arrow-up
                1
                ·
                7 months ago

                I did not save the site and it was in my native language, so probably not even useful to you. Sorry

                Try searching yourself or ask around on lemmy. I assure you, it is worth it.

          • ReakDuck@lemmy.ml
            link
            fedilink
            arrow-up
            3
            ·
            7 months ago

            I saw a lot of normal people who just didnt want reddit anymore. So here are a lot of non tech savy people too without even knowinng Linux.

          • ReakDuck@lemmy.ml
            link
            fedilink
            arrow-up
            1
            ·
            7 months ago

            I saw a lot of normal people who just didnt want reddit anymore. So here are a lot of non tech savy people too without even knowinng Linux.

    • TankovayaDiviziya@lemmy.world
      link
      fedilink
      arrow-up
      9
      ·
      edit-2
      7 months ago

      Private browsing in Google Chrome will not store your browsing data locally into your computer; but Google will still keep that data in their own records.

    • phorq@lemmy.ml
      link
      fedilink
      Español
      arrow-up
      3
      ·
      7 months ago

      Why are you hogging all the hot singles in your area to yourself? Sharing is caring!

  • mipadaitu@lemmy.world
    link
    fedilink
    English
    arrow-up
    83
    ·
    7 months ago

    The ISP can see every domain, but not every page. That’s what HTTPS everywhere was all about.

    • Björn Tantau@swg-empire.de
      link
      fedilink
      arrow-up
      15
      ·
      7 months ago

      And hopefully in the future they won’t even he able to see the domain. I wonder why they never considered giving out certificates for IPs to solve this problem. Seemed like the easiest solution to me.

        • JDubbleu@programming.dev
          link
          fedilink
          arrow-up
          2
          ·
          7 months ago

          There was a demo for a technology put out recently that circumvents this. I don’t remember the exact mechanisms, but it obscured DNS such that your ISP couldn’t see the DNS record you requested, and then used a proxy to route traffic before it hit the final endpoint eliminating exposing the IP to your ISP. It worked very similar to a VPN, but without the encrypted connection, and had some speed focused optimizations including the proxy being proximate to your ISP. It was pretty interesting.

      • mipadaitu@lemmy.world
        link
        fedilink
        English
        arrow-up
        11
        ·
        7 months ago

        It doesn’t really help. The ISP needs to route you somewhere to get the data, so they’ll need to know who you want to talk to. Even if they don’t see the DNS name (like if you used a third party DNS server) they can still associate the IP address with someone.

        There’s things like TOR and VPNs that can route your information through other third parties first, but that impacts performance pretty significantly.

        • CosmicTurtle0@lemmy.dbzer0.com
          link
          fedilink
          English
          arrow-up
          4
          ·
          7 months ago

          Depending on where you’re going even IP addresses are getting to the point that they aren’t helpful. IP addresses are likely to belong to a cloud provider, and unless they are hosting email or a service that requires a reverse record, all you’d get is the cloud provider’s information.

      • theneverfox@pawb.social
        link
        fedilink
        English
        arrow-up
        1
        ·
        7 months ago

        How does that help? You can tell any computer it’s Google.com or IP 8.8.8.8. you can tell your device that the other computer is correct, and middle man yourself

        Except, we have one key to rule them all, one key to bind them. There’s literally a group of people who split the root key among themselves, and scattered it across the world (when they went home). They get together ever year or two, and on a blessed air-gapped computer, unite the key to sign the top level domains again. Those domains sign intermediate domains, and down the chain they sell and sign domains.

        If any of these root domains fall to evil, these brave guardians can speed walk to the nearest airport and establish a new order

        (I think we actually just started installing all the root and some trusted intermediate domains on every device directly, so I’m not sure if they still bother, but it’s a better story)

        The solution you’re looking for is DNSS, where we encrypt the DNS request too so they can’t see any of the url. Granted, they can still look at you destination and usually put the pieces together, but it’s still a good idea

        Ultimately, packets have to get routed, all we can do is do our best to make sure no one can see enough of the picture to matter. There’s more exotic solutions that crank that up to 11, but the trade offs are pretty extreme

  • yeehaw@lemmy.ca
    link
    fedilink
    arrow-up
    30
    ·
    7 months ago

    At a minimum this meme maker has no idea how TLS, browsers, cookies, or DNS work.

  • jsomae@lemmy.ml
    link
    fedilink
    arrow-up
    23
    ·
    7 months ago

    Assuming you’re using https, your ISP cannot see what pages you visit. It can only see what website you access (IP address).

    • booly@sh.itjust.works
      link
      fedilink
      arrow-up
      14
      ·
      edit-2
      7 months ago

      The typical default configuration has the ISP providing DNS services (and even if you use an external DNS provider, the default configuration there is that the DNS traffic itself isn’t encrypted from the ISP’s ability to analyze).

      So even if you visit a site that is hosted on some big service, where the IP address might not reveal what you’re looking at (like visiting a site hosted or cached by Cloudflare or AWS), the DNS lookup might at least reveal the domain you’re visiting.

      Still, the domain itself doesn’t reveal the URL that follows the domain.

      So if you do a Google search for “weird sexual fetishes,” that might cause you to visit the URL:

      https://www.google.com/search?q=weird+sexual+fetishes
      

      Your ISP can see that you visited the www.google.com domain, but can’t see what search you actually performed.

      There are different tricks and tips for keeping certain things private from certain observers, so splitting up the actual ISP from the DNS resolver from the website itself might be helpful and scattering pieces of information, but some of those pieces of information will inevitably have to be shared with someone.

    • ours@lemmy.world
      link
      fedilink
      English
      arrow-up
      4
      ·
      7 months ago

      If you use DNS of TLS. Otherwise, they can see you resolve those addresses.

  • Humorless4483@lemmy.world
    link
    fedilink
    arrow-up
    12
    ·
    7 months ago

    As someone who hosts my own dns server I can confirm that I can see everything that is accessed but the not the whole url, I can see the base url like if you access YouTube, I’ll see that you pinged YouTube.com, what you received exactly I don’t know but I can tell that you went on YouTube.

  • Zerush@lemmy.ml
    link
    fedilink
    arrow-up
    11
    ·
    edit-2
    7 months ago

    Only in Chrome? In every browser using private mode, private mode only delete the local storage (wbSQL, Serviceworkers, cookies, cache, etc), no other things, it hide nothing, for webpages which log you (or the search engine you use, AI and some other extensions which you use in "private"mode) it’s irrelevant if you use private or normal mode. It’s a very frecuent missconcept to believe that the private mode is the same as anonym browsing, simple extensions, like Cookie Autodelete or SiteBleacher do exactly the same as browsing in private mode, but with the feature that you can partial or full whitelist the pages where private mode isn’t needed.

    More or less Private only if you use VPN, SPN, MPR, Snowflake or at least a proxie.

      • Zerush@lemmy.ml
        link
        fedilink
        arrow-up
        3
        ·
        7 months ago

        Well, all browser have incognito or private mode, it’s nothing special. Vivaldi in this moment has released in the last snapshot an inbuild MPR in test, this will be a real private incognito mode.

  • TrickDacy@lemmy.world
    link
    fedilink
    arrow-up
    7
    ·
    7 months ago

    So you think people should assume they have absolute privacy because of the word “incognito”?

      • lolcatnip@reddthat.com
        link
        fedilink
        English
        arrow-up
        2
        ·
        7 months ago

        The joke is making fun of anyone who does assume incognito mode is hiding anything from third parties.

        All the Chrome bashing around this issue is pathetic. Every major browser has the same feature and none that I know of give it a name that makes the purpose any more clear. It’s obvious a lot of people have an irrational hatred of Chrome and don’t understand the actual issues involved.

        • BolexForSoup@kbin.social
          link
          fedilink
          arrow-up
          1
          ·
          7 months ago

          Yes I get the joke. But the reason it’s focused on chrome is because it is far and away the most popular browser by an insane margin, so “incognito mode” is universally known and understood.

      • BolexForSoup@kbin.social
        link
        fedilink
        arrow-up
        1
        ·
        7 months ago

        Hey there, I have been lately trying to better understand how privacy/my network work lately. I’m kind of right at that line where the next barrier gets pretty technical. I think I have a decent understanding of DoH, but I know it has quite click for me yet. How would you describe it? (I’m assuming that is an acronym for DNS over HTTP?)

        • ReversalHatchery@beehaw.org
          link
          fedilink
          English
          arrow-up
          1
          ·
          edit-2
          7 months ago

          Yes, or more precisely it’s DNS over HTTPS.
          The S at the end stand for Secure, but technically it means that it is HTTP inside TLS. TLS encrypts the traffic, and verifies server responses to be authentic.
          HTTP and HTTPS are most often used by websites, but there are many more common uses of it.

          When a program - like firefox - uses DoH to resolve domain names (that is, find their corresponding IP address, they can have multiple), then instead of asking the DNS server that was configured in the operating system (often automatically set by your router’s “advisory”, though DHCP) through a clear text channel that is prone to inspection and manipulation, instead of that it asks a DNS server that communicates over HTTPS, just like webservers do.
          By doing this, domain name lookups have the protection of TLS, and they look like as if you have just visited a website. It’s harder* to find out which server was that request sent to, what was the purpose of that request, and since the content of the request is encrypted, and the response is encrypted and signed just as when visiting a website, it’s harder to see as an outside observer what was being done, including what website’s IP did you look up, and it’s harder for them to modify this response.

          DoH servers to be used may be set up with an IP address if that is fix and never changes, or through a domain name. If you only have the domain name of a DoH server, then you can’t contact that yet, first you have to look up it’s IP address using either an other DoH server who’s address is fix or the current one is known, or with a plain DNS server.

          • BolexForSoup@kbin.social
            link
            fedilink
            arrow-up
            2
            ·
            edit-2
            7 months ago

            This is really helpful thank you. Definitely somewhere between “I kind of get it” and “I understand some of these words,” but I think with a little term research and some pondering this will click better. Appreciate your taking the time to break it down!

    • mipadaitu@lemmy.world
      link
      fedilink
      English
      arrow-up
      7
      ·
      7 months ago

      That solves a completely different problem. The ISP can still see who you requested data from.

      That’s more about security around retrieving the correct IP address from a DNS query, and doesn’t do that much for privacy.

      • ShortN0te@lemmy.ml
        link
        fedilink
        arrow-up
        5
        ·
        7 months ago

        DoT also encrypts the request, so the ISP cannot spy on the Domain Name you have requested.

        And thanks to Https the ISP only sees the IP address which cannot in every case be resolved to a unique Domain, especially large sites that are hosted on service providers like Cloudflare, amazon etc etc

        • Darkassassin07@lemmy.ca
          link
          fedilink
          English
          arrow-up
          2
          ·
          edit-2
          7 months ago

          But what’s not encrypted by either is the Server Name Indicator or SNI, ie: the initial request to a webserver stating which host you’re trying to reach at that IP, before establishing the TLS connection, contains the domain you’d requested via DoH/DoT, in plaintext.

            • Darkassassin07@lemmy.ca
              link
              fedilink
              English
              arrow-up
              3
              ·
              7 months ago

              True. Known as Encrypted Client Hello now, as part of TLS1.3.

              It seems many more browsers support it than last I’d looked. I’m curious to see how much of the general web has adopted support for it onnthe server side. I’ll have to look into that more, and see what it’ll take to setup for self-hosting.

          • ShortN0te@lemmy.ml
            link
            fedilink
            arrow-up
            1
            ·
            7 months ago

            That is correct. HSTS helps to some degree but the very first request is still unprotected.

            • Darkassassin07@lemmy.ca
              link
              fedilink
              English
              arrow-up
              1
              ·
              edit-2
              7 months ago

              It will prevent the ISP from snooping on, or tampering with, the DNS request. However when you go to use the IP you’ve retrieved via DoH/DoT; your first request establishing a TLS connection to that IP will contain an unencrypted SNI which states the domain you are trying to use. This can be snooped on by your ISP.

  • callouscomic@lemm.ee
    link
    fedilink
    English
    arrow-up
    6
    ·
    7 months ago

    Also VPNs see everything you do, but please, again, enlighten me how paying some OTHER corporation somehow better protects me from corporations?

    • Sunny' 🌻@slrpnk.netOP
      link
      fedilink
      arrow-up
      9
      ·
      7 months ago

      A VPN isn’t magically solving all privacy and security issues. Personally, I would trust Mullvad, Proton and IVPN with my data over my ISP. They’ve been audited, and they’ve been put to test multiple times, and not been able to give away data. But it all really boils down to personal needs, and each to their own on that. If you don’t want a VPN, then don’t buy into one.

    • ReversalHatchery@beehaw.org
      link
      fedilink
      English
      arrow-up
      5
      ·
      7 months ago

      It protects you only if you have chosen the right VPN provider.
      Of course if you choose some random VPN that was advertised in a youtube video that may as well be a downgrade depending on what your ISP does with your data already.
      But if you choose a honest VPN provider, who’s values aligns with yours, and does not share (neither collect) any data on your usage and traffic, then that can easily be better.

      Also keep in mind that ISP’s often operate knowing that they are the only provider in the area. Or the only usable one, or that the others aren’t better either. There’s no competition, and they make use of the fact that they can do whatever they want that is legal (a lot of things is), because the user can’t just switch to another that does not do it.
      However, there’s a competition between VPNs. Unfortunately most of that competition is driven by lies, but fortunately not all of it is.

    • Dudewitbow@lemmy.zip
      link
      fedilink
      arrow-up
      2
      ·
      edit-2
      7 months ago

      different vpns will have different use cases.

      some people just want to bypass geolocked content, this only requires having a vpn in whatever region you want content in.

      those who only care about piracy and avoiding dmca claims, they need a VPN who do not keep logs. or is hosted in a country that does not respond to DMCA requests

      those who need a VPN for privacy reasons, theres tiers of it. basically some people will refuse to use VPNs hosted in Five Eyes/Nine Eyes countries as the government would likely know your actions. some people dont care of government knows, others do.

    • iterable@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      2
      ·
      7 months ago

      Set https everywhere. Use secure DNS servers. Install TOR along with all that. Tell me how your VPN provider can “see everything you do” with many layers of encryption, decentralization, and propagation of your data?