• psmgx@lemmy.world
      link
      fedilink
      arrow-up
      72
      ·
      edit-2
      11 months ago

      As someone else put it, it’s for making sure your wife doesn’t get suspicious of the weird ads you’re getting, and when she checks the browser history it’s clean.

      Meanwhile Google, your ISP, and the NSA all know you’re looking at freaky old lady bondage porn.

    • 0ops@lemm.ee
      link
      fedilink
      arrow-up
      68
      ·
      11 months ago

      It’s handy when you need to make sure that someone else can access a url ok without having to sign in to the website or anything. If you can immediately see the page in incognito mode without signing in, they’ll have no problem

      • not_so_handsome_jack@sh.itjust.works
        link
        fedilink
        arrow-up
        6
        ·
        11 months ago

        I remember having to use an incognito browser for testing at work one time, and it felt very wrong to pull it up on my work laptop instead of the personal laptop.

      • Bernie Ecclestoned@sh.itjust.works
        link
        fedilink
        English
        arrow-up
        1
        ·
        11 months ago

        The pile of crap that is docusign will only work for me in incognito mode.

        I contacted support and they suggested I tried it and it works, so they closed the case

        🤦‍♂️

        • 0ops@lemm.ee
          link
          fedilink
          arrow-up
          2
          ·
          11 months ago

          That’s a good trouble-shooting step, but it’s not a solution. That’s some bullshit, sorry that happened. Maybe try clearing your browser cache and cookies if you haven’t already? Basically my reasoning is if it works in incognito mode and only in that mode, then there’s probably some saved state that the website is getting snagged on (state that a new incognito window wouldn’t have).

    • w3dd1e@lemm.ee
      link
      fedilink
      arrow-up
      37
      ·
      11 months ago

      I use it to get around website article limits when they try to force me to sign up.

    • davel [he/him]@lemmy.ml
      link
      fedilink
      English
      arrow-up
      38
      ·
      11 months ago

      They can’t even reliably see domains when you use HTTPS, because some IP addresses serve many domains.

      • dracs@programming.dev
        link
        fedilink
        English
        arrow-up
        26
        ·
        11 months ago

        That’s not entirely true. It’s only very recently that browsers have started using a new system called Encrypted Client Hello which hides the domain of the request. Prior to this all requests needed too have the Host field unencrypted so the receiving server knows which certified to respond with. I imagine there’s still quite a few servers which don’t support the new setup still.

          • Tja@programming.dev
            cake
            link
            fedilink
            arrow-up
            3
            ·
            11 months ago

            I don’t know about that. Technically it wouldn’t be necessary but I can see providers limiting you to a single IP instead of a /64 and needing to do it anyway, because the tech exists anyway. Or for privacy reasons. There is IPv6 NAT, after all…

            • frezik@midwest.social
              link
              fedilink
              arrow-up
              1
              ·
              11 months ago

              Most ISPs offer IPv6 right now, and they tend to hand out at least a /64. Often as much as a /54.

              RIPE strongly discourages ISPs from handing out prefixes longer than /56: https://www.ripe.net/publications/docs/ripe-690/

              I don’t see carrier grade NAT ever being used for IPv6. The extra equipment for that makes the network more expensive, less reliable, and introduces extra latency.

              One thing ISPs are doing is still handing out dynamically assigned prefixes rather than static. Self hosting is still going to be a pain.

      • lone_faerie
        link
        fedilink
        English
        arrow-up
        21
        ·
        11 months ago

        Most ISPs are also the default DNS resolver for a lot of people, so they see the domain you’re requesting an IP for.

      • kn33@lemmy.world
        link
        fedilink
        English
        arrow-up
        17
        ·
        11 months ago

        They can still (mostly) sniff SNI for now which gives them a domain even when the IP isn’t unique.

        • rokzoi@lemmy.world
          link
          fedilink
          arrow-up
          3
          ·
          11 months ago

          Correct me if i am wrong but DNSSEC has nothing to do with encryption of your request. It is used to verify that the record you received is from the correct authority. Furthermore your DNS requests have to go through your ISP even if you don’t use their DNS server as it is your only connection to the Internet.

          The only thing you could do is encrypt the traffic somehow (dns over https exists), but then you have to trust that provider instead, and your ISP can still see the IP addresses you try to reach after you know them and might be able to still do a domain lookup using DNS if it is also configured to return the domain when looking up the IP. If they would put in the effort of course.

    • yeehaw@lemmy.ca
      link
      fedilink
      arrow-up
      32
      ·
      11 months ago

      Firefox containers is your friend. It’s way better. I can sign into dozens of separate pages for different clients in a single browser window in different tabs if I want.

      • Holzkohlen@feddit.de
        link
        fedilink
        arrow-up
        4
        ·
        edit-2
        11 months ago

        Is that a permanent solution or do I have to set it up every time? I just use profiles. about:profiles there you can setup a new one and launch it in a new window. I like to theme the windows in a different color to not get confused. Bright red is for 18+

        • Sonotsugipaa@lemmy.dbzer0.com
          link
          fedilink
          English
          arrow-up
          8
          ·
          11 months ago

          Firefox containers are basically just named cookie sets: they don’t have per-container settings, they just let you create containerized tabs that don’t share cookies between each other (maybe local and session storage too, idk).

          They’re useful if you want to make it a bit harder for websites to track you around, or for selectively keeping you logged into a website (alt account usage comes to mind), but your use case seems to be centered around actual profiles.

    • Zagorath@aussie.zone
      link
      fedilink
      English
      arrow-up
      12
      ·
      11 months ago

      FYI most browsers have built-in options for user profiles, so you can have that benefit without the second account on a given website being logged out every time you restart the browser.

      incognito is still handy when you’re logging in to a website with a lesser-used second account, though.

  • EveryMuffinIsNowEncrypted
    link
    fedilink
    arrow-up
    27
    ·
    edit-2
    11 months ago

    Especially when you do this, considering a lot of privacy extensions are disabled by default in incognito mode (at least in FF), so there’s less blocking of tracking elements.

    (Also, unless you change your DNS provider or use a (proper) VPN, I believe your ISP sees everything no matter what, though I could be wrong about the latter.)

    On the other hand, if this is a woosh situation & it’s a joke, well, then, eh, I’ve seen funnier. ¯\_ (•_•) _/¯

  • fl42v@lemmy.ml
    link
    fedilink
    arrow-up
    21
    ·
    11 months ago

    Technically incorrect unless you use http for some weird reason. The ISP can see the domain only, and (afaiu) not even that if encrypted client hello is used. At least kinda: they still see the IP which is not always unique.

    • Papamousse@beehaw.org
      link
      fedilink
      arrow-up
      7
      ·
      11 months ago

      Yes, this is why you should use DNS over TLS. My router signal to every DHCP client that it is the DNS resolver, and internally use DoT/dnssec to query IPs. It also intercepts every request on DNS port in case of some DNS are hard-coded on some devices.

      • FreeFacts@sopuli.xyz
        link
        fedilink
        arrow-up
        3
        ·
        11 months ago

        DNS over TLS won’t save you thanks to SNI. As there is a huge shortage of IPV4 addresses, same IP addresses serve multiple hostnames, and to provide a working encryption, TLS handshake includes the requested hostname in plain text so that SNI can be used to determine which certificate should be used. That plaintext hostname is something your ISP can easily log.

        Rule of thumb is, Https does not provide anonymity, only encryption.

    • yeehaw@lemmy.ca
      link
      fedilink
      arrow-up
      6
      ·
      11 months ago

      But the IP can also sometimes be meaningless if there are proxies or vhosts used.

  • AnUnusualRelic@lemmy.world
    link
    fedilink
    arrow-up
    7
    ·
    edit-2
    11 months ago

    The simple solution if you don’t want your history to be seen is to have one account per user on your computer.

    • Pantherina@feddit.de
      link
      fedilink
      arrow-up
      6
      ·
      11 months ago

      Threat model. Most people never need that protection, but anonymization in front of their ISP etc

    • hinterlufer@lemmy.world
      link
      fedilink
      arrow-up
      2
      ·
      11 months ago

      Doesn’t solve the autocomplete issue when you’re trying to show someone something. I also don’t get ads for things I searched for while in a private window. And don’t forget how useful it is when you’re logging into some of your accounts when it’s not your machine, or logging into two accounts at once.