Incognito mode won't help. The new technology allows you to track users through the favicon.

[Carder]

New browser trackers can track your activity even when you are connected to a VPN and activate incognito mode

The fact that a user's actions can be tracked by the sites they visit has led to the emergence of confidential browsers and extensions such as Privacy Badger. Users also turn on incognito mode while browsing the Internet and regularly delete cookies. However, all these precautions are useless against the new kind of trackers.

These trackers use favicons, tiny icons that appear along with the site in the browser tab and in the bookmark list. Researchers at the University of Illinois at Chicago said in a new article that most browsers cache these images in a folder separate from browsing history and cookie data. Sites can abuse this fact by loading a number of favicons into the user's browser that will track their activity over a long period of time.

"Powerful Tracking Vector"​

“Although favicons have been considered for many years to be just a decorative addition to a site's name, because the browser shows them to the user to better remember the company's brand, research proves that they represent a 'powerful tracking vector'. This type of tracking hides a significant threat to user privacy, "- said the researchers in Chicago. Moreover, in their words:

"With the help of favicons, tracking can be easily implemented by any website without the need for any user interaction or consent. The tracker will collect information about human actions even when using popular anti-tracking extensions. Moreover, the caching method in modern browsers makes such an attack on user data especially dangerous, as favicons are displayed (and cached) even when browsing in incognito mode. This is due to the application of incorrect privacy protection methods in all major browsers."

Your actions can be easily tracked if you use Chrome, Safari and Edge. It is worth noting that the Brave developers have already created effective countermeasures to this type of surveillance. They were only able to do this after receiving a private report from researchers at the University of Chicago.Firefox is not susceptible to this type of attack as it has a number of favicon caching bugs.

Browsers store favicons in a cache so they don't have to ask the website for them every time. This cache is not deleted when users clear their browser cache or cookies. It is actively used even if you switch to private browsing mode. The website saves a certain combination of favicons when a person first opens the resource pages. By checking for the presence of these images in the cache, a website can identify a specific user's browser when revisiting the resource. Even if a person uses proactive measures to prevent tracking, they will still be recognized.

Browser tracking has been a problem since the advent of the internet. Once users learned to delete cookies with ease, websites came up with new ways to identify their visitors.

One such method is known as tracking collecting digital fingerprint (or fingerprinting). This is a process during which information is collected about the screen size, the list of available fonts, the software version, and other properties of the user's computer. Thus, based on the collected data, a profile is created that is assigned to a specific machine. A 2013 study found that 1.5% of the world's most popular websites use this tracking method. Device fingerprinting is effective even when people use multiple browsers. As a countermeasure, some browsers have tried to limit this tracking, but often without success.

Two seconds is enough​

Websites can use this method by redirecting users through a range of subdomains (each with their own favicon) before they land on the requested page. The number of redirects required varies depending on the number of unique site visitors. To be able to track 4.5 billion unique browsers, a website would need to redirect a user 32 times. Each such redirect takes 1 bit of entropy. This adds about 2 seconds to the total load time of the page the user wants. Websites can reduce this latency by using custom settings.

The article explains this as follows:

Taking into account the properties of modern browsers, we see a new mechanism for constantly tracking user activity, which makes it possible for websites to identify a person when he revisits a resource, even if he is using incognito mode or has previously cleared the cache. Specifically, websites can create and store a unique browser identifier using a combination of cache favicon entries. Moreover, this tracking can be done by any website. It only needs to redirect the user appropriately through a series of subdomains. These subdomains have different favicons and thus create their own favicon cache entries. A set of n-subdomains can be used to create an n-bit identifier that is unique to each browser.Since the attacker has complete control over the website, he can redirect the user through hundreds of subdomains without any interaction with it. In fact, the presence of a favicon in the subdomain cache corresponds to a value of 1 in the identifier bit, and its absence will result in a value of 0.

Researchers who dealt with this issue: Konstantinos Solomos, John Kristoff, Chris Kanich and Jason Polakis. They all work at the University of Illinois, Chicago.

A Google spokesman said the company is already aware of this type of tracking and is working on countermeasures. Meanwhile, an Apple spokesman says the company is only studying the results of the study. Researchers in Chicago have also contacted Microsoft and Brave, who have not provided any comment so far.

As noted earlier, Brave can block this kind of tracking.

 

[Carding 4 Carders]

How does incognito mode work and why doesn't it provide anonymity?!​

This article is presented for informational purposes only and does not carry a call to action. All information is aimed at protecting readers from illegal actions.

Every browser has a private mode, but the privacy it provides has significant limitations.

Let's GO
No matter which browser you prefer - Chrome, Firefox, Edge, Safari, Opera, or any other-it almost always has a built-in incognito mode, or private mode of operation, which supposedly does not disclose information about what pages you are viewing.

Incognito mode, or private mode, doesn't really reveal some aspects of your browsing experience, but it's important to be aware of what information is being hidden and what isn't. When you understand exactly what the browser collects from you in this mode, you will know when to use it.

What does incognito mode actually do?
Perhaps the easiest way is to imagine incognito mode, as if as soon as you close a window that is open in private mode, your browser forgets that this session ever existed. Nothing is saved in the site's browsing history, and any cookies that were created are immediately erased.

For example, cookies store the contents of your Amazon shopping cart, even if you've already forgotten about them. Cookies also help the site remember if you have visited it before, which is why you are usually asked to subscribe to the site's news only on your first visit. You may notice that if you visit sites in incognito mode, you will no longer be recognized, and you will be asked again and again to subscribe to various news and special offers.

Incognito mode is like starting from a blank page. If you log in to Twitter or Gmail, they won't automatically log you in, as they usually do. For this reason, incognito mode can be useful, for example, for free access to articles on sites with paid registration for unlimited access (the site does not recognize you as a previously visited user, although many sites with paid registration already have. they use more precise methods to determine repeat visits).

When you use incognito mode, your browser doesn't remember where you went, what you searched for, or what information you filled out in forms.

Using incognito mode, you can log in to multiple accounts at the same time. This mode is also useful when you need to perform a few quick searches on a topic that is sensitive to you – such as health-related issues-but you don't want your browsing history or search history to be visible in the future.

Although all traces of your activity in private mode disappear as soon as you close the browser, this only works when it concerns your browser and device.

What incognito mode doesn't do
Once you log in to a site that you frequently visit, such as Facebook, Amazon, or Gmail, your actions will no longer be anonymous or temporary, at least in relation to these services. Although cookies and tracking data are deleted from your device when you end a private session, they can still be used while that session is active, linking your activity between different accounts and profiles.

This means that if you are logged in to Facebook, for example, the site will be able to see what you are doing on other sites and adjust the offered ads accordingly, even if you are in incognito mode. To a certain extent, this can be prevented by blocking third-party cookies (Chrome even offers this option when you open incognito mode), but the capabilities of ad networks and tracking technologies are extensive and difficult to completely block.

If you log in to Google while in incognito mode, all your search queries will be saved and linked to your account again, but only if you have enabled history saving in your Google account settings. In addition, Google can also use its advertising network and tracking technologies on other sites to keep track of you there, too.

Even if you are not going to log in anywhere, the sites you visit will still be able to get various information about you, such as your IP address, the type of device you are using, and the browser you are using. Once they have this data, they can easily find out who you are, and then link this information to other existing data that might already be associated with you.

For example, if you have an account on a website that you often access from your computer, and then decide to go to it in incognito mode, the site owners will be able to link your incognito session to your account, since in both cases you used the same IP address and device configuration.

Some browsers counteract a similar type of tracking called "digital fingerprints", but this is still used.

Incognito mode also doesn't hide your browsing history from your provider or employer, and it doesn't erase any files you uploaded. In other words, you should think of this mode as a way to hide your online activity from a specific browser on a specific device you are using, and from other people who may be using that device. In all other cases, there is no guarantee of privacy.

Incognito mode also doesn't hide your browsing history from your provider or employer, nor does it erase any files you uploaded. In other words, you should think of this mode as a way to hide your online activities only from a specific browser on a specific device that you are using, or from other people who are using that device. When it comes to everything else, there are no guarantees.

The limitations of incognito mode once again show how difficult it is to remain anonymous on the Internet. To completely eliminate tracking, you need to use a browser focused on protecting privacy, use search services such as DuckDuckGo that do not collect information about you, and use reliable VPN programs every time you connect to the network.

Here are some tips for ensuring basic anonymity on the Internet:

• Encrypt the data on the storage media.
• Encrypt traffic through your VPN.
• Use Google or Cloudflare DNS.
• Use a VPS or virtual operating system when opening suspicious files and links.
• Use the Portable version of the SOFTWARE.
• Clean up residual data. For example, using CCleaner Portable.
• Don't use free antivirus programs. In 95% of cases, they merge data.
• Set the password to the BIOS.
• Do not use personal data in social networks: email, photo, address, full name.
• Use a temporary SIM card to register on suspicious sites.
• Use different passwords on websites.
• Use different nicknames.
• Don't use WhatsApp or Viber.
• Use the Manager to store passwords and logins.