What private browsing actually does — and doesn't do
Incognito and private modes are widely misunderstood. They protect your local history, not your identity on the web. Here's the real picture.
The limits of private browsing mode
Every major browser offers a private or incognito mode. The name varies — Incognito in Chrome, Private Window in Firefox and Safari, InPrivate in Edge — but the core behaviour is the same: cookies, browsing history, and cached files are not written to disk and are discarded when the window closes.
This is genuinely useful for shared devices. If you log into a service in Incognito mode and close the window, another person using the same computer will not find your session cookies or see your history. It's also useful for price checking (prevents personalised pricing based on your browsing history) and for separating work and personal sessions.
What it does not do is hide you from the websites you visit. During the session, your browser sends exactly the same signals it always does: your IP address (visible to every server you connect to), your User-Agent string, your screen dimensions, your timezone, and every other technical property accessible via HTTP headers and JavaScript. Your browser fingerprint — the stable combination of these signals — is identical in private mode and normal mode.
This means that if a tracking network encountered you in a normal browser session yesterday, it can recognise the same fingerprint in your Incognito session today — and link the two sessions — without any cookie. Google's own research and multiple academic studies have confirmed this pattern. In 2020, Google settled a $5 billion lawsuit over alleged tracking of Incognito users, which highlighted that even Google's own analytics can infer Incognito sessions.
For meaningful privacy from websites, you need tools that actually change or restrict the signals your browser sends: tracker-blocking extensions, DNS-over-HTTPS, or a privacy-hardened browser. Private mode alone is not enough.
Signals that don't change in private mode
- IP address — visible to every website and server you connect to
- User-Agent string — identifies your browser, version, and OS
- Screen resolution & pixel ratio — unchanged by private mode
- System timezone & language — sent via HTTP headers and JS APIs
- Canvas & WebGL fingerprint — hardware-specific, session-independent
- Audio fingerprint — consistent across normal and private sessions
- Font availability — same fonts, same glyph metrics
- Hardware signals — CPU cores, device memory, touch support
- ISP & approximate geolocation — derived from IP, unchanged
Verify with the analysis tool
- Open an Incognito / Private window and run live analysis.
- Compare the privacy score and fingerprint hash to a normal window — they should be nearly identical.
- Check the Fingerprint tab; canvas, WebGL, and font probes still succeed in private mode.
- Refresh twice — hash stability shows trackers could link private and normal sessions.
Test whether your private browsing session is actually harder to fingerprint — open this in Incognito and run a live analysis.
Run the analysis nowFrequently asked questions
Can my ISP see what I do in Incognito mode?
Yes. Private mode does not encrypt your traffic or hide the destination of your requests from your Internet Service Provider. Your ISP can see which domains you connect to (though HTTPS encrypts the content). To hide traffic from your ISP you need a VPN or the Tor network — not Incognito mode.
Does closing an Incognito window erase all traces?
Closing an Incognito window clears the cookies, session storage, and cached files created during that session from browser storage. It does not erase records at the websites you visited, your ISP's logs, network-level DNS logs, or any server-side analytics. Those records exist independently of your browser history.
What actually provides meaningful online privacy?
A layered approach works best: a privacy-focused browser (Firefox with ETP Strict, or Brave) blocks tracking scripts before they run. A content-blocking extension like uBlock Origin adds a second layer. DNS-over-HTTPS (DoH) prevents DNS-level surveillance. A VPN masks your IP from websites (though not from the VPN provider). For the highest anonymity, Tor Browser over the Tor network. Each layer addresses different threats — no single tool solves everything.