Google Sued for Tracking Private Browsing

A proposed class-action lawsuit claims that Google has been tracking users even when Chrome is set for private browsing. The lawsuit is seeking at least $5 billion in damages.

“Google tracks and collects consumer browsing history and other web activity data no matter what safeguards consumers undertake to protect their data privacy,” the complaint explains. “Indeed, even when Google users launch a web browser with ‘private browsing mode’ activated (as Google recommends to users wishing to browse the web privately), Google nevertheless tracks the users’ browsing data and other identifying information.”

Windows Intelligence In Your Inbox

Sign up for our new free newsletter to get three time-saving tips each Friday — and get free copies of Paul Thurrott's Windows 11 and Windows 10 Field Guides (normally $9.99) as a special welcome gift!

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

Surprisingly, Google achieves this tracking in part via Chrome’s secret advertising-related functionality.

“When an internet user visits a webpage or opens an app that uses … Google Analytics, Google Ad Manager, … [or] the ‘Google Sign-In button’ for websites (over 70% of all online publishers use such a service), Google receives detailed, personal information such as the user’s IP address (which may provide geographic information), what the user is viewing, what the user last viewed, and details about the user’s hardware,” the complaint continues. “Google takes the data regardless of whether the user actually clicks on a Google-supported advertisement—or even knows of its existence. This means that billions of times a day, Google causes computers around the world to report the real-time internet communications of hundreds of millions of people to Google.”

As the complaint notes, Google’s tracking is a serious violation of privacy and because it’s done secretly, it’s also deceptive to consumers and is both intentional and unlawful. “Federal privacy laws prohibit unauthorized interception, access, and use of the contents in electronic communications, the suit explains.

Because there are likely millions of people impacted—this is just in the United States, as Chrome’s worldwide usage is in the billions—the plaintiffs are seeking class-action status. They are also seeking $5000 in damages per user.

Google has quickly denied the charges, which come amidst heightened antitrust scrutiny of the firm and its biggest rivals.

“We strongly dispute these claims, and we will defend ourselves vigorously against them,” a Google statement reads. “Incognito mode in Chrome gives you the choice to browse the internet without your activity being saved to your browser or device. As we clearly state each time you open a new incognito tab, websites might be able to collect information about your browsing activity during your session.”

Share post

Please check our Community Guidelines before commenting

Conversation 29 comments

  • crunchyfrog

    03 June, 2020 - 7:29 am

    <p>Oh Google, here we go again…</p>

  • wright_is

    Premium Member
    03 June, 2020 - 7:45 am

    <p><em>“We strongly dispute these claims, and we will defend ourselves vigorously against them"</em></p><p>So, Chrome's privacy mode recognises Google tracking domains and blocks them from loading? No, didn't think so.</p>

  • RonV42

    Premium Member
    03 June, 2020 - 9:10 am

    <p>So many "hidden" clauses in usage of the Chrome browser. There is what the industry generally agrees what incognito mode is and then there is Google's definition that twists it to their advantage.</p>

  • GCalais

    03 June, 2020 - 9:31 am

    <p><em>“</em><em style="color: rgb(0, 0, 0);">As we clearly state each time you open a new incognito tab, websites might be able to collect information about your browsing activity during your session</em><span style="color: rgb(0, 0, 0);">”</span></p><p><br></p><p>This is true. Google never implies incognito mode is like browsing the internet anonymously. I support internet privacy as much as anyone but this is pretty naive. </p>

    • christian.hvid

      03 June, 2020 - 10:10 am

      <blockquote><em><a href="#544559">In reply to GCalais:</a></em></blockquote><p>Well, according to Merriam-Webster, incognito means "with one's identity concealed". Which is just another word for anonymous. I get that Google can't stop other web sites or web services from collecting information about you, but they sure could prevent <em>their own</em> services from doing it. And that, I believe, is the core argument of the lawsuit.</p>

      • IanYates82

        Premium Member
        04 June, 2020 - 1:28 am

        <blockquote><em><a href="#544579">In reply to christian.hvid:</a></em></blockquote><p>The thing is though, the browers deliberately go out of their way for a site to not be able to tell that a browser is in incognito mode. </p><p><br></p><p>Some sites had heuristics they enacted to detect this (I think Washington Post, for example, uses the fact you're on a Chromium browser but with limited local storage to infer that you're using a private browsing mode). </p><p>It's a game of walls and ladders.</p><p><br></p><p>And by using the principal that the browser is to behave as though it's a brand-new, out of the box, browser that's not been on the internet before, and to restore to that state when you close it, there's not much more they can do. The Google services will see the incognito Chrome just the same way they see a brand new version of Chrome with no one signed in. The fact you visit 10 sites and then close the tab, and those 10 sites use Google Analytics, could mean that 10-site session is tracked somewhat. </p><p><br></p><p>The thing is though, when you close that browser session, the local state is gone, and all that remains for servers to track the next session is fingerprinting based on IP, user agent, etc. Google (and many others) does that to everyone – private mode or not.</p>

        • christian.hvid

          04 June, 2020 - 1:46 pm

          <blockquote><em><a href="#544712">In reply to IanYates82:</a></em></blockquote><p>I'm not sure I understood all that, but you get an upvote for sounding very reasonable. :)</p>

  • Daekar

    03 June, 2020 - 9:36 am

    <p>No pity from me, Google.</p>

  • dcdevito

    03 June, 2020 - 9:44 am

    <p>I strongly urge everyone to stop using Chrome. Edge, Firefox, Brave and Safari (Mac) are outstanding alternatives that have distinct advantages. </p>

  • dftf

    03 June, 2020 - 10:02 am

    <p>Personally I can't see Google not winning this — unless you can prove that most the general-public reasonably expected Incognition Mode to function akin to a VPN, then I can't see any-other argument here. The wording on the page when you start the mode clearly says "Your activity might still be visible to […] websites that you visit". And if you click "Learn more", then click "How Incognition mode protects your privacy" on the next page, under "What Incognito mode doesn’t do" it clearly states "[it does not] p<span style="background-color: rgb(255, 255, 255); color: rgb(60, 64, 67);">revent the websites you visit from serving ads based on your activity".</span></p><p><br></p><p><span style="background-color: rgb(255, 255, 255); color: rgb(60, 64, 67);">If you use Private Browsing mode in Firefox, it gives you a similar warning: "</span>Firefox clears your search and browsing history when you quit the app or close all Private Browsing tabs and windows. While this doesn’t make you anonymous to web sites or your internet service provider, it makes it easier to keep what you do online private from anyone else who uses this computer."</p><p><br></p><p>The only possible way this could succeed, I can reasonably think-of, would be to prove that they maintain a profile of you as a unique user between different Incognito sessions — i.e. it doesn't discard your previous data and treat you as new each time. But if it's simply "Users expected when using Incognito that Google gets no data whatsoever, and does no targeted ads" then I can't see the case progressing very-far, especially since Microsoft, Mozilla and Apple will all still receive personalised data in their respective private modes too.</p>

  • dftf

    03 June, 2020 - 10:06 am

    <p>If you wanted a genuine case of a browser being misleading, I'd suggest looking at Opera and Opera Mini: they say they have a built-in VPN, but it's actually just Secure DNS — the traffic still goes via your ISP, and non-HTTPS sites are not encrypted in any sort of tunnel, they're still just raw. That to me IS a genuine case of being misleading!</p>

    • MikeCerm

      03 June, 2020 - 5:02 pm

      <blockquote><em><a href="#544576">In reply to dftf:</a></em></blockquote><p>I'm not sure where you heard this, but it's not true. It's not just Secure DNS. It's a proxy that sends all your data through Opera's servers, so the endpoint (the site you're connecting to) cannot see your IP address. Your ISP also can't see where you're going, because all they see is that you're connecting to Opera. You're right that there isn't any encryption, so it's possible that ISPs could glean additional info using deep-packet inspection, but it's not true that all Opera is doing is providing DNS. </p>

      • dftf

        04 June, 2020 - 9:26 am

        <blockquote><em><a href="#544655">In reply to MikeCerm:</a></em></blockquote><p>What Opera are doing is providing a secure proxy-server, but they misleadingly label the feature as "VPN" inside the app.</p><p><br></p><p>Here are some quotes from reviews which all say they are wrong to refer to it as a VPN:</p><p><br></p><p>RestorePrivacy.com:</p><p>"Opera VPN is a browser proxy that encrypts traffic between the Opera browser and a proxy server […] in other words, Opera’s "free VPN" is not a VPN at all, but rather just a browser proxy."</p><p><br></p><p>TheBestVPN.com:</p><p>"Calling Opera VPN a VPN is not accurate at all. It’s not a VPN, it’s a proxy."</p><p><br></p><p>GitHub:</p><p>"It's an HTTP/S proxy which requires auth. This Opera "VPN" is just a preconfigured HTTP/S proxy protecting just the traffic between Opera and the proxy, nothing else. It's not a VPN."</p><p><br></p><p>ProPrivacy.com:</p><p>"OperaVPN is proxy, not a VPN service. Connections are secured using HTTPS, the encryption scheme which protects sensitive websites, making OperaVPN an HTTPS proxy."</p><p><br></p><p>ArsTechnica review:</p><p>"Sounds to me like this is more like a pre-configured proxy server than a VPN."</p><p><br></p><p>It's clearly NOT a VPN as if I connect to say a torrent website, my ISP will say "Sorry, a high-court order requires this website to be blocked in the UK". This would not be visible to my ISP were it a real VPN.</p><p><br></p><p>Therefore I stand-by my original post that Opera calling the feature "VPN" is misleading</p>

  • doubledeej

    03 June, 2020 - 10:18 am

    <p>Interesting that Google’s response doesn’t deny that they are collecting the data.</p>

    • MikeCerm

      03 June, 2020 - 4:50 pm

      <blockquote><em><a href="#544581">In reply to doubledeej:</a></em></blockquote><p>What's there to deny? Google never said that Incognito browsing would stop websites from tracking you. In fact, it said the opposite, "Your activity might still be visible to: Websites you visit."</p>

  • earlster

    Premium Member
    03 June, 2020 - 10:29 am

    <p>And this is why I use Firefox and never use my google account on FF either, and also use DuckDuckGo, not google for search. I do use chrome to browse google domains, when I need to.</p>

    • richardbottiglieri

      Premium Member
      04 June, 2020 - 12:32 pm

      <blockquote><em><a href="#544583">In reply to earlster:</a></em></blockquote><blockquote>You can also use Mozilla's Multi-Account Containers Add-On (<a href="https://addons.mozilla.org/en-US/firefox/addon/multi-account-containers/&quot; target="_blank">https://addons.mozilla.org/en-US/firefox/addon/multi-account-containers/</a&gt😉 to keep data from Google and Facebook (or any other sites you'd like) completely separated from your other browsing activity. If you're going to use Firefox full time for privacy concerns, this add-on is a must have. It's free.</blockquote><blockquote><br></blockquote><blockquote>It's a pretty awesome tool, and I wish it was available for Chrome/Edge. Yes, I know that we can have multiple profiles in Chromium browsers, but it's more convenient to have everything in the same browser window and just flip between tabs which are really separate containers.</blockquote><p><br></p>

  • lvthunder

    Premium Member
    03 June, 2020 - 10:45 am

    <p>"Surprisingly, Google achieves this tracking in part via Chrome’s secret advertising-related functionality."</p><p><br></p><p>Who is surprised by this? I'm not.</p>

  • kfriis

    03 June, 2020 - 11:57 am

    <p>I do not understand why anyone is using Chrome. How did that privacy-invading browser become the "standard" for even IT professionals? The fact that "regular" people are using Chrome is understandable, but anybody with just limited IT knowledge – which probably includes just about anyone reading this – really have no excuse.</p><p><br></p><p>Would be interested in hearing from any IT pro using Chrome explaining why … ?</p>

    • dftf

      03 June, 2020 - 12:21 pm

      <blockquote><em><a href="#544595">In reply to kfriis:</a></em></blockquote><p>If you deploy Google Chrome in an Enterprise, the Group Policy settings do allow some of the data-collection features to be turned-off, plus you can always block them at a proxy / firewall level. Also, as it's the most-popular browser, makes-sense to give users software they are already-familiar in using, to reduce training issues, compared to say introducing Firefox (and I couldn't also say for Firefox whether it's Group Policy support is as-extensive in what you can configure?)</p><p><br></p><p>Brave and Vivaldi are both relatively new, so most enterprises won't bother with them, given they already settled on either Google Chrome or Firefox when deciding how to get users off IE11 or older (plus, do either of them have Group Policy support?)</p><p><br></p><p>One other reason for some companies when choosing software can be whether it is closed-source or open-source: there is still a belief that "closed-source" means "safer", as the code (unless leaked) is never made intentionally public. If you do work for Government or military, open-source stuff, like 7-Zip or LibreOffice, can be an automatic no, and Firefox of-course is open-source.</p><p><br></p><p>I imagine in the future though, you'll see Google Chrome less in businesses as they just use Microsoft's new Edge, especially once it comes built-in (likely in 20H2 or 21H1).</p>

      • kfriis

        03 June, 2020 - 1:44 pm

        <blockquote><em><a href="#544597">In reply to dftf:</a></em></blockquote><p>Thanks dftf. A lot of that makes sense. Good perspectives.</p><p><br></p><p>I also wonder though why IT pros themselves are using Chrome. I understand the enterprise viewpoint regarding regular users, but I see a lot of IT pros using Chrome personally as well which I do not understand. Usually IT pros have very sharp opinions about software and have thought through pros and cons of their choices. Still, Chrome seems to be widely used …</p>

    • PanamaVet

      03 June, 2020 - 2:08 pm

      <blockquote><a href="#544595"><em>In reply to kfriis:</em></a></blockquote><p>Some people enjoy not being private and Google strokes their fancy in return. I expect they will also be first in line to collect their Google class action settlement.</p><p><br></p><p>I run my browsers in a Sandbox. Among other things I store the Sandbox, temp files and temporary internet files on a RamDisk.</p><p><br></p><p>I flush that toilet. </p><p><br></p>

    • SvenJ

      03 June, 2020 - 4:13 pm

      <blockquote><a href="#544595"><em>In reply to kfriis:</em></a><em> </em>Because for years, pundits, site hosts, bloggers, etc have said, 'the only thing IE is good for is to download Chrome'. </blockquote><p><br></p>

    • yoshi

      Premium Member
      04 June, 2020 - 9:06 am

      <blockquote><em><a href="#544595">In reply to kfriis:</a></em></blockquote><p>I know in my IT shop, a lot of our 3rd party vendors build their products around Chrome. A lot of them won't even bother giving support unless you are using Chrome with their product. We tried many times to get everyone on Firefox, Edge(old version), and even just plain old IE. Eventually we just deployed Chrome to everyone. Maybe the new Edge will change that for us eventually.</p>

  • bmcdonald

    03 June, 2020 - 1:12 pm

    <p>Chrome (and Google as well ) is gone here now completely. </p><p><br></p><p>After following some of Paul's commentary on browser privacy a while back – I first moved everyone to Brave – but that browser – while VERY private – still has too many quirky interactions with websites that I need to access – like online banking – so I moved all PCs to the new Edge </p><p><br></p><p>While MS has it's own issues with telemetry and data usage – I am a lot less concerned with them than with Google. </p><p><br></p><p>Anything I can do to see Google fail is worth trying. Plus the new Edge is so much faster.</p><p><br></p><p>B</p>

  • note-book

    03 June, 2020 - 2:43 pm

    <p>Google is being deceptive with incognito mode. I use new Edge, and when using InPrivate mode I am still being tracked, but as a new user. In Chrome, Google seems to access stored cookies and to save site data, just not on the local device but on its own servers. Not long ago I had to use Chrome, and it recognized me when I accidentally accessed its login page in incognito mode. With Google's incognito I appeared as a new user to all except Google. Chrome saves browsing history, cookies and site data to Google, contrary to what they say ("won't save").</p><p><br></p><p>I cannot see how VPN or even TOR can preserve privacy here. If Chrome always logs in, Google will always be able to identify you, so you cannot "browse privately".</p><p><br></p><p>A final thought about the data. What is the reason for such tracking? I use InPrivate/incognito only for sensitive websites, my bank or medical/private stuff. It accounts for 1% or less of my browsing. <span style="color: rgb(0, 0, 0);">Statistically, that is insignificant and does not warrant this strict tracking. And Google also has Android feeding data from cell phones. Facebook and Cambridge Analytica come to mind.</span></p>

  • SvenJ

    03 June, 2020 - 4:10 pm

    <p>Incognito or Private or whatever browsers call that, have always meant nothing is stored on the machine you are on. That way your Dad, Wife, Boss, can't see where you have been. It doesn't necessarily mean the site you went too, or things on the path that got you there don't know about it. Think about it, your browser makes a request. The results need to be provided back to your browser. Says right in Googles caveats, not stored in your browsing history, doesn't store cookies/ site data (on your machine), doesn't store info entered on forms (for easy reuse). This may not be clear to everyone, but this is how it has always been. </p>

  • eric_rasmussen

    Premium Member
    04 June, 2020 - 11:51 am

    <p>Some parts of Google are so great (the teams that work on Firebase, Flutter, Dart, and Google Maps for example) that it saddens me when other teams are not so great. The company does some amazing stuff, some of it much better than Microsoft does, but there's that bit about 80% or more of their total revenue comes from advertising that taints everything.</p><p><br></p><p>Microsoft took a huge nose dive with UWP and the effort to turn PCs into large phones. I wanted to change the font size in Sticky Notes just this week and found that while the earlier versions of the app could do that, the newest UWP app in Windows 10 can't. This is a small example of the things that are super aggravating as a Windows user and developer. The Google ecosystem is in continuous improvement and feels much more like the Microsoft ecosystem of the 90's, which is a very good thing. The only bad thing is that 80% ad revenue thing. :(</p>

  • youwerewarned

    04 June, 2020 - 10:03 pm

    <p>Yet another example where being clueless has undesired consequences.</p><p><br></p><p>Most recent instance was 11/8/16. It was a doozy!</p>

Windows Intelligence In Your Inbox

Sign up for our new free newsletter to get three time-saving tips each Friday

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

Thurrott © 2024 Thurrott LLC