Your browser has ad tech’s fingerprints all over it, but there’s a clean-up squad in town

June 30, 2025 TH Author

Opinion There are few tech deceptions more successful than Chrome’s Incognito Mode.

Alongside its fellow travellers in other browsers offering Private Browsing and the like, the name and the impression is given that this is some sort of cloaking mode that shields us from the myriad privacy mosquitoes on the web, drinking the blood of data while infecting us with marketing malaria.

There is no such protection. That fedora-toting spy in the logo peering through binoculars is still looking at you and what you’re doing.

Incognito Mode deletes some local data when it’s done, but that’s it. It’s not even very good at that: if you think it vanishes your browsing history during a session, check out your system’s local DNS cache afterwards. What it doesn’t touch is everything that identifies you to interested parties while you’re out on maneuvers, like your IP address and your browser fingerprint. You’re about as incognito as a presidential motorcade, even if its itinerary is shredded after the event.

Google wants you to feel extra-safe. Invisible. Invulnerable. Deceived. Which leaves user education as the best defense.

Fingerprinting relies on a browser giving up internal configuration information to a site or service. There’s lots on offer, including extensions loaded, display window size and color depth, OS and browser name and version, even language options and installed fonts. Even if people know that fingerprinting exists, even if they know what’s involved, doing anything about it without explicit browser support is a non-starter. That fingerprinting is even on the radar these days is a matter of great sadness to the ad tech industry, which would much rather “navigate” privacy concerns than fix them. But don’t cry too hard, it’s busy finding new ways to ID and target you.

Fingerprinting may still be esoteric, there’s much more user savvy with IP tracking. VPNs used to be properly obscure, but their role in overcoming geo-blocking and the torrent police has got the word out to the laity, thus helping – if used properly – with IP tracking. The better option, Tor, remains a scary darkweb place for many, despite it being really good at privacy overall. That’s not just because it unconditionally masks IPs, but because the Tor Browser has the best anti-fingerprinting in the business. Well, alongside its non-Tor, even more obscure sibling, the Myllvad browser. Either is great, if privacy is supremely important, but neither option is good for most people doing most things. Some other browsers have some anti-fingerprinting, but none is a shoo-in. Especially on mobile, where options are very limited.

Which is why companies like Psylo can charge $10 a month for a combined iOS browser and quasi-VPN combo that addresses fingerprinting and IP tracking, alongside good ideas like sandboxing each browser tab. We can do a lot better, though, with the technologies freely available these days to everyone, except apparently the makers of popular browsers.

Virtualization is a good candidate, which offers the vision of a complete OS and completely clean standard browser that can be called up, used for whatever, then destroyed. You may already do this, because you know how and why, but that’s never going to be true for everyone. Containerization is much more lightweight and once set up, easier to integrate into non-technical everyday life. Still not something your grandma would glom onto. Still not one click away.

You can get damn close, thanks to – oh, you guessed – open source. It’s called Kasm, a platform that runs under Linux and has all the standard fare of daily digital life, including browsers, that gets a fresh standard Docker container every time you want to use an app. It lives in the cloud or on-prem, fully isolated in physical or virtual machines. Finally, you connect to it through a browser via streaming.

It even comes with browser extensions, so you can be running your standard slob browser on your standard slob desktop, or anything anywhere, and with one click open a window to a fully performant virgin browser instance of your choice, one which looks to the privacy mosquitoes like every other instance of that fresh Docker container. Nothing can leak from your local browser, nothing from the container can skip to or slip to your local machine. It’s not proof against all bad opsec, if you insist on using lots of services that you’ve registered with using your Google ID, that’s on you. Drive-by malware, ad tech, and checking out temptations from untrustworthy sources? Nuke the container from the onscreen control, and it’s all in the past.

It’s all just about as secure as it could be, and its ease of use is a big part of that. The ideas behind it could be built into any browser as standard with a ton of security even if running entirely locally, and the full fat service hosted remotely behind a VPN a very modest upsell.

Kasm is a superb technology demonstrator for how much security can go hand in hand with normal, unfussy usage. It also points the way to a world where a lot of business models based on surreptitious surveillance stop working. We get an Incognito mode that works while ad tech has to decloak? Tip a virtual fedora to that. ®