Open a private window and Chrome tells you that you can "browse more privately." That word
"more" is doing a lot of work, and it wasn't always there. Until a 2024 lawsuit settlement forced
a rewrite, the message used to say you could simply "browse privately," full stop. The gap
between those two sentences is basically this whole article.
Incognito mode is genuinely useful. It's just useful for a narrower job than most people assume.
What incognito mode actually does
Incognito (or "private browsing," "InPrivate," depending on the browser) opens a temporary session that gets thrown away when you close the window. Nothing from that session gets written to your regular browsing history, your saved cookies, or your autofill data. Extensions are usually disabled by default unless you specifically allow them to run.
That's genuinely the whole feature. It's local device privacy, protecting you from whoever uses that computer or phone after you, not privacy from the internet itself.
What it doesn't do
- Someone else using your device seeing your browsing history
- Sites reading cookies saved from a previous, non-private session
- Your search and form data being saved for autofill later
- Your ISP seeing every site you visit
- A network admin (school, employer, public Wi-Fi) seeing your traffic
- The site you're visiting knowing your real IP address
- Browser fingerprinting identifying your device
- Being tracked while signed into any account
The IP address point is worth sitting with for a second. Every site you visit in incognito mode sees the exact same IP address it would see in a normal window, because incognito changes what your browser remembers, not what your connection reveals. Combined with browser fingerprinting, which doesn't rely on stored data at all, a site can often identify your device just as precisely in a private window as outside one. Our browser fingerprint test shows exactly what gets exposed either way.
The 2024 Google Incognito settlement
This isn't a theoretical gap between marketing and reality. It went to court. In Brown v. Google, filed in 2020, a group of Chrome users argued Google had misled them into believing that using Incognito mode meant Google itself wouldn't collect data during those sessions, when in practice Google's own Analytics and advertising infrastructure, embedded on millions of sites, kept gathering data the same way it always had.
Plaintiffs sought $5 billion. Nobody received a payout; the settlement instead required non-monetary changes. Google agreed to delete or de-identify billions of private-browsing data records affecting an estimated 136 million US users, partially redacting IP addresses and reducing logged URLs to domain-level detail rather than full page paths. Google also agreed to stop using an internal signal, revealed during discovery, that had let its systems detect and separately flag Incognito sessions without disclosing that it did so. Documents surfaced in the case showed Google employees internally describing Incognito mode as "effectively a lie." Google also rewrote the mode's splash screen and made blocking third-party cookies the default setting inside Incognito for five years — see our cookies explainer for what that default actually blocks.
The current splash screen you see when opening a Chrome incognito window ( "This won't change how data is collected by websites you visit and the services they use, including Google") exists because of that case, not because Google decided on its own to be more precise about it.
Chrome's IP Protection feature, and its limits
Since mid-2025, Chrome has been rolling out a feature called IP Protection, built specifically for Incognito mode. It's a genuine technical improvement, and it's also a lot narrower than the name suggests.
Here's how it actually works: for a specific list of third-party domains Google classifies as tracking or ad-tech (called the Masked Domain List), Chrome routes your requests through two separate proxy servers instead of connecting directly. One proxy sees your real IP but not which site you're contacting; the other sees the destination but not your real IP. Neither side alone can connect the two.
The catches are what keep this from being a full IP-hiding feature. It's opt-in, not on by default. It only applies to domains on Google's tracking list, not to the actual site you're visiting, which still sees your real IP as a first party. And you have to be signed into a Google account before opening the Incognito window for it to work at all, which is a strange requirement for a privacy feature and something Proton VPN has publicly criticized as undercutting the point. It's a real, working privacy improvement for a specific slice of third-party tracking, not a replacement for actually hiding your IP.
How other browsers handle private mode
"Incognito" is Chrome's brand name for the feature. Every major browser has its own version, and they're not all equally protective by default.
| Browser | Private mode name | Extra protection beyond hiding local history |
|---|---|---|
| Chrome | Incognito | Blocks third-party cookies by default; opt-in IP Protection for a limited domain list |
| Firefox | Private Browsing | Enhanced Tracking Protection set to Strict by default in private windows, blocking known trackers regardless of your normal-mode settings |
| Safari | Private Browsing | Advanced tracking and fingerprinting protections applied by default, on top of blocking known trackers |
| Edge | InPrivate | Tracking prevention set to Strict automatically in InPrivate windows |
| Brave | Private Window (with Tor option) | Optional routing through the Tor network for the window, a level of network anonymity no other mainstream browser offers built in |
Firefox's default is worth calling out specifically, since it's the opposite of what a lot of people assume: opening a private window in Firefox automatically applies stricter anti-tracking rules than your regular browsing does, not just a shorter memory.
What incognito doesn't erase
Two things surprise people consistently. First, downloads. Anything you download in a private window saves to your normal Downloads folder and stays there after the window closes, exactly like any other file. What disappears is the entry in your browser's download history list, not the file itself.
Second, bookmarks. If you bookmark a page while in a private window, that bookmark is saved permanently, the same as bookmarking from a regular window. Incognito mode governs history, cookies, and site data. It was never designed to touch things you explicitly chose to save.
What actually hides your IP
If hiding your IP address and your network-level activity is actually the goal, that's a different tool than a browser mode. A VPN routes your traffic through its own servers and replaces your IP for every site you visit, not just a curated list. Tor goes further, routing through several independent relays so no single point knows both who you are and what you're visiting.
Neither of those tools touches your local browsing history the way incognito does, and incognito doesn't touch your IP the way they do. They solve different problems, and combining incognito mode with a VPN covers more ground than either alone, though it's worth checking that the combination isn't quietly leaking anyway; our WebRTC leak guide covers one of the more common ways that happens even with a VPN turned on.