Does incognito mode hide your browsing? No. Incognito mode hides your activity from other people who use the same device, but it does not hide your browsing from your internet service provider, your employer, the websites you visit, or Google itself. Every DNS request, every site visit, and every click is still visible to your network and the servers on the other end.
That gap between what people believe incognito does and what it actually does is enormous. A 2024 survey cited by multiple cybersecurity firms found that 70% of users believe incognito mode anonymizes them from ISPs and advertisers. It does not. In April 2024, Google settled a landmark class-action lawsuit that confirmed the company collected data from Chrome users in incognito mode for years, through advertising and analytics tools embedded across millions of websites. Internal Google documents surfaced during that case described incognito as “effectively a lie.”
Here is exactly what incognito mode does, who can see your activity despite it, what the Google settlement revealed, and what you actually need if real privacy is the goal.
What Incognito Mode Actually Does (and Only That)
Incognito mode, called Private Browsing in Firefox and Safari, and InPrivate in Microsoft Edge, does exactly one thing well: it prevents your browser from saving a record of your session on the local device. When you open an incognito window, the browser stores cookies, session tokens, and temporary files in RAM rather than on your hard drive. When you close the window, that data is deleted.
That means no browsing history entry, no saved cookies, no autofilled form data, no login session carrying over from that window. If you share a computer with family members or roommates and want to look up something without it appearing in the browser history, incognito is appropriate. If you are shopping for a surprise gift and do not want product ads following you around afterward, incognito reduces that risk.
That is the complete list of what it actually does. Nothing about your traffic leaving the device is changed. Your IP address is the same. Your network traffic follows the same path. The DNS queries your browser sends to resolve domain names go to the same servers in the same way. The word “private” in the browser tab refers to local privacy only.
What Incognito Deletes When You Close the Window
When an incognito session ends, Google Chrome discards: browsing history, cookies and site data, information entered in forms, and any temporary files cached during that session. Extensions are disabled by default in incognito (unless you have manually enabled them). That is the full scope of what is removed.
What is not removed: anything you downloaded during the session (files remain on your device), any bookmarks you saved, and crucially, any record of the session held by external parties. Your ISP logged the connection. The router logged the DNS query. The website logged your visit with your real IP address. Those records exist regardless of what your browser deletes locally.
Who Can Still See Your Browsing Activity in Incognito
The list of parties who can see your activity in incognito mode is longer than most people expect. Your browsing is visible to your ISP, your router administrator, your employer or school network, and every website you visit, all while your local browser history shows nothing.
Your Internet Service Provider
Your ISP sees every DNS request your device sends. A DNS request is the lookup your browser performs to translate a domain name like “miamimorningstar.com” into an IP address. That request travels unencrypted in most home network configurations. Even on HTTPS connections, where the page content is encrypted, the domain name you are visiting is still visible to your ISP through DNS and through the Server Name Indication (SNI) field in the TLS handshake.
In the United States, ISPs have been permitted to collect and sell aggregate browsing data since Congress voted in 2017 to repeal FCC broadband privacy rules. Incognito mode does not change any of this. Your ISP has the same visibility into your traffic in incognito as it does during regular browsing.
Your Employer, School, or Network Administrator
If you are on a managed network, a corporate office, a school, a university, or a government facility, the network administrator has tools that go far beyond what a home router can see. Enterprise network monitoring platforms such as Cisco Umbrella, Zscaler, and Barracuda Web Security Gateway perform deep packet inspection and log domain-level traffic for every device on the network. Incognito mode is invisible to these tools.
If you are on a work-issued device, the monitoring goes even further. Endpoint detection and response (EDR) software installed at the OS level can log browser activity, capture screenshots, and record application usage regardless of which browser mode you are in. Incognito mode operates inside the browser; EDR software operates below it.
Your Router and WiFi Owner
Every router logs DNS queries. Anyone with access to the router admin panel can open those logs and see a timestamped list of every domain your device contacted. This applies to home routers, coffee shop WiFi, hotel networks, and any other access point. If you are browsing on a guest network at a hotel in incognito mode, the hotel’s router logs show every domain you visited, timestamped to your session.
Network surveillance tools like Flock Safety cameras track physical movement at scale across public spaces. The same principle applies digitally: network-level monitoring can record your traffic without touching your device at all. Incognito mode only clears your local footprint, the network-level record remains intact.
The Websites You Visit (Including Google)
Every website you visit in incognito sees your real IP address. If Google Analytics or the Meta Pixel is installed on that page, those scripts run in your incognito session and transmit data back to Google and Meta. If you sign into any account while in incognito, that account’s activity log records everything you do during the session.
What the Google Chrome Settlement Revealed About Incognito
The class-action lawsuit Chasom Brown et al. v. Google LLC, filed in 2020, produced some of the most damaging internal disclosures about incognito mode ever made public. Google settled the case in April 2024, agreeing to delete billions of data records collected from Chrome users who were in incognito mode at the time.
The lawsuit alleged that Google, through its advertising and analytics tools embedded across millions of third-party websites, continued to collect browsing data from Chrome users even when those users were in incognito mode. Google tools like Google Analytics and Google Ads infrastructure collected this data without users’ knowledge or meaningful disclosure.
Internal documents revealed during discovery showed that Google employees were aware of the problem. An email from Google’s marketing chief Lorraine Twohill to CEO Sundar Pichai stated the company was limited “in how strongly we can market incognito because it’s not truly private, thus requiring really fuzzy, hedging language.” Other internal communications, also cited in court filings, described incognito mode as a “confusing mess,” “effectively a lie,” and “a problem of professional ethics and basic honesty.”
As part of the settlement, Google updated Chrome’s incognito disclaimer in January 2024. The new disclosure explicitly states that incognito mode does not change “how data is collected by websites you visit and the services they use, including Google.” That sentence was not in the previous version of the disclaimer.
Browser Fingerprinting: The Invisible Tracker Incognito Cannot Block
Browser fingerprinting is a tracking method that identifies you without using cookies or any local storage. Instead, websites and ad networks read a combination of hardware and software signals that your browser emits automatically with every request. These signals form a profile that is unique enough to identify individual users across sessions, across devices, and across browser modes.
The data points collected for a browser fingerprint include: screen resolution and color depth, operating system and version, browser type and version, list of installed fonts, number of CPU cores (hardware concurrency), GPU rendering behavior via the WebGL and Canvas APIs, audio context output, timezone and language settings, and network connection type. According to Multilogin’s 2025 research, this combination of signals can uniquely identify 99.24% of users.
Incognito mode cannot block fingerprinting because fingerprinting reads hardware and browser characteristics, not stored data. Your fingerprint in an incognito window is identical to your fingerprint in a regular browser tab. In fact, using incognito can make you slightly more identifiable: when incognito mode blocks local storage APIs like IndexedDB, that blocked behavior is itself a detectable signal. The small percentage of internet users who use incognito becomes a distinct cluster in fingerprinting datasets.
Ad networks, data brokers, paywall systems, and fraud detection services all use fingerprinting. A news site that limits free article views to three per month can use fingerprinting to identify you across incognito sessions because your browser fingerprint does not change between them.
As of early 2026, Google is testing a Canvas API blocking feature in Chrome Canary (experimental build 142) that would prevent fingerprinting scripts from reading pixel data in incognito. This feature is not yet in the stable release of Chrome and requires manual activation even in Canary builds.
What You Actually Need for Private Browsing
Genuine browsing privacy requires tools that operate at the network level, not the browser history level. The three most effective options are a VPN, Tor Browser, and a combination of the two for high-stakes situations.
VPN: The Practical Baseline
A VPN encrypts all traffic between your device and the VPN server before it reaches your ISP. Your ISP sees only an encrypted connection to a VPN server, it cannot read the domain names or content of your requests. Websites see the VPN server’s IP address, not yours. This addresses the two biggest gaps that incognito cannot fill: ISP visibility and IP address exposure.
A VPN does not prevent browser fingerprinting. It also requires trusting the VPN provider, who could theoretically log your traffic if compelled to do so. Choosing a VPN with a verified no-logs policy and a jurisdiction outside US-EU data-sharing agreements reduces that risk. Premium VPNs are approximately 50 times faster than Tor, making them practical for daily use including streaming and video calls.
Tor Browser: Maximum Anonymity
Tor Browser routes your traffic through at least three volunteer-operated relay nodes using onion encryption. Each node decrypts only enough to know where to send the traffic next, no single node sees both your identity and your destination. Tor Browser also includes built-in fingerprinting protections: standardized fonts, Canvas API blocking, and a uniform user-agent string that makes all Tor users look identical to fingerprinting scripts.
Tor is slow, averaging connection speeds 10 to 30 times slower than a direct connection. It is not practical for streaming, gaming, or video calls. It is the appropriate tool for journalists, activists, and anyone who needs anonymity in a high-stakes context where an adversary might have network-level visibility. The primary known attack against Tor is traffic-correlation analysis, which requires an adversary to monitor both the entry and exit points of your connection simultaneously.
Brave Browser: The Middle Ground
Brave offers stronger privacy defaults than Chrome’s incognito without requiring a VPN or Tor. Brave’s private window mode includes built-in fingerprinting randomization, default blocking of third-party trackers and ads, and optional Tor integration directly in the browser. For users who want meaningfully better privacy without configuration overhead, Brave private windows outperform Chrome incognito by a wide margin.
Browsing Mode Comparison
| Browsing Mode | Hides from ISP | Hides from Google | Hides History Locally | Stops Fingerprinting |
|---|---|---|---|---|
| Chrome Incognito | No | No | Yes | No |
| Firefox Private | No | No | Yes | Partial |
| Brave Private | No | Partial | Yes | Partial |
| VPN (any browser) | Yes | Partial | No (requires incognito too) | No |
| Tor Browser | Yes | Yes (if not logged in) | Yes | Yes (built-in) |
| VPN + Incognito | Yes | Partial | Yes | No |
Does Incognito Mode Protect Against Viruses or Malware?
No. Incognito mode provides zero protection against malware, viruses, phishing attacks, or any other security threat. Incognito is a browser history feature, not a security feature. If malware is already installed on your device, it operates at the operating system level, below and outside the browser’s visibility entirely. Browsing in incognito does not limit what malware can observe, record, or transmit.
A keylogger installed on your computer captures every keystroke you type, including passwords entered in incognito windows. A banking trojan that intercepts browser traffic does so at the network stack level, where incognito mode has no effect. If you visit a phishing site in incognito, you are just as exposed as in a regular window. The only malware-adjacent protection incognito provides is indirect: if you use incognito for a sensitive session and close the window, any malicious cookies or session tokens from that session are deleted. But a keylogger would have already captured your credentials during the session.
For genuine security on untrusted networks, use a combination of a VPN, DNS over HTTPS (DoH) in your browser settings, and an up-to-date browser with automatic security updates enabled. Firefox and Chrome both support DNS over HTTPS natively as of 2023. That reduces your exposure to DNS hijacking and man-in-the-middle attacks on open WiFi networks, risks that incognito mode does nothing to address.
Frequently Asked Questions
Can my employer see what I do in incognito mode?
Yes. If you are on a work network or using a work device, your employer can see your browsing activity in incognito mode. Corporate network monitoring tools log all traffic at the network level. Endpoint security software on managed devices logs browser activity below the browser’s own history. Incognito mode only clears local browser history and has no effect on network-level or OS-level monitoring.
Does incognito mode hide my IP address?
No. Incognito mode does not change, mask, or hide your IP address. Every website you visit in incognito sees your real IP address. Your ISP sees your real IP address. Your router logs your real IP address. To hide your IP, you need a VPN or Tor Browser. A VPN replaces your IP with the VPN server’s IP, while Tor routes your traffic through multiple nodes so no destination sees your real IP.
Did Google get caught tracking users in incognito mode?
Yes. The class-action lawsuit Chasom Brown et al. v. Google LLC, filed in 2020, alleged that Google collected data from Chrome users in incognito mode via embedded advertising and analytics tools. Google settled the case in April 2024, agreeing to delete billions of browsing records and update Chrome’s incognito disclosure. Internal Google documents described incognito as “effectively a lie” and acknowledged the company knowingly used vague language to avoid admitting its limitations.
Is incognito mode safe on public WiFi?
No. Incognito mode does not encrypt your traffic and provides no protection on public WiFi networks. Anyone monitoring the network can see your DNS queries and any unencrypted HTTP traffic. For safety on public WiFi, use a VPN, which encrypts all traffic between your device and the VPN server. Stick to HTTPS sites, and avoid entering passwords or financial data on public networks without a VPN active.
What browser is most private for everyday use?
For everyday privacy without configuration, Brave offers the strongest defaults: built-in ad and tracker blocking, fingerprinting randomization, and optional Tor integration in private windows. For users comfortable with settings, Firefox with uBlock Origin and DNS over HTTPS enabled provides strong privacy. For maximum anonymity on sensitive tasks, Tor Browser is the standard. No browser alone hides your traffic from your ISP, that requires a VPN running alongside it.