Digital Content Next, sheds light on how Google can link incognito browsing sessions from Chrome back to the user, without the latter's knowledge or consent. The study delves even deeper, examining how data collection works in various other Google services and apps, including YouTube and Photos, and the findings are bothersome, to say the least.The Vanderbilt study, commissioned by the trade group
"While such data is collected with user-anonymous identifiers, Google has the ability to connect this collected information with a user's personal credentials stored in their Google Account."Starting with incognito browsing mode, the researchers explain:
"That’s not well understood by consumers," Douglas Schmidt, the author of the study, told AdAge. "But if you read the fine print on ‘incognito’ mode it brings up a whole lot of disclaimers."
"A person fires up a private browser session in Chrome. On websites that run ads from Google’s online ad marketplace, anonymized cookies are dropped on the browsers associated with the user. If the same person leaves private browsing mode and logs into a Google service like Gmail or YouTube, the act of signing into Google makes it possible to connect the earlier web activity to the now identified user. (Unless, that is, the cookies expired or were manually deleted by the user.)"
The worrisome findings continue, as the study reveals that both Android and Chrome continue sending personal data to Google, even without any user interaction. While conducting the experiments for the study, the researchers left a stationary Android phone with Chrome active in the background and found that the popular web browser "communicated location information to Google 340 times during a 24-hour period, or at an average of 14 data communications per hour." In fact, the researchers found, location information constituted "35 percent of all the data samples sent to Google."
What's more surprising, is that even iOS users who avoid the use of any Google products and visit only non-Google pages (which, let's be fair here, is not a large number of users) get their data collected:
"While using an iOS device, if a user decides to forgo the use of any Google product (i.e. no Android, no Chrome, no Google applications), and visits only non-Google webpages, the number of times data is communicated to Google servers still remains surprisingly high. This communication is driven purely by advertiser/publisher services. The number of times such Google services are called from an iOS device is similar to an Android device. In this experiment, the total magnitude of data communicated to Google servers from an iOS device is found to be approximately half of that from the Android device."
As can be expected, Google has taken issue with the study and its findings. According to a Google spokeswoman, who spoke with AdAge, the search engine giant doesn't "join signed-out activity with your Google account information. We do not associate incognito browsing with accounts you may log into after you've exited your Incognito session. And our ads systems have no special knowledge of when Chrome is in incognito mode, or any other browser in a similar mode (ex: Safari Private Browsing, Firefox Private Browsing). We simply set and read cookies as allowed by the browser."
"This report is commissioned by a professional DC lobbyist group, and written by a witness for Oracle in their ongoing copyright litigation with Google. So, it's no surprise that it contains wildly misleading information," the spokeswoman said in a statement.