Friday, April 28th 2017

Chrome 62 Really Won't Like "HTTP" Sites When In Incognito Mode

As part of Google's push towards a safer, HTTPS-encrypted web, the Chrome browser will begin marking any HTTP site as non-secure when a user browses in incognito mode. Incognito is the Chrome browser's enhanced privacy mode, which goes a long way in explaining why Google sees non-HTTPS sites as a non-secure place to visit. Save some network metadata, encrypted HTTPS connections keep the contents of the communications between the user and a web server hidden from outside parties - in normal circumstances, that is. The company is already marking HTTP web-pages that accept credit card details as not-secure, and starting October this year, the browser will do the same on every HTTP site in which the user has to input data, and for every HTTP page browsed in Incognito mode.

Interestingly, Google has advanced that traffic to pages it has marked "Not Secure" has dropped by 23%, which goes to show that such policies do impact a user's decision on whether or not to establish such a connection. In addition, Google started scrambling its search engine algorithm so as to feature HTTPS sites more prominently than sites that don't. This means that websites that see diminishing visitors should be more inclined towards a adopting the more secure, encrypted HTTPS. And in an era where every scrap of our information is deemed worthy of at least being stored and resold, I find it commendable that Google thinks every piece of information should be secured, instead of just our payment information - which even that isn't always secure.

Source: Google Security Blog, Tom's Hardware
Add your own comment

18 Comments on Chrome 62 Really Won't Like "HTTP" Sites When In Incognito Mode

#1
pat-roner
Like anyone uses Incognito for anything else than porn 90% of the time....
Posted on Reply
#2
ZeppMan217
Pornhub switched to HTTPS awhile ago, so incognito away.
Posted on Reply
#3
bug
pat-roner said:
Like anyone uses Incognito for anything else than porn 90% of the time....
Banking?
Posted on Reply
#4
newtekie1
Semi-Retired Folder
bug said:
Banking?
There is no reason or need to use incognito mode for banking.
Posted on Reply
#5
Atnevon
pat-roner said:
Like anyone uses Incognito for anything else than porn 90% of the time....
Checking email on another computer is really handy. If I have something in my GMail I'll incognito it so I don't have to interrupt anyone else's account activity, and I can close the browser knowing nothing of mine if left behind. Of if it's my machine, I can take a gander at another account of mine, like a junk mail account, and not have to kill my flow of things on my normal activity.
Posted on Reply
#6
Ahhzz
newtekie1 said:
There is no reason or need to use incognito mode for banking.
http://lifehacker.com/go-incognito-and-keep-financial-sites-from-caching-your-526963982

Not leaving my personal GMail account info cached at work

Not having, honestly, anything personal on my machine at work. Since I've had to use my personal Amazon account to order things for the company before, I have no issue with using my lunch hour, or a break, to pull a trigger on something the SO desires, and since some of our work requires us to have a "public face", I get asked to check things from different OSes on facebook, twitter, linkdn, etc. Not going to leave my personal info saved on work PC. And anytime to leave your banking information cached in any shape/form/fashion on any computer, that just leaves it open for scavenging. You can run all the anti-everything you like, but zero-day vulnerabilities exist, and there's always the chance. I like to minimize the damage.

Atnevon said:
Checking email on another computer is really handy. If I have something in my GMail I'll incognito it so I don't have to interrupt anyone else's account activity, and I can close the browser knowing nothing of mine if left behind. Of if it's my machine, I can take a gander at another account of mine, like a junk mail account, and not have to kill my flow of things on my normal activity.
Exactly. Several times I have to log into my company email from remote sites to receive patches, links, etc from support and vendors, and I don't want that information left behind in any form: incognito, thank you.
Posted on Reply
#7
newtekie1
Semi-Retired Folder
Ahhzz said:
http://lifehacker.com/go-incognito-and-keep-financial-sites-from-caching-your-526963982

Not leaving my personal GMail account info cached at work

Not having, honestly, anything personal on my machine at work. Since I've had to use my personal Amazon account to order things for the company before, I have no issue with using my lunch hour, or a break, to pull a trigger on something the SO desires, and since some of our work requires us to have a "public face", I get asked to check things from different OSes on facebook, twitter, linkdn, etc. Not going to leave my personal info saved on work PC. And anytime to leave your banking information cached in any shape/form/fashion on any computer, that just leaves it open for scavenging. You can run all the anti-everything you like, but zero-day vulnerabilities exist, and there's always the chance. I like to minimize the damage.
1.) Not a single banking site tested had the issue.
2.) The study was done 4 years ago. All of the major sites that did have the issue have long since fixed it.

I mean, yeah, if you're doing stuff on someone else's computer, or a shared computer, use incognito mode if you want. But there isn't a need to use it on your own computer.
Posted on Reply
#8
DeathtoGnomes
newtekie1 said:
1.) Not a single banking site tested had the issue.
2.) The study was done 4 years ago. All of the major sites that did have the issue have long since fixed it.

I mean, yeah, if you're doing stuff on someone else's computer, or a shared computer, use incognito mode if you want. But there isn't a need to use it on your own computer.
I disagree, I prefer not to leave a foot print anywhere. MS collects enough data without permission.
Posted on Reply
#9
bug
DeathtoGnomes said:
I disagree, I prefer not to leave a foot print anywhere. MS collects enough data without permission.
What do you mean without permission? Did you install without accepting the EULA?
Posted on Reply
#10
DeathtoGnomes
bug said:
What do you mean without permission? Did you install without accepting the EULA?
:banghead:
oh lets not start that argument again....
Posted on Reply
#11
Derek12
DeathtoGnomes said:
I disagree, I prefer not to leave a foot print anywhere. MS collects enough data without permission.
What does that have to do with incognito mode? and how does MS collect any browser's history?
BTW"without permission" is blatantly false
Let's begin with conspiracy theories :rockout:
Posted on Reply
#12
Ahhzz
Derek12 said:
What does that have to do with incognito mode? and how does MS collect any browser's history?
BTW"without permission" is blatantly false
Let's begin with conspiracy theories :rockout:
How could you possibly hear our discussion with your head in the sand like that?



:rockout:
Posted on Reply
#13
Prima.Vera
Great. Now please disable Java also like Mozilla or Safari. That crap needs to disappear quickly and without a trace. Worst invention of humanity.
Posted on Reply
#14
HopelesslyFaithful
Atnevon said:
Checking email on another computer is really handy. If I have something in my GMail I'll incognito it so I don't have to interrupt anyone else's account activity, and I can close the browser knowing nothing of mine if left behind. Of if it's my machine, I can take a gander at another account of mine, like a junk mail account, and not have to kill my flow of things on my normal activity.
this.

newtekie1 said:
1.) Not a single banking site tested had the issue.
2.) The study was done 4 years ago. All of the major sites that did have the issue have long since fixed it.

I mean, yeah, if you're doing stuff on someone else's computer, or a shared computer, use incognito mode if you want. But there isn't a need to use it on your own computer.
additionally not having stuff left on your hard drive is a plus for virus/malware/hackers and if your stuff gets stolen. Some people use laptops and peoples houses do get broken into.

Most of us use SSDs and you cants wipe free space on an SSD even if you try do to built in OP prevents 100% wiping of free space.


I also take my privacy and data seriously unlike most people. I also run Tails/Tor and use FDE using VEracrypt and containers and other means to protect my stuff like VPNs and such.

Be my guest and give everyone your personal information but i wont give it up without a fight.

Still need to get a faraday cage for my IPass since its a tracking device......there is a reason they dont beep anymore. IL made a tracking network and if you install a beeper in it it goes off every mile or so.
Posted on Reply
#15
bug
Prima.Vera said:
Great. Now please disable Java also like Mozilla or Safari. That crap needs to disappear quickly and without a trace. Worst invention of humanity.
Chrome couldn't run the Java plugin since r35.
Posted on Reply
#16
Xzibit
Ahhzz said:
http://lifehacker.com/go-incognito-and-keep-financial-sites-from-caching-your-526963982

Not leaving my personal GMail account info cached at work

Not having, honestly, anything personal on my machine at work. Since I've had to use my personal Amazon account to order things for the company before, I have no issue with using my lunch hour, or a break, to pull a trigger on something the SO desires, and since some of our work requires us to have a "public face", I get asked to check things from different OSes on facebook, twitter, linkdn, etc. Not going to leave my personal info saved on work PC. And anytime to leave your banking information cached in any shape/form/fashion on any computer, that just leaves it open for scavenging. You can run all the anti-everything you like, but zero-day vulnerabilities exist, and there's always the chance. I like to minimize the damage.



Exactly. Several times I have to log into my company email from remote sites to receive patches, links, etc from support and vendors, and I don't want that information left behind in any form: incognito, thank you.
I'd be more worried of Chrome + Nvidia combo

Networkworld

A bug in Nvidia's GPU drivers. GPU memory is not erased before giving it to an application. This allows the contents of one application to leak into another. When the Chrome incognito window was closed, it’s framebuffer was added to the pool of free GPU memory, but it was not erased. When Diablo requested a framebuffer of its own, Nvidia offered up the one previously used by Chrome. Since it wasn't erased, it still contained the previous contents. Since Diablo doesn't clear the buffer itself (as it should), the old incognito window was put on the screen again.

In the interest of reproducing the bug, I wrote a program to scan GPU memory for non-zero pixels. It was able to reproduce a Reddit page I had closed on another user account a few minutes ago, pixel perfect.
Remember there is a option to flush cache after close but for some reason it wasn't helping, it was still retaining info.
Posted on Reply
#17
eidairaman1
The Exiled Airman
Waterfox...

Betteroff with that than chrome.
Posted on Reply
#18
DeathtoGnomes
eidairaman1 said:
Waterfox...

Betteroff with that than chrome.
I've used WF since day one. lots of addons say its not supported, but yet they all work. EFF.org host 2 of the best privacy addons.
Posted on Reply
Add your own comment