Every major browser ships some version of this: Chrome calls it Incognito, Firefox and Safari call it Private Browsing, Edge calls it InPrivate. Under the hood they all do roughly the same thing. They open a session with a fresh, empty store and they throw that store away when you close the windows. The protection is entirely local, and that single sentence explains both what it does and what it does not.
What it actually does
A private window keeps your activity from being recorded on the device you are using. When the session ends, the browser discards what it accumulated during it.
- No browsing history. The pages you visit are not written to your local history.
- Cookies and site data are session-only. They live for the duration of the window and are deleted when you close it, so you start logged out and you do not stay logged in afterward.
- Form and search bar entries are not saved. What you type is not retained for autofill.
- A separate cookie jar. The private session does not share cookies with your normal session, which is why you can be logged into the same site as two different users at once.
That makes it genuinely good at a handful of real tasks: using a shared or public computer without leaving a trail for the next person, logging into a second account, testing how a site behaves for a logged-out visitor, or keeping a surprise gift off the household autocomplete. The common thread is that the adversary is someone else with access to your device. Against that threat, private mode works as advertised.
Private browsing protects you from other people who use your device after you. It does not protect you from the websites you visit, the network you are on, or your internet provider. Those parties never see your local history in the first place, so deleting it changes nothing for them.
What it does not do
This is where the myths cluster. Private mode changes nothing about how your traffic looks to anyone on the network side of the connection.
| Common belief | Reality |
|---|---|
| "Websites can't track me." | False. Sites still see your IP address and can still fingerprint your device. You start without cookies, but you can be re-identified within the session. |
| "My ISP can't see what I visit." | False. Your provider sees the same connection data either way. DNS lookups and destination addresses are unaffected by the mode. |
| "My employer or school can't monitor me." | False. Network-level monitoring and managed-device software operate above the browser and see the traffic regardless. |
| "It hides my IP / makes me anonymous." | False. Your IP is unchanged. Anonymity is a different problem with a different tool. |
| "Nothing is saved at all." | Partly. Files you download and bookmarks you create persist after the session ends. |
The fingerprinting point deserves emphasis. Even with a clean cookie jar, your browser exposes a combination of screen size, fonts, time zone, and rendering quirks that can be distinctive enough to recognize you across sessions. Starting fresh on cookies does not start you fresh on the characteristics described in our piece on browser fingerprinting. And if you log into any account during a private session, you have voluntarily identified yourself to that service for the rest of it.
The disclosure that went to court
The gap between perception and reality became a legal matter. In Brown v. Google, a class action argued that Google continued to collect data from users browsing in Incognito who reasonably believed they were not being tracked. The case was settled in 2024, with Google agreeing to destroy a large volume of collected Incognito-mode data and to revise how the mode is described to users. The episode is a useful marker: the confusion was widespread enough, and the wording ambiguous enough, that it produced years of litigation.
The feature was never broken. The expectations attached to it were. Private mode does exactly what the engineering says, and far less than the name suggests.
What to reach for when you need more
Match the tool to the threat. If your concern is the next person on a shared computer, private mode is the right and sufficient answer. If your concern is anyone past your own keyboard, you need different layers.
- To hide destinations from your network or ISP: understand the trade-offs in Tor versus a VPN, and harden name resolution with encrypted DNS.
- To resist cross-site tracking and fingerprinting: see privacy browsers compared and browser state partitioning, which isolate state by site rather than just clearing it.
- For genuine anonymity: a hardened browser built for it, such as the Tor Browser, is the category of tool that actually targets that goal.
Private browsing earns its place in the toolkit by being honest about a small job and doing it well. The failure was never the feature. It was the assumption that a local cleanup tool could change what the rest of the internet sees, and that assumption is worth retiring.