> Is it unreasonable to want, or even expect, an incognito window to disable all forms of tracking?
"Tracking" is a nebulous term. If a company records your visit in their logs, is that tracking? If they increment a counter every time someone visits a page, is that tracking? If a user logs in under Incognito Mode and the site records their new last login IP and timestamp, is that tracking? These questions would have sounded facetious years ago, but now nearly every form of user tracking has come under scrutiny.
The common confusion is that Incognito mode isn't equivalent to using Tor or a VPN. For 99% of cases, that doesn't really matter. Explaining the distinction to the average user is a challenge, though.
> Wouldn't the world be far better if a phone alerted me to an app scanning my local area network or contacts? Or if I got warnings when it took such actions?
Modern phone OSes will ask for permission if an app wants to access your local network, your contacts, or your photos. That's not the concern here, though.
I'm not sure how tracking is nebulous. If you want to identify an anonymous counter, or keep depersonalised logs, or IP logs for security, that's fine; it can't identify the user. (Maybe IP logs could)
Essentially you can boil "tracking" to two main sources: when there's data collected without a legitimate purpose for doing so, and when data is collected to the point that could identify a user, but no explicit consent is given.
Take for example a Facebook comment section on a third party site. It'd be fine to click the comments and have a quick prompt for Facebook to interact – the comment is public, so it's known to all. But if the user never comments, Facebook has no right to be aware the user was ever there; that's tracking.
You could make the extended argument that overcorrelation of data for advertising is tracking in a sense, as this would cover intra-site tracking (e.g. a shopping site knowing you're pregnant before you know yourself.) This is a little more nebulous to define, as it's hard to define who it benefits If your phone launcher suggests an app, or Uber suggests a location, that's because it wants to save time. But if a shopping site suggests a product, that's advertising, and should be given explicit consent.
> If you want to identify an anonymous counter, or keep depersonalised logs, or IP logs for security, that's fine; it can't identify the user. (Maybe IP logs could)
Some laypeople would disagree.
That's what it means to be "nebulous". A term like "tracking" needs to be defined in technical/legal language. You can't simply ask a random sample of the entire world's population and expect to get a consistent answer about what should be allowed and what should not.
> when there's data collected without a legitimate purpose for doing so
Who gets to decide what's legitimate? Most people would agree that detecting and fixing crashes is a legitimate usecase, but most of HN is probably staunchly against Windows telemetry.
It is quite easy to answer in legal terms, tracking is about gathering, collecting, and linking together Personally Identifying Information.
if you track my incognito sessions but what gather makes you unable to (statistically) associate me with my non-incognito sessions that is not tracking.
incrementing a counter for the number of visits is not tracking, recording my mouse move patterns to a precision where you are able to identify me "biometrically" is tracking.
it is not about what technology you are using it is about your data gathering is being used/can be used to populate a personally identifying profile about me
(I admit that tracking is nebulous in one sense: suppose that I have recorded internet usage patterns of 20% of the population with complete and accurate data collection, using sophisticate AI models I am now able to identify your age/gender just by how you scroll a page, even without remembering anything about your session, I can calculate this on the fly. this is essentially what Cambridge Analytica did and it is nebulous "who" they were tracking, the original users or you?)
"Tracking" is a nebulous term. If a company records your visit in their logs, is that tracking? If they increment a counter every time someone visits a page, is that tracking? If a user logs in under Incognito Mode and the site records their new last login IP and timestamp, is that tracking? These questions would have sounded facetious years ago, but now nearly every form of user tracking has come under scrutiny.
The common confusion is that Incognito mode isn't equivalent to using Tor or a VPN. For 99% of cases, that doesn't really matter. Explaining the distinction to the average user is a challenge, though.
> Wouldn't the world be far better if a phone alerted me to an app scanning my local area network or contacts? Or if I got warnings when it took such actions?
Modern phone OSes will ask for permission if an app wants to access your local network, your contacts, or your photos. That's not the concern here, though.