Chrome: Saved username/password filled in incognito mode
up vote
4
down vote
favorite
If I open an incognito window in Google Chrome and go to a webpage where Chrome has a saved username and password from (for example the login form on http://gmail.com), I see that my username and password are automatically filled in.
Does that mean that I am not really incognito? Can the website see my username even if I don't explicitly log in?
Or is there some mechanism behind the scenes that prevents the webpage from grabbing auto-filled values unless I actually log in?
Clarification:
Stored usernames (and passwords) are a lot like cookies: your unique identifier linked to a certain site, stored locally in your browser, available to the site when you open it.
When you go incognito you ask your browser not to identify you to the sites you visit. It does that by (among other things) not exposing its cookies. Exposing the stored username in this mode does not make sense to me (but maybe I'm missing something...).
Update (2014-09-25): it seems recent Chrome versions don't do this anymore.
google-chrome private-browsing
asked Jun 28 '11 at 11:02
Wouter Coekaerts
246128
add a comment |
up vote
4
down vote
favorite
If I open an incognito window in Google Chrome and go to a webpage where Chrome has a saved username and password from (for example the login form on http://gmail.com), I see that my username and password are automatically filled in.
Does that mean that I am not really incognito? Can the website see my username even if I don't explicitly log in?
Or is there some mechanism behind the scenes that prevents the webpage from grabbing auto-filled values unless I actually log in?
Clarification:
Stored usernames (and passwords) are a lot like cookies: your unique identifier linked to a certain site, stored locally in your browser, available to the site when you open it.
When you go incognito you ask your browser not to identify you to the sites you visit. It does that by (among other things) not exposing its cookies. Exposing the stored username in this mode does not make sense to me (but maybe I'm missing something...).
Update (2014-09-25): it seems recent Chrome versions don't do this anymore.
google-chrome private-browsing
asked Jun 28 '11 at 11:02
Wouter Coekaerts
246128
add a comment |
up vote
4
down vote
favorite
up vote
4
down vote
favorite
If I open an incognito window in Google Chrome and go to a webpage where Chrome has a saved username and password from (for example the login form on http://gmail.com), I see that my username and password are automatically filled in.
Does that mean that I am not really incognito? Can the website see my username even if I don't explicitly log in?
Or is there some mechanism behind the scenes that prevents the webpage from grabbing auto-filled values unless I actually log in?
Clarification:
Stored usernames (and passwords) are a lot like cookies: your unique identifier linked to a certain site, stored locally in your browser, available to the site when you open it.
When you go incognito you ask your browser not to identify you to the sites you visit. It does that by (among other things) not exposing its cookies. Exposing the stored username in this mode does not make sense to me (but maybe I'm missing something...).
Update (2014-09-25): it seems recent Chrome versions don't do this anymore.
google-chrome private-browsing
asked Jun 28 '11 at 11:02
Wouter Coekaerts
246128
If I open an incognito window in Google Chrome and go to a webpage where Chrome has a saved username and password from (for example the login form on http://gmail.com), I see that my username and password are automatically filled in.
Does that mean that I am not really incognito? Can the website see my username even if I don't explicitly log in?
Or is there some mechanism behind the scenes that prevents the webpage from grabbing auto-filled values unless I actually log in?
Clarification:
Stored usernames (and passwords) are a lot like cookies: your unique identifier linked to a certain site, stored locally in your browser, available to the site when you open it.
When you go incognito you ask your browser not to identify you to the sites you visit. It does that by (among other things) not exposing its cookies. Exposing the stored username in this mode does not make sense to me (but maybe I'm missing something...).
Update (2014-09-25): it seems recent Chrome versions don't do this anymore.
google-chrome private-browsing
google-chrome private-browsing
asked Jun 28 '11 at 11:02
Wouter Coekaerts
246128
asked Jun 28 '11 at 11:02
Wouter Coekaerts
246128
edited Sep 26 '14 at 6:38
asked Jun 28 '11 at 11:02
Wouter Coekaerts
246128
asked Jun 28 '11 at 11:02
Wouter Coekaerts
246128
asked Jun 28 '11 at 11:02
Wouter Coekaerts
246128
246128
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
up vote
7
down vote
Does that mean that I am not really incognito? Can the website see my username even if I don't explicitly log in? O
Incognito means Chrome destroys all cookies created & doesn't record any websites that you visited. The passwords are filled in from Chrome's password manager, not from the site.
Incognito is also a client-side, browser-specific implementation - it doesn't mean no body will be able to track you.
Read Chrome's incognito message:
You've gone incognito. Pages you view in this window won't appear in your browser history or search history, and they won't leave other traces, like cookies, on your computer after you close the incognito window. Any files you download or bookmarks you create will be preserved, however.
Going incognito doesn't affect the behavior of other people, servers
When you go incognito you ask your browser not to identify you to the sites you visit. It does that by (among other things) not exposing its cookies. Exposing the stored username in this mode does not make sense to me (but maybe I'm missing something...).
No, you've misunderstood here. Incognito mode works by destroying the cookies after the session is complete( which is signaled by you closing the incognito window). Incognito does not mean do not identify myself, it means do not keep a track of my activities when I'm on an incognito session.
The thing you are missing is how incognito works - the browser does not present any cookies - that does not mean the browser does not know which website you're visiting - the username/password is fetched by the browser by matching which site you're on - not via cookies.
answered Jun 28 '11 at 11:08
Sathya♦
52.5k29153252
They are stored in (roughly) the same place as cookies: your browser. The part of Chrome's incognito message you emphasize is irrelevant here: (just like disabling cookies) this is about the behaviour of your browser; not other people, not servers. Edited the question to clarify.
– Wouter Coekaerts
Jun 28 '11 at 22:01
1
@WouterCoekaerts Cookie storage & password management are not comparable. The message is still relevant - you've misunderstood how the browser works. Edited.
– Sathya♦
Jun 29 '11 at 4:35
You seem to have missed @WouterCoekaerts' point: if the browser auto-fills the input[type='text'], is there a way for the webpage to retrieve that value? It could listen to the JavaScriptonchangeevent, and then AJAX the value back to the server. I guess the inferred question is: Does Chrome Incognito still trigger theonchangeevent when it auto-fills?
– Rikki
Aug 28 '14 at 9:42
add a comment |
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
7
down vote
Does that mean that I am not really incognito? Can the website see my username even if I don't explicitly log in? O
Incognito means Chrome destroys all cookies created & doesn't record any websites that you visited. The passwords are filled in from Chrome's password manager, not from the site.
Incognito is also a client-side, browser-specific implementation - it doesn't mean no body will be able to track you.
Read Chrome's incognito message:
You've gone incognito. Pages you view in this window won't appear in your browser history or search history, and they won't leave other traces, like cookies, on your computer after you close the incognito window. Any files you download or bookmarks you create will be preserved, however.
Going incognito doesn't affect the behavior of other people, servers
When you go incognito you ask your browser not to identify you to the sites you visit. It does that by (among other things) not exposing its cookies. Exposing the stored username in this mode does not make sense to me (but maybe I'm missing something...).
No, you've misunderstood here. Incognito mode works by destroying the cookies after the session is complete( which is signaled by you closing the incognito window). Incognito does not mean do not identify myself, it means do not keep a track of my activities when I'm on an incognito session.
The thing you are missing is how incognito works - the browser does not present any cookies - that does not mean the browser does not know which website you're visiting - the username/password is fetched by the browser by matching which site you're on - not via cookies.
answered Jun 28 '11 at 11:08
Sathya♦
52.5k29153252
They are stored in (roughly) the same place as cookies: your browser. The part of Chrome's incognito message you emphasize is irrelevant here: (just like disabling cookies) this is about the behaviour of your browser; not other people, not servers. Edited the question to clarify.
– Wouter Coekaerts
Jun 28 '11 at 22:01
1
@WouterCoekaerts Cookie storage & password management are not comparable. The message is still relevant - you've misunderstood how the browser works. Edited.
– Sathya♦
Jun 29 '11 at 4:35
You seem to have missed @WouterCoekaerts' point: if the browser auto-fills the input[type='text'], is there a way for the webpage to retrieve that value? It could listen to the JavaScriptonchangeevent, and then AJAX the value back to the server. I guess the inferred question is: Does Chrome Incognito still trigger theonchangeevent when it auto-fills?
– Rikki
Aug 28 '14 at 9:42
add a comment |
up vote
7
down vote
Does that mean that I am not really incognito? Can the website see my username even if I don't explicitly log in? O
Incognito means Chrome destroys all cookies created & doesn't record any websites that you visited. The passwords are filled in from Chrome's password manager, not from the site.
Incognito is also a client-side, browser-specific implementation - it doesn't mean no body will be able to track you.
Read Chrome's incognito message:
You've gone incognito. Pages you view in this window won't appear in your browser history or search history, and they won't leave other traces, like cookies, on your computer after you close the incognito window. Any files you download or bookmarks you create will be preserved, however.
Going incognito doesn't affect the behavior of other people, servers
When you go incognito you ask your browser not to identify you to the sites you visit. It does that by (among other things) not exposing its cookies. Exposing the stored username in this mode does not make sense to me (but maybe I'm missing something...).
No, you've misunderstood here. Incognito mode works by destroying the cookies after the session is complete( which is signaled by you closing the incognito window). Incognito does not mean do not identify myself, it means do not keep a track of my activities when I'm on an incognito session.
The thing you are missing is how incognito works - the browser does not present any cookies - that does not mean the browser does not know which website you're visiting - the username/password is fetched by the browser by matching which site you're on - not via cookies.
answered Jun 28 '11 at 11:08
Sathya♦
52.5k29153252
They are stored in (roughly) the same place as cookies: your browser. The part of Chrome's incognito message you emphasize is irrelevant here: (just like disabling cookies) this is about the behaviour of your browser; not other people, not servers. Edited the question to clarify.
– Wouter Coekaerts
Jun 28 '11 at 22:01
1
@WouterCoekaerts Cookie storage & password management are not comparable. The message is still relevant - you've misunderstood how the browser works. Edited.
– Sathya♦
Jun 29 '11 at 4:35
You seem to have missed @WouterCoekaerts' point: if the browser auto-fills the input[type='text'], is there a way for the webpage to retrieve that value? It could listen to the JavaScriptonchangeevent, and then AJAX the value back to the server. I guess the inferred question is: Does Chrome Incognito still trigger theonchangeevent when it auto-fills?
– Rikki
Aug 28 '14 at 9:42
add a comment |
up vote
7
down vote
up vote
7
down vote
Does that mean that I am not really incognito? Can the website see my username even if I don't explicitly log in? O
Incognito means Chrome destroys all cookies created & doesn't record any websites that you visited. The passwords are filled in from Chrome's password manager, not from the site.
Incognito is also a client-side, browser-specific implementation - it doesn't mean no body will be able to track you.
Read Chrome's incognito message:
You've gone incognito. Pages you view in this window won't appear in your browser history or search history, and they won't leave other traces, like cookies, on your computer after you close the incognito window. Any files you download or bookmarks you create will be preserved, however.
Going incognito doesn't affect the behavior of other people, servers
When you go incognito you ask your browser not to identify you to the sites you visit. It does that by (among other things) not exposing its cookies. Exposing the stored username in this mode does not make sense to me (but maybe I'm missing something...).
No, you've misunderstood here. Incognito mode works by destroying the cookies after the session is complete( which is signaled by you closing the incognito window). Incognito does not mean do not identify myself, it means do not keep a track of my activities when I'm on an incognito session.
The thing you are missing is how incognito works - the browser does not present any cookies - that does not mean the browser does not know which website you're visiting - the username/password is fetched by the browser by matching which site you're on - not via cookies.
answered Jun 28 '11 at 11:08
Sathya♦
52.5k29153252
Does that mean that I am not really incognito? Can the website see my username even if I don't explicitly log in? O
Incognito means Chrome destroys all cookies created & doesn't record any websites that you visited. The passwords are filled in from Chrome's password manager, not from the site.
Incognito is also a client-side, browser-specific implementation - it doesn't mean no body will be able to track you.
Read Chrome's incognito message:
You've gone incognito. Pages you view in this window won't appear in your browser history or search history, and they won't leave other traces, like cookies, on your computer after you close the incognito window. Any files you download or bookmarks you create will be preserved, however.
Going incognito doesn't affect the behavior of other people, servers
When you go incognito you ask your browser not to identify you to the sites you visit. It does that by (among other things) not exposing its cookies. Exposing the stored username in this mode does not make sense to me (but maybe I'm missing something...).
No, you've misunderstood here. Incognito mode works by destroying the cookies after the session is complete( which is signaled by you closing the incognito window). Incognito does not mean do not identify myself, it means do not keep a track of my activities when I'm on an incognito session.
The thing you are missing is how incognito works - the browser does not present any cookies - that does not mean the browser does not know which website you're visiting - the username/password is fetched by the browser by matching which site you're on - not via cookies.
answered Jun 28 '11 at 11:08
Sathya♦
52.5k29153252
edited Jun 29 '11 at 4:34
answered Jun 28 '11 at 11:08
Sathya♦
52.5k29153252
answered Jun 28 '11 at 11:08
Sathya♦
52.5k29153252
answered Jun 28 '11 at 11:08
Sathya♦
52.5k29153252
52.5k29153252
They are stored in (roughly) the same place as cookies: your browser. The part of Chrome's incognito message you emphasize is irrelevant here: (just like disabling cookies) this is about the behaviour of your browser; not other people, not servers. Edited the question to clarify.
– Wouter Coekaerts
Jun 28 '11 at 22:01
1
@WouterCoekaerts Cookie storage & password management are not comparable. The message is still relevant - you've misunderstood how the browser works. Edited.
– Sathya♦
Jun 29 '11 at 4:35
You seem to have missed @WouterCoekaerts' point: if the browser auto-fills the input[type='text'], is there a way for the webpage to retrieve that value? It could listen to the JavaScriptonchangeevent, and then AJAX the value back to the server. I guess the inferred question is: Does Chrome Incognito still trigger theonchangeevent when it auto-fills?
– Rikki
Aug 28 '14 at 9:42
add a comment |
They are stored in (roughly) the same place as cookies: your browser. The part of Chrome's incognito message you emphasize is irrelevant here: (just like disabling cookies) this is about the behaviour of your browser; not other people, not servers. Edited the question to clarify.
– Wouter Coekaerts
Jun 28 '11 at 22:01
1
@WouterCoekaerts Cookie storage & password management are not comparable. The message is still relevant - you've misunderstood how the browser works. Edited.
– Sathya♦
Jun 29 '11 at 4:35
You seem to have missed @WouterCoekaerts' point: if the browser auto-fills the input[type='text'], is there a way for the webpage to retrieve that value? It could listen to the JavaScriptonchangeevent, and then AJAX the value back to the server. I guess the inferred question is: Does Chrome Incognito still trigger theonchangeevent when it auto-fills?
– Rikki
Aug 28 '14 at 9:42
They are stored in (roughly) the same place as cookies: your browser. The part of Chrome's incognito message you emphasize is irrelevant here: (just like disabling cookies) this is about the behaviour of your browser; not other people, not servers. Edited the question to clarify.
– Wouter Coekaerts
Jun 28 '11 at 22:01
They are stored in (roughly) the same place as cookies: your browser. The part of Chrome's incognito message you emphasize is irrelevant here: (just like disabling cookies) this is about the behaviour of your browser; not other people, not servers. Edited the question to clarify.
– Wouter Coekaerts
Jun 28 '11 at 22:01
1
1
@WouterCoekaerts Cookie storage & password management are not comparable. The message is still relevant - you've misunderstood how the browser works. Edited.
– Sathya♦
Jun 29 '11 at 4:35
@WouterCoekaerts Cookie storage & password management are not comparable. The message is still relevant - you've misunderstood how the browser works. Edited.
– Sathya♦
Jun 29 '11 at 4:35
You seem to have missed @WouterCoekaerts' point: if the browser auto-fills the input[type='text'], is there a way for the webpage to retrieve that value? It could listen to the JavaScript
onchange event, and then AJAX the value back to the server. I guess the inferred question is: Does Chrome Incognito still trigger the onchange event when it auto-fills?– Rikki
Aug 28 '14 at 9:42
You seem to have missed @WouterCoekaerts' point: if the browser auto-fills the input[type='text'], is there a way for the webpage to retrieve that value? It could listen to the JavaScript
onchange event, and then AJAX the value back to the server. I guess the inferred question is: Does Chrome Incognito still trigger the onchange event when it auto-fills?– Rikki
Aug 28 '14 at 9:42
add a comment |
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f303298%2fchrome-saved-username-password-filled-in-incognito-mode%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
