How does Twitter know about my browsing history?

Twitter regularly sends out “Popular in your network” emails. I’m assuming one of the reasons is to encourage some of the less active users (like me) to be more active on this social network.

Today, Twitter informed me that this Tweet is “popular in my network”

What’s surprising about this is that I live an ocean away from Canada and that I don’t follow any Twitter users from Canada and definitely not from that part of the country. However, and this is the interesting part, I recently (on the weekend) did do a Google search on Labrador which sent me to this Wikipedia article:

I also recall then clicking on a link which led me to the article about Nova Scotia:

From there, I proceeded to the article about Black Loyalists:

It is important to point out that I usually surf the web using Google Chrome’s “incognito mode”, which was also the case with regards to the aforementioned search history. I’m also permanently logged in into Twitter and into Google, but only in my other, regular Chrome window. If the “incognito mode” works as advertised, neither Twitter, nor Google should have had a record about me looking up Nova Scotia and/or Black Loyalist.

BTW, something similar happened a couple of weeks ago when I looked up “Long Beach” (in California): The next day Twitter pointed me to a Tweet by an organisation based in Long Beach.

How does Twitter know about all this?

I’m not sure you understand the Incognito Mode. Check out its own disclaimer next time you turn it on:

(Bolding not just mine; it’s bold in the Chrome window as well.)

So Incognito mode is only limiting Twitter’s tracking by trashing the cookies at the end of your session. Thus, they’re not there next time. However, within the same session (as long as any tab/window is open), they can potentially track you.

I think I do understand the incognito mode. Again, I have two Google chrome browser windows (not tabs) open at any given time:

#1: a regular browser window where I am logged in into all the online services I use (Twitter, Facebook, Google, Amazon and also this discussion board); it is perfectly understood that my browsing history is recorded and all my passwords, credentials etc. are permanently stored and accessible

#2: an incognito window which I close after every 20 or 30 minutes (something like that) to open a new one.

When I look up a Twitter timeline on #2, it prompts me to login with my credentials or to sign up which makes perfect sense. My question is: How does #1 know about what is going on in #2 which is supposed to be incognito and separate?

It is also perfectly understood that my ISP knows about my browsing history.

And I might add:

Even if I didn’t use an incognito window for my regular browsing, but my regular window which records my browsing history, accepts all the cookies and which I use to permanently access Twitter and Google: I still would find it dubious that Twitter should have access to this information.

Were you dealing with any website other than Wikipedia, I’d expect them to have some twitter-follower software running on their server. That software would be recording that you had been shown pages X, Y, and Z and would be forwarding that info to twitter for their use. So your browser settings would have no effect on this behavior.

But that doesn’t explain the behavior at wiki, which is famous for not participating in all that marketing crap.

I *suspect * what’s really happening is this:

Under incognito mode, a local record of history, cookies, etc. is kept as long as the incognito window is open. And if meanwhile you do a pageview in the non-incognito window which includes twitter’s tracking-ware, the incognito history is forwarded along. IOW, incognito mode is about erasing your tracks when the tab/window is closed, not about not creating any tracks in the first place. This avoids all sorts of compatibility problems where sites expect history and cookies and such to be available from page view to page view while actively using that site.

I would try a similar experiment with some unlikely wiki pages but without any non-incognito Chrome window(s)/tab(s) running at all. From no browsers open, start your incognito browser session, do your spelunking through wiki, close that browser, then open your normal non-incognito browser and go about your normal activities. I bet you won’t later be surprised by twitter’s knowledge of your incognito history.

I will try this. IMHO, if the separation between “normal window” and “incognito window” in Google Chrome isn’t complete (like in a sandbox), then this functionality is broken.

Installing Ghostery will stop that tracking. You can whitelist the sites you want to allow to track you.

I’ve used Chrome’s Incognito mode this way for years and have never seen this sort of leak. I hope they haven’t broken it.

Three possibilities I see:

  • Tracking services are getting wiser and identifying you based on your IP address, possibly mixed with your browser’s UserAgent info and whatever demographics they can deduce based on your behaviour.
  • There’s a Chrome add-in that’s found a way to cross the barrier between regular and Incognito.
  • There’s a secondary device involved (smartphone, tablet) and it associates the Google identity you use in Incognito with your regular Twitter account.

I don’t think incognito mode creates much of a barrier for an extension to cross. If you have an extension installed and enabled for incognito mode, it can send your browsing history wherever it wants.

Donnerwetter, do you have any extensions running in incognito mode?

As far as I can see: no. I am also under the impression that extensions don’t run in incognito mode by default (but I could be totally wrong about this).