I visited a site in Chrome, on a desktop computer, in Incognito mode. (I had received an email with spammy content but from an otherwise legitimate-looking source; I visited the source website in Incognito mode to confirm this if it was genuine or spam. It seems that an "share this by email" feature had been abused to send a spam message.)
Later, after closing the Incognito window, I visit the Facebook site. I see a Sponsored post from the website I viewed in Incognito mode.
This strongly implies that Facebook knows I visited the site, even though I was using Incognito mode at the time. I've confirmed in my browser history that I didn't inadvertently visit the site in the non-Incognito window.
How is this possible? I was under the assumption that an Incognito window did not carry forward any cookies or other persistent information. Is my assumption wrong, or is Facebook able to use some other mechanism to identify me in an Incognito session?
I have seen this behaviour once before (in that case, it was on two different devices – one desktop and one mobile, although I cannot remember which was viewing the site and which saw the ad in Facebook) so this does not appear to be an isolated incident.
Best Answer
Incognito mode only prevents the browser from saving cookies, history, etc. It does nothing to prevent servers from recording other meta data about you. At the very least, you visited the spammy site and Facebook using the same IP address. That's an easy way to connect the two browsing sessions.
I've also heard of other ways to profile you, based on user agent string, screen resolution, and even the patterns in your typing and mouse movements.
If you want to hide your visits to spammy sites from the sites themselves, use a VPN.