Private browsing modes have been around in browsers since Safari 2.0 in 2005, but are topic of interest again among analysts as browsers in general — and Safari especially — have started enforcing more tracking protections when users are in Private Mode.
With Safari 17, users in Private Mode may simply disappear from your analytics. Safari 17’s private browsing blocks GTM, the meta pixel, GA, and also will remove parameters like gclid and fbclid from the URL altogether. So even if you’re using server-side tracking, you will lose some data. Because of Safari’s large market share on mobile, all of a sudden knowing how many users are in private mode becomes a more interesting topic.
Even though Private Mode appeared in Safari first, Chrome’s name “incognito mode” is the most recognized name for this mode. Whether it’s due to Chrome’s dominant market share, the uniqueness of the name, or it’s iconic Spy Guy logo, that’s the name most commonly used. Whatever it’s called, these modes may do two different things:
- Avoid saving history in your browser.
- Provide additional anti-tracking functionality.
It’s long been said that Private Mode is misunderstood by end users. Many studies have focused on this confusion, that users mistakenly think that private mode makes them anonymous or provides them protection it does not. Despite the warnings browsers display, plenty of users still think that there’s some kind of cloaking device enabled when they see that cool hat spy guy logo. My favorite comment on this was from the Google employee who implied that the spy guy should really be Guy Incognito from the Simpsons.
When in private browsing mode you get these additional protections vs. a regular browser window (with default settings):
|Additional protections in private mode (default settings)
|Disables third-party cookies
|Enables “advanced tracking and fingerprinting protection” in v.17
|Blocks tracking content
|No differences, though there is an option to enable strict tracking protection from the InPrivate window
Having Private Mode gives additional protection over a default browser window makes a lot of sense, and that’s where all the browsers have been headed, even if Chrome and Edge are lagging. In Brave you even get the option to browse privately via Tor, which is some pretty legit anonymity even the spy guy could respect.
How do you detect Private Mode?
For this experiment I used the following library: https://github.com/Joe12387/detectIncognito
These is how it works:
Safari: tries to use indexedDB.
Chrome/Chromium: checks jsHeapSizeLimit (a memory quota), and if it’s lower than expected it assumes incognito mode.
Firefox: checks availability of serviceWorker.
Those methods could become invalid at any time, but they all worked in my testing with current browser versions.
Ok, let’s get to the headline data — how many visitors used Private Mode?
Drilling down into the data, I discovered that a great deal of variation in that number based upon user segment.
Much like the rate of adblockers, the percentage of users in Private Mode depends on your individual site. I collected this data from a few different sites, and the rates between each site varied significantly. Overall I attempted to create a data set that would represent typical overall US-based internet usage, but your mileage may vary!
What affects the level of incognito usage?
People use incognito mode for a lot of different things. DuckDuckGo ran a study in 2017 in asking why, and received the following answers:
Undoubtedly viewing NSFW content is a large part of the euphemistic “embarrassing searches”, but NSFW content could also be a part of History, Public Computer, General — or simply not something the user was willing to admit in a survey. In other words, yes the #1 reason for private mode use is probably porn, but it’s used for a lot of other things as well.
This study also reported that of users who use private mode on desktop, 33% report using it “daily”. I don’t trust that number at all, and expect is an example of the same kind of survey over-claiming that we see when surveying all kinds of computer security and private topics.
Type of “content”
So yea, if you have NSFW content, expect a higher percentage of Private Mode users. If I ran this experiment on a porn site, I would expect numbers a whole lot higher than 5.8%. Unfortunately (?), I don’t have access to data from a site like that. However, I was able to segment the traffic across these sites to those that actually were viewing likely NSFW content. Indeed the level of incognito use was much higher!
NSFW content segment: 10.3%
Type of user (logged in users)
If a user trusts a site and uses it regularly, I’d expect that they less likely to use Private Mode. Especially if they are logged in, since nobody wants to have to keep logging in every time they start up the browser and not have it remember anything about your previous session. This seems like it might contradict the high rates in the “Finance” category from the DuckDuckGo survey, but perhaps that was more for research in that category. I would still expect that Private Mode is still low for financial services sites where login is required.
Logged in user segment: 3.6%
Technology (device type, OS, browser)
– Desktop shows a lot more private mode users: 8.2% desktop vs 5% mobile
Again this seems to run counter to what the DuckDuckGo survey showed, but it seems intuitive to me. It’s easier to switch back and forth between Private Mode on desktop, and users in general customize their browsers much more on desktop.
– iOS shows MUCH higher than Android: 7.7% iOS vs 1.9% Android
I expected a gap here, but not such a big gap! I’ll delve more into this below in the Safari 17 section. This is also the main source of the Safari vs. Chrome gap.
First, a point of clarification. I’ve been saying “Safari 17”, though in many articles you’ll see “iOS 17”. I’m being a little extra obsessive with terminology… but some extra and probably unnecessary precision is kind of what this blog is all about.
Starting with iOS version 6 in 2012, Safari and iOS have matched their major version numbers. Starting with iOS 15 in 2021 Apple started matching major and minor versions (source). Apple follows semantic software versioning, meaning versions go Major.Minor.Patch. In other words: iOS 14.5 ran Safari 14.1, but iOS 16.4 runs Safari 16.4. The versions used to match pretty well, and now they match even better!
But if we’re talking about Safari 17 on desktop, we could be talking about three different versions of MacOS X (12, 13, or 14). The advanced tracking protection we’re interested in affects Safari 17 whether it’s running on iOS or MacOS X… There’s just more people that use it on iOS so that’s what generates the most attention.
Anyway — as previous stated, the gap in Private Mode users between iOS (7.7%) and Android (1.9%) was especially large. Obviously Apple has made privacy a big part of their marketing in recent years, but a similar gap did not exist between MacOS X and Microsoft Windows users… So if it’s an “Apple=Privacy” thing it seems to be limited to mobile.
This large amount of Private Mode users on iOS means that the effect of the advanced tracking protection is bigger than if it would have been done on Android. It’s still a percentage of a percentage though… meaning that if the share of Safari on your website was 30% once everyone has upgraded to Safari 17 you’ll potentially be missing reporting on 2.25% of your traffic (7.5% of 30%).
One possible effect that might contribute to the high % of Private Mode on iOS could be that users get “stuck” in Private Mode and don’t realize it. I first heard this theory from Lukas Oldenburg and it seems plausible to me. Once you are in Private Mode on iOS there’s very little that indicates you are in that mode, compared to the many UI hints on Chrome/Android.
One interesting twist here is that there is a new iOS feature that has the possibility to decrease this unintentional usage. Starting in Safari 17 there is also a feature that requires Face ID to unlock the Private Browsing window whenever Safari is re-opened, thereby providing notice that indeed you are in that mode every time you open the browser. This feature defaults to off for iOS and on for MacOS X, but could potentially change in future versions.
Since Safari is leading the way among the big corporate browsers when it comes to privacy, where is it headed? One of the concerns in the digital analytics community about Safari 17 is that anti-tracking features which are now only on in Private Mode may become part of standard browser windows as well. After so many rounds of this: ITP revisions, User-Agent detail reduction, iCloud Private Relay, etc. — it feels inevitable that eventually Safari will take away all the tracking it possibly can. Despite the high likelihood of being proven wrong I don’t think that’s the case, and here are my specific predictions:
1. Much of Safari advanced tracking and fingerprinting protection will NOT make it into default Safari windows. This keeps Private Browsing “more private” than regular mode.
2. Safari will continue to allow GTM, GA, etc. in default windows, though will continue to find new ways to degrade the quality and lifespan of the data. The WebKit Tracking Prevention Policy talks about stopping “cross-site tracking”, which (arguably) does not apply to first-party GA data given what Safari is already doing. Additionally blocking GTM can break functionality on some sites.
3. Safari will bring tracker id reduction into default windows (e.g. removing fbclid, gclid, etc.). These tracker IDs do allow for individual cross-site tracking, so I would expect them to disappear in default windows eventually.
4. Safari won’t remove UTM parameters. It’s the tracking tied to an individual or long-lasting tracking they have had an issue with, not general campaign tracking within a session.
5. Safari will eventually bring more fingerprinting protection into default windows. If they can figure out how to do it in an effective way without breaking stuff. Currently Safari’s fingerprinting protection even in Private Mode is not very effective (for example it does not work against the widely used Fingerprint.com), but it’s hard to improve without risking breaking things.
While it seems silly to bet against Safari introducing new privacy protections, it’s important to remember there’s a lot of tracking that Safari could easily have already blocked if they wanted to (like GA). Safari may be much more privacy-oriented than Chrome or Edge, it is not nearly so aggressive as many less mainstream browsers such as Brave, Librewolf, Vivaldi, etc. Safari’s position as a default browser used by everybody means they have to be much more careful about what they break than Brave et al.
Some fine print about how the experiment was run.
Since Safari advanced tracking and fingerprinting protection blocks GTM, I’ve excluded Safari 17 users from the data for test sites where the test code had to be delivered via GTM. This makes the assumption that the % use of private mode remains the same in Safari 17 as it did in 16, even though the functionality is not exactly the same.
The experiment was run using Plausible, which is not currently blocked by Safari’s advanced tracking mode. Users with an adblocker that do block Plausible are not counted at all, but they are already not being counted in most reporting anyways.