Chrome Insider: A primer on enterprise private browsing modes

Growing security and regulatory requirements may lead to enterprises looking more closely at privacy. Chrome Browser offers a variety of privacy configurations for users, but enterprise admins can also apply central controls that focus on protecting end user data. In this post, we will detail ways you can centrally manage privacy modes and highlight the differences between Guest, Ephemeral and Incognito modes. 

First, Guest mode.
“Guest mode” provides a blank profile for someone who’s temporarily using Chrome. You cannot see or change any other Chrome profile information from Guest mode, and a user’s browsing activity is not written on disk—it’s only kept in memory. This means that when someone exits Guest mode, nothing stays behind (even if the user turns off the computer instead of closing the browser).

It’s ideal to use Guest mode in scenarios when users let others borrow a device or when using a public device because users won’t see or change settings of any other Chrome profile. It’s also worth noting that browsing activity is not saved, but still may be visible to visited websites, employers or schools, or your internet service provider (ISP). This is a good option for enterprises with shared devices or public machines. 

Second, Ephemeral mode.
In Ephemeral mode, you can enable your users to have access to their personalized resources on their personal laptop or a shared device that they trust,  but no data is left behind. Forcing Ephemeral mode can reduce the chance of any browsing information being left behind on a device.

During the ephemeral session, the user has access to the full extent of a browser session including: signing in for Chrome sync, cloud policies, password storage, bookmarks, autofill and other data normally present in the user profile. This includes any corporate assets that are enabled in Ephemeral mode, which may include corporate webmail, documents, and intranet pages. 

Incognito mode
In Incognito mode, Chrome won't save a user’s browsing history, cookies and site data, or information entered in forms. That said, files that users download, and bookmarks that they create, may be retained. Also, a user’s activity isn’t hidden from websites they visit, their employer or school, or their internet service provider. If you don’t want Chrome to remember a user’s activity, consider enabling Incognito mode to allow private web browsing on their own device. They’ll see their information and settings without saving any browsing history.  In Incognito mode, the user can’t sign in and get the benefits of Chrome sync, such as corporate bookmarks.

Here’s a good way to explain this to users: private browsing works by keeping things private at a device level. So browsing history, cookies and site data are not saved on the device; network traffic data is not private. Since it only prevents activity from being logged on the device—not the network—logging on the network side (communication to the server of the website) can still be monitored and logged by an employer, school or ISP. 

When you use Incognito mode or Guest mode, you can limit the information Chrome stores on your system. For example, Chrome won't store certain information, such as basic browsing history information like URLs, cached page text, or IP addresses of pages linked from the websites you visit, snapshots of pages that you visit, or records of your downloads. Although, the files you download will still be locally stored elsewhere on your computer or device.

Choosing the right mode for your users
To wrap everything up, below is a handy dandy matrix with all of the comparisons. For a more in depth look at understanding the privacy mode options for your organization please read Chrome Browser privacy guide for enterprises: Understanding your privacy mode options.