As part of the settlement of a class action lawsuit, Google has agreed to delete billions of data records that show users’ browsing activity without their knowledge or consent while using its Chrome browser.

The class action lawsuit, filed in 2020, claimed that the firm had deceived consumers into believing that their online behavior remained private when using web browsers such as Chrome’s “incognito” or “private” mode.

You might be interested in: Cybersecurity Guide For Small Businesses In Canada.

It was revealed by the end of December 2023 that the business had agreed to resolve the dispute. Yvonne Gonzalez Rogers, the U.S. District Judge, has not yet approved the settlement.

A court document dated April 1, 2024 stated that “the settlement provides broad relief regardless of any challenges presented by Google’s limited record keeping.”

“Much of the private browsing data in these logs will be deleted in their entirety, including billions of event level data records that reflect class members’ private browsing activities.”

Google must also remove details that allow private browsing data to be uniquely identified as part of the data remediation process. These steps include redacting IP addresses, generalizing User-Agent strings, and removing specific website details (i.e., keeping only the domain-level portion of the URL).

Moreover, the so-called X-Client-Data header field has been requested to be removed. According to Google, this header captures the “state of the installation of Chrome itself, including active variations, as well as server-side experiments that may affect the installation.”

Because this header is created using a random seed value, it might be distinct enough to identify certain Chrome users.

Additional settlement provisions mandate that Google disable third-party cookies in Chrome’s Incognito Mode for a period of five years, a feature that it has previously made available to all users. The IT giant has also declared that by the end of the year, tracking cookies would no longer be enabled by default.

As of January 2024, Google has also changed the description of Incognito Mode to make it clearer that it won’t affect “how data is collected by websites you visit and the services they use, including Google.”

The Incognito browsing mode of the browser was described by Google employees in the lawsuit as a “confusing mess,” “effectively a lie,” and a “problem of professional ethics and basic honesty.” The lawsuit also forced the company to make admissions.

It also exposed corporate conversations that said Incognito Mode shouldn’t be referred to as “private” due to the possibility of “exacerbating known misconceptions.”

This development coincides with Google’s announcement that, in an effort to reduce spam and phishing attempts, it has begun automatically barring bulk senders in Gmail who don’t comply with its email sender rules.

Email senders who send more than 5,000 messages a day to Gmail accounts are required by the new regulations to offer a one-click unsubscribe option and to reply to unsubscribe requests within a two-day timeframe.



Rhyno delivers a range of activities that combine to fully protect your infrastructure and data from cybercriminals, anywhere and everywhere, 24/7/365.


About Rhyno Cybersecurity Services

Rhyno Cybersecurity is a Canadian-based company focusing on 24/7 Managed Detection and Response, Penetration Testing, Enterprise Cloud, and Cybersecurity Solutions for small and midsize businesses.

Our products and services are robust, innovative, and cost-effective. Underpinned by our 24x7x365 Security Operations Centre (SOC), our experts ensure you have access to cybersecurity expertise when you need it the most.

This website uses cookies to improve your online experience. By continuing, we will assume that you are agreeing to our use of cookies. For more information, visit our Cookie Policy.

Privacy Preference Center