Plain private mode vs. hardened
Incognito / Private Browsing is about local traces: when you close the window, history, cookies, and cache for that session are discarded. What it does not do is change the browser behaviors that can expose information over the network while the window is open — things like WebRTC revealing your real IP, the browser pre-connecting to sites you never visited, or advertising APIs profiling you. Hardened Private Mode turns those off for the session.
The protections, and why each was chosen
These are applied automatically when you open a Hardened Private Window (on Chromium browsers). Each is an official browser setting — nothing undocumented or experimental.
WebRTC IP protection
Why: WebRTC (used for calls and video) can reveal your
real or local IP address even behind a proxy — a well-known privacy
leak. How: sets the WebRTC IP-handling policy to
disable_non_proxied_udp, which stops WebRTC from bypassing a
configured proxy, while still allowing ordinary calling to work.
Network prediction off
Why: browsers speculatively pre-connect, pre-render, and DNS-prefetch sites they think you'll visit — contacting servers you never chose to. How: disables the network-prediction setting for the session.
Address-bar search suggestions off
Why: as-you-type suggestions send your keystrokes to a search provider before you've decided to search. How: disables the search-suggest service for the session.
Hyperlink auditing (<a ping>) off
Why: the ping attribute fires invisible
"you clicked this" tracking requests with no benefit to you.
How: disables hyperlink auditing.
Alternate error pages off
Why: when a page fails to load, the browser can send the failed address to an online suggestion service. How: disables the alternate-error-page service.
Online spelling service off
Why: some browsers send text you type to an online spell-checking service. How: disables that service. Local, on-device spell checking still works.
Advertising privacy-sandbox APIs off
Why: the Topics API, Ad-measurement API, Related Website Sets, and Protected Audience (FLEDGE) are browser features built to profile and target you for advertising. How: each is turned off for the session. (In Chromium incognito these are usually off already — the extension reports them as “Already protected by browser” when so.)
Third-party cookies blocked
Why: third-party cookies are the primary mechanism for cross-site tracking. How: blocks them for the session. Your existing cookie exceptions aren't overridden, and browsers that already block them in private mode report “Already protected.”
Advanced options (off by default)
For people who accept the trade-offs, Settings offers opt-in extras,
each with a warning: strict WebRTC routing
(proxy_only), disabling WebRTC entirely
(where the browser supports it), and disabling referrer
headers. These can break calls, sign-ins, or some sites, so they
are never enabled automatically.
Automatic and memory-only — it reverts on close, quit, reset, or crash
This is the core safety property, and it's worth being precise about. On Chromium browsers, every protection is applied with the browser's incognito-session-only scope. That means:
- It only affects the private session. Your normal browsing settings are never written or changed.
- It lives in memory, not on disk. The values exist only for the active private session's in-memory settings.
- It reverts automatically when the last private window closes — no cleanup step to run, nothing to undo by hand.
- It survives a crash safely. Because the values were never saved to disk, closing, quitting, resetting, or even an unexpected crash simply discards them. The next time you launch, the browser starts from its own defaults — there is nothing left behind to clean up.
On Firefox, the browser offers no way to confine these settings to a private session, so Hardened Mode changes nothing there and reports each protection as “Unavailable” rather than touching your global configuration. Either way, your normal browsing is never altered.
What makes this better than plain private browsing
- It closes leaks private mode leaves open — WebRTC IP exposure, speculative connections, ad-profiling APIs, and third-party cookies, none of which incognito changes on its own.
- It's session-scoped and reversible by the browser itself, so it can't quietly degrade your everyday browsing.
- It never weakens security. Safe Browsing, phishing and malware protection, certificate and HTTPS checks, browser updates, download scanning, and your password manager are never touched.
- It's honest. Settings that can't be confined to the private session — for example, anything on Firefox — are reported as Unavailable and left untouched rather than changed globally. No vague promises.
- It collects nothing and calls nowhere. No analytics,
no telemetry, no network requests, no remote code. Only the
storagepermission, plusprivacyon Chromium to apply these settings. Fully open source.
Hardened Private Mode is not a VPN and not anonymity. Your network and websites can still observe your traffic. It reduces what your browser leaks; pair it with a trusted VPN for network privacy.
Best practices to pair with Go Private Quickly
GPQ hardens your browser. These two habits add the network-level privacy GPQ deliberately doesn't touch.
1. Add a browser VPN extension
A browser VPN extension runs inside your browser as an add-on and encrypts and routes only your browser's traffic. It is not a system-wide VPN app — it doesn't change your computer's connection or protect other apps, just the browser. That makes it lighter and easy to toggle, but the trade-off is that only the browser is covered. Reputable, privacy-respecting options that work as a standalone browser extension (no separate desktop app required):
- Proton VPN — free tier, independently audited no-logs, open source, Swiss jurisdiction
- Windscribe — generous free tier, no-logs, built-in ad and tracker blocking
- NordVPN — audited no-logs, standalone browser proxy extension for Chrome and Firefox
Avoid free “VPN” extensions that pay for themselves by logging, selling, or relaying your traffic — a browser VPN only helps if you can trust who runs it.
2. Set a private DNS resolver
Browsers don't let an extension change your DNS resolver — there is no API for it, and DNS can't be scoped to a single private window. But you can point your browser at a privacy-respecting DNS-over-HTTPS resolver yourself, once, and it protects all of your browsing. Good choices:
- Cloudflare —
https://cloudflare-dns.com/dns-query— fast, independently audited no-logging - Quad9 —
https://dns.quad9.net/dns-query— nonprofit, blocks malicious domains - Mullvad —
https://dns.mullvad.net/dns-query— no-log; ad/tracker-blocking variants available - NextDNS —
https://dns.nextdns.io/<your-id>— your own configurable resolver and blocklists; free tier
Every browser puts this setting (often called Secure DNS or
DNS over HTTPS) in a slightly different place, so search
“[your browser] DNS over HTTPS” for the exact steps.
Google's public DNS (8.8.8.8) is fast but the least private
of the popular options — it sends every lookup to Google —
so it's not on this list.
One reminder about downloads
Files you download during private browsing remain on your computer after the private window closes. Private mode forgets history, cookies, and cache for the session — it does not delete files you chose to save, and Hardened Mode doesn't change that. If you don't want them kept, delete them yourself.
Disclaimer
These are personal guidelines, not guarantees, and not professional advice. By following anything on this page you accept the points below.
- Just ideas that work for me. Everything here is my own opinion and the setup I personally find useful — not security, legal, or financial advice, and not a promise of any particular result. Privacy is about reducing risk, not eliminating it: nothing here makes you anonymous or untraceable.
- Use at your own risk. You are responsible for what you enable and how you use it. Any broken sites, lost or kept files, misconfiguration, downtime, or other problems are your responsibility. Go Private Quickly and this guidance are provided “as is,” with no warranty of any kind and no liability, to the maximum extent the law allows.
- Third-party tools are independent. The VPN and DNS providers named here are independent companies. I am not affiliated with them, not paid by them, and there are no affiliate links — they are named only because I find them useful. I can't vouch for their conduct, privacy practices, pricing, ownership, or uptime, and any of those can change. Read each provider's own terms and privacy policy and verify before relying on them; these recommendations may go out of date.
- Lawful use only. You are responsible for complying with every law that applies to you. VPNs and similar tools are legal in most places but restricted or banned in some countries — it is on you to know your local law. I do not condone, support, or help with any illegal activity, dark-web access, or attempts to evade the law. These are everyday-privacy tools, not tools for wrongdoing.
- Names and trademarks — browser, VPN, and DNS names belong to their respective owners and are used only to identify the products. Mentioning them is not an endorsement by, or of, those companies.
If you don't agree with all of this, don't use the suggestions on this page. See also the Terms of Use.