The thing people notice and can't quite explain
It's a specific, recognizable feeling: you watch YouTube signed out on purpose — maybe to get away from the algorithm's idea of you, maybe just out of habit — and the videos staring back are suspiciously close to what you'd see logged in. The "Sign in" button is sitting right there in the corner. And yet.
The instinct to assume something sneaky is happening is reasonable. The actual explanation is less a conspiracy and more a story about how browsers and accounts quietly overlap in ways most people never see broken down.
Reason one: your browser never actually logged you out
Google accounts work across all Google products at once inside a browser — Gmail, YouTube, Search, Drive, all of it shares the same sign-in session by default. If Gmail is open as an app or a pinned tab and you're signed in there, that session can still be active in the background even on a tab where YouTube's interface says "not signed in." Tabs in a normal browser window typically share one cookie jar, not a separate one per tab or per site.
This gets murkier with Progressive Web Apps (installing Gmail as a PWA, for instance) because a PWA can run as its own semi-isolated window — but if it's built on the same browser engine and profile, it doesn't always get a fully separate cookie jar from the rest of that browser. The visible "logged out" state on one tab doesn't guarantee the underlying session is gone.
Reason two: device fingerprinting doesn't need a login at all
Even with zero cookies and zero account session, a browser leaks a surprising amount of identifying detail just by existing: screen resolution, installed fonts, time zone, graphics hardware, browser version, and dozens of smaller settings. None of these facts is unique on its own. Combined, they form a "fingerprint" that's specific enough to recognize the same device again later — no cookie required, no login required.
This is the part that actually explains the "tricky" feeling. Clearing cookies resets the part of tracking that depends on cookies. It does nothing to the part that depends on what your hardware and software look like to a server. A fresh incognito window run from the same physical machine can still resemble the same fingerprint as the last session.
It's not just paranoia — YouTube actually changed this
Worth knowing: this isn't a static, unchanging system. YouTube has previously dialed back logged-out personalization — for a stretch, opening YouTube signed out (or in Incognito) produced a blank "Get Started" screen instead of a tailored feed, specifically because the lack of a strong signal made recommendations there look more like noise than help. That behavior has shifted back and forth over time, which is itself a clue: when a logged-out homepage looks unusually generic, the account-and-cookie layer is probably the one being neutralized. When it looks unusually familiar, fingerprinting or a lingering session is more likely doing the work.
What this means for Microsoft, and where the comparison breaks down
The instinct to wonder "is Microsoft doing the same thing" is fair, but the two companies aren't built the same way here. A local Windows account avoids the deepest layer of Microsoft account-based tracking — but Windows 11 still phones home a meaningful amount of diagnostic and telemetry data regardless of which account type is signing in, and Edge (Microsoft's browser) carries its own separate sync and identity layer on top of that. Device fingerprinting itself isn't unique to Google — it's a browser-and-server-level technique any sufficiently large site can use, Google's products are simply some of the most visible and well-documented examples because of how much of the open web runs through them.
In short: Google's footprint is wider because more of the internet touches a Google product somewhere in the chain (Search, YouTube, embedded ads, embedded fonts, Analytics). That width is what makes it feel more invasive — not necessarily that the underlying tracking technique itself is unique to Google.
What actually breaks the pattern
- Sign out everywhere, not just one tab — Google Account → Security → "Your devices" lets you end every active session at once, not just the one in front of you.
- Use a separate browser profile or container for logged-out browsing — Firefox's Multi-Account Containers (or a fully separate browser) keeps the cookie jar genuinely isolated, instead of relying on incognito mode alone.
- Accept that fingerprinting is the harder problem — clearing cookies and cache resets one layer of tracking. It does not reset the hardware/software signature a browser exposes by default. Extensions designed to resist fingerprinting (rather than just block cookies) are a different category of tool aimed specifically at this.
- Watch for the "blank slate" signal — if a logged-out homepage looks generic and untailored, that's a sign the account/cookie layer was actually cleared. A still-personal feed after a real sign-out is the more telling case.
The honest bottom line
Google isn't reading your mind, and this isn't some secret system reserved for power users who notice things. It's the predictable result of two ordinary, well-documented mechanisms — shared browser sessions and device fingerprinting — stacking on top of each other in a way that's genuinely hard to picture until you've watched it happen to your own account. Noticing the gap between "the UI says logged out" and "the content says otherwise" isn't being paranoid. It's just paying closer attention than the interface wants you to.