While I share your skepticism of the suit, I think that that line may be seen as misleading. Google Analytics is NOT a website I visit, in general. Still, despite the Incognito mode, GA may well track me across the internet.
Personally, I always took Incognito/In-Private browsing to be just a "delete cookies and history on exit" mode. But the way it is presented may suggest to many people that it is significantly more than that, even with the disclaimers in Chrome. I would not hold my breath for a successful suit based on that, though.
Saying that "Google Analytics is NOT the website I visit" is the same as saying "React is NOT the UI I'm using" or "Stripe is NOT the store I'm buying from".
Modern day websites use readily available modules to build out functionality. Just because those modules were originally built by someone else doesn't mean that it's not part of the website you visit.
I am aware of this as a developer. But as a regular user, when I am told that visiting HackerNews in incognito mode won't prevent HackerNews from tracking me doesn't tell me that it won't prevent Google and Facebook and who knows how many others too.
Basically, this is one of the key ideas behind the GDPR: that I should have a legally-enforced expectation that when I'm agreeing to share my data with X, I'm not implicitly agreeing to also share it with Y and Z; and that it is X's responsibility to see to this.
So sure, X is free to use GA, but as a User I shouldn't have the expectation that Google knows I've visited X's sight.
And comparing GA to React is really disingenuous, especially in this context. One is an active monitoring solution that hoovers up data and sends it to a 3rd party, the other is a static library that is entirely run in my own browser, or sometimes on the origin server as well.
> My argument was that drawing a distinction between a "site" and modules that are part of that "site" but are from other parties is dubious.
It is not only not dubious, it is in fact enshrined in law. I brought up the GDPR explicitly to highlight this. Specifically in the context of tracking and personal data, there is a distinction between the site I am visiting and the legal entity that is controlling it on one hand, and other entities that it contracts to achieve its purposes.
If your understanding of 'a website' includes all of the 3rd party trackers that it may be using, then the wording becomes obviously correct. I would venture though that this is not the common connotation of the phrase 'you may still be tracked by the website you are visiting', which I believe most people would take to mean more 'the origin server', i.e. 'I may still be tracked by the 1st party entity who owns the site I am directly visiting, but I will no longer be tracked by other parties'.
In fact, by your definition of 'the site I am visiting' , incognito mode offers no more tracking protection than regular browsing, as I can never be tracked by anything but the site I am visiting, including Google analytics, Facebook, and any other ad networks that they chose to use; I am never tracked by any site that I am not currently visiting, obviously.
Incognito Mode states plainly that it DOES NOT prevent the website you are visiting from tracking you.
Another commenter said that this wording implies that it DOES prevent Google Analytics, since it is not part of the site.
My argument was that drawing a distinction between a "site" and modules that are part of that "site" but are from other parties is dubious (also, likely impossible).
Google is not the website being visited, and if it's not a big deal, then why doesn't it say, "Google will still track you using third party analytics, font requests, ad pixels, single sign on, and recaptcha"?
I mean, if nobody really cares, why not be more direct about it?
Personally, I always took Incognito/In-Private browsing to be just a "delete cookies and history on exit" mode. But the way it is presented may suggest to many people that it is significantly more than that, even with the disclaimers in Chrome. I would not hold my breath for a successful suit based on that, though.