 Thursday, June 4, 2020 in Privacy  No Comments |  | Google said last year that it would fix a bug that allowed sites to detect incognito mode, but no fix ever came.
Websites are still capable of detecting when a visitor is using Chrome's incognito (private browsing) mode, despite Google's efforts last year to disrupt the practice.
There are several reasons why website operators like to block incognito mode users.
For example, some users employ incognito mode to bypass content paywalls and various content filters/limiters. In addition, current incognito (private browsing) modes in most browsers today also ship with aggressive anti-tracking features that block websites from tracking and fully monetizing their traffic.
Both issues -- and the inherent use of private browsing -- result in direct financial losses to websites and the primary reasons why scripts that detect incognito modes have become popular in recent years.
Google tried to fix it in 2019
In early 2019, Google decided to take a stance against such scripts. Chrome 76, released in July 2019, included an update that blocked websites from using the FileSystem API to detect if a user was using Chrome's normal browsing mode or its incognito mode.
Before Chrome 76, the FileSystem API was simply not available in incognito mode, and website operators only had to query this API to find out if a user was using incognito mode. With Chrome 76, Google activated the FileSystem API for incognito mode windows making previous detection scripts useless. However, this update wasn't foolproof. Google didn't fully activate the FileSystem API, but merely set up a hard limit to the amount of storage space that incognito mode windows could access, at 120 MB.
It took programmers under a week after the Chrome 76 release to discover what was happening, and develop scripts that probed the FileSystem API to determine the amount of storage space a website could access, and indirectly detect if the user was using incognito mode or not.
Two different scripts were released in August 2019 [1, 2], and one of them even made its way into the New York Times' website, confirming how popular these scripts are with many online content publishers.
zdnet.com | |
|
