Chrome 76 will prevent websites from detecting users in incognito mode

Incognito mode logo

Google has announced a change in incognito mode behavior en the next launch of your browser Chrome 76 which is scheduled for July 30. In particular Google shares that the possibility of using a bug that was taken advantage of by websites in the implementation of the file system API will be blocked, which allows to determine if a user is incognito when using a web application from a web application.

The essence of the method is that before working in incognito mode, the browser blocked access to the file system API to prevent data from being established between sessions, that is, from JavaScript, it was possible to verify the possibility of saving data to via the filesystem API and in case of failure, judge incognito mode activity.

The websites simply had to try to use the file system API that is used to store temporary or permanent files.

Chrome's incognito mode is based on the principle that you should have the option to browse the web privately.

This API was disabled in incognito mode, but was present in normal mode. This created a state difference that is exploited to detect whether a user was browsing a website using incognito mode and preventing them from viewing the content of the site.

When in incognito mode, the API is disabled so that people don't leave traces of activity. The websites have been checking the availability of the API and if they can't find it, they determine that Incognito Mode is turned on.

This move could please concerned people because private browsing modes are losing some of their value

In a future version of Chrome, access to the filesystem API will not be blocked, but the content will be deleted after the session ends.

We want you to be able to access the web privately, with the assurance that your choice to do so is also private. These principles are consistent with emerging web standards for private browsing modes.

Similarly, some sites that operate under the model to provide full access for a paid subscription (paywall), but up to the limitation of the ability to view full texts of articles, give new users full demo access for some time.

At the end of July, Chrome will remedy a loophole that has allowed sites to detect people browsing in Incognito Mode. This will affect some publishers who have used the breach to deter measured paywall circumvention, so we would like to explain the background and context of the change.

Consequently, the easiest way to access paid content on such systems is to use incognito mode.

The editors are not satisfied with this behavior, so recently they have been actively using the loophole related to the FileSystem API to block access to the site when they activate incognito mode and show a request to deactivate this mode to keep watching.

Google added that publishers should analyze the effect of the FileSystem API revision before making changes to their websites.

Starting with Chrome 76, sites will not be able to detect whether the browser is in normal mode or incognito mode. While this does not guarantee that sites will not hamper other obstacles for users visiting them using Incognito Mode, it does at least address the easy detection of private browsing mode.

Sites can still prompt users to sign in regardless of what mode they are in, but they can no longer single out users using Incognito Mode.

Chrome 76 is expected on July 30, 2019, with which this version of the browser will introduce this and other changes.

Source: https://www.blog.google/


The content of the article adheres to our principles of editorial ethics. To report an error click here!.

Be the first to comment

Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: AB Internet Networks 2008 SL
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.