Chrome browser patch will close loophole used to block Incognito mode

Cal Jeffrey

Cal Jeffrey

Posts: 4,179   +1,427
Staff member
Why it matters: Google is looking to fix an ages-old loophole that allows websites to check to see if a user is in Incognito mode when visiting the site in Chrome.

When using Incognito mode, browsing history is not recorded, and websites cannot use cookies to track internet activity. Since so much of the internet uses tracking cookies to target users with ads, some sites don’t like users visiting in this privacy mode, and will block them. To see examples of this, try viewing articles on The Boston Globe or MIT Technology Review websites while using Incognito.

The most common way that websites detect the mode is by trying to call the “FileSystem” API, which is available in Chrome’s default mode. This API is disabled in Incognito since it can create a permanent record defeating the purpose of private browsing. So if a website tries to access the API, Incognito will throw an error, which triggers the site to display its “turn off Incognito” message.

Google has been aware of this checking method for a long time but finally seems to be doing something about it. According to several recent commits to Chrome’s source code, developers are beginning to tie up this loophole. The plan is to add a virtual file system in RAM to Incognito mode. This way when websites call the FileSystem API, they won’t get an error, and when the user closes the Incognito window, the virtual file system disappears leaving no trace.

"This should easily shut down all current methods for detecting if Chrome is Incognito."

9to5Google obtained an internal document noting that once it implements this “protection,” Google is going to look at eliminating the FileSystem API in future versions.

“Since there’s no adoption of the FileSystem API by other browser vendors, it appears to be only used by sites to detect incognito mode,” the document reads. “By making this harder, hopefully, the overall usage of the API goes down to the point that we can deprecate and remove it.”

Google is aiming to have it ready by Chrome 74 behind a flag and then enabling it by default with Chrome 76. Chrome 74 (Canary) is due to roll out soon. To use the new feature, users will have to apply the flag #enable-filesystem-in-incognito.

Permalink to story.

https://www.techspot.com/news/78807-google-patch-chrome-loophole-sites-use-block-incognito.html

 
"try viewing articles on The Boston Globe or MIT Technology Review websites while using Incognito."
Click to expand...
I can access both of those sites perfectly with Firefox in Private Mode. Now where was that article last week about how everyone should agree that Chrome should become the Sole Browser of the net and Mozilla should just die off gracefully? LOL.
 
  • Like
Reactions: treetops
BSim500 said:
"try viewing articles on The Boston Globe or MIT Technology Review websites while using Incognito."
Click to expand...
I can access both of those sites perfectly with Firefox in Private Mode. Now where was that article last week about how everyone should agree that Chrome should become the Sole Browser of the net and Mozilla should just die off gracefully? LOL.
Click to expand...

Firefox IS Chromium now, with a tiny of bit of customization to WebAPI. Mozilla threw their long-time addon coders to the wolves while also making it a little harder to port Chromium extensions to Firefox. Great job, martinis all around!
 
psycros said:
BSim500 said:
"try viewing articles on The Boston Globe or MIT Technology Review websites while using Incognito."
Click to expand...
I can access both of those sites perfectly with Firefox in Private Mode. Now where was that article last week about how everyone should agree that Chrome should become the Sole Browser of the net and Mozilla should just die off gracefully? LOL.
Click to expand...

Firefox IS Chromium now, with a tiny of bit of customization to WebAPI. Mozilla threw their long-time addon coders to the wolves while also making it a little harder to port Chromium extensions to Firefox. Great job, martinis all around!
Click to expand...

Huh? Firefox does not use Chromium, it is still based on Gecko.
 
  • Like
Reactions: mbrowne5061
Regardless of what Google does with Chrome because of websites that track Incognito Mode they also track you if you use a VPN. It may stop them from seeing trackers from other websites, but take for instance Yahoo email, they want you to turn off your VPN so they can see more than just what they see between you and them remember VPN are a tunnel betweeen you and that website. Look at FoodNetwork they put a banner across the page if you are using a VPN or using Incognito Mode, The Boston Globe won't allow you to read an article if either one is on. Since Facebook brought us all this crap about tracking and selling ads, times on the internet have gotten a lot worse. How about selling ads to companies like the good ole days as Yahoo did. I get the same ads that I already looked up shoved back in my face. I see more and more websites blocking use of their sites if you are using either Incognito Mode or a VPN
 
Well give it time VPNs, ad trackers, and incognito mode will be gone, because thanks to Facebook everyone is selling tracking records
 
You must log in or register to reply here.

Similar threads

midian182
Google to delete billions of Incognito mode browsing records as part of lawsuit settlement
Replies
6
Views
152
ZedRM
ZedRM
midian182
Chrome incognito mode not so private: Google to settle in class-action lawsuit
Replies
10
Views
314
user556
U
midian182
Google launches Chrome Enterprise Premium, a paid-for browser with advanced security features
Replies
7
Views
136
noXLar
noXLar

Latest posts

Back