The Google Chrome browser’s Incognito Mode isn’t as private as some web users are led to believe.
It’s actually quite easy for developers to figure out whether Chrome users are browsing in Incognito Mode and then block them from accessing content.
Indeed, paywalled sites like The Boston Globe and the MIT Technology review have recently used these tactics to keep out those who don’t wish to be targeted by their advertisers.
Google has known about this capability for years, but is finally looking to close those loopholes, judging by a new report from 9to5Google. The issue lies within the FileSystem API within the Chrome browser. As the report points out, if Incognito Mode is enabled, this API is automatically disabled, leaving a telltale sign to web developers.
Related: Best Chromebook 2019
A series of commits to the Chromium project suggest that Chrome will soon create a virtual file system using RAM, which will be deleted once the user leaves the Incognito mode. This will have the added bonus of halting those all-too-easy methods of detecting whether Chrome users are within the private browsing mode.
An internal document seen by the site suggests that once this solution is in place, Google may get rid of the API completely. It reads:
Since there’s no adoption of the FileSystem API by other browser vendors, it appears to be only used by sites to detect incognito mode. By making this harder, hopefully the overall usage of the API goes down to the point that we can deprecate and remove it.
The only way it’ll stick around is if Google determines there are more uses for the API.
We’re only on Chrome 72 right now, but it appears the feature will be available within stable build by the time Chrome 76 rolls around.
Should Google have already filled this loophole? Is the company doing enough to secure web users’ privacy? Let us know @TrustedReviews on Twitter.