Chrome’s new Incognito privacy features are already being sabotaged by websites
Keep on tracking
Some websites are coming up with imaginative – and sometimes nefarious – ways of getting around a new Chrome feature that’s supposed to stop sites from detecting whether its visitors are using Incognito mode.
Incognito mode is a way to browse the internet more privately, stopping websites from installing cookies and tracking your movements online. It’s not fully private, but it does offer more protection than standard browsing.
However, many websites have been using methods to detect if a visitor is using Incognito mode – such as trying to write data to a user’s hard drive using FileSystem API. If they weren’t able to do that, it meant the visitor was using Incognito mode.
- The secrets web browsers hold about users – what's the risk?
- Former Edge intern hints Google made changes to mess with Microsoft’s browser
- Microsoft claims Edge is the best web browser for long battery life
With Chrome 76, Google introduced a feature that allowed the browser to pretend to accept the request, but instead write the data to RAM – which would then be wiped.
This was designed to fool websites into thinking users weren’t using Incognito mode. It was a crafty move, but it appears some websites have already found ways around this.
Hide and seek
According to Vikas Mishra, a security researcher, websites can use the Quota Management API to detect if the data is being written to a hard drive or RAM, depending on the storage space available. If the user is found to be using RAM, it means they’re using Incognito mode.
Another developer, Jesse Li, has found a timing attack that can be used to see how fast the data is being written. If the write speed is very fast, it means it’s being written to RAM, and therefore the visitor is using Incognito mode.
Get daily insight, inspiration and deals in your inbox
Sign up for breaking news, reviews, opinion, top tech deals, and more.
We don’t know how many websites are using these methods, but it’s likely to be used by any website that wants to know if users are using Incognito mode – for example if they want to limit how many free articles a user can view before they have to subscribe.
The good news is that Google is aware of the issue, and is working on a way to stop websites using these workarounds.
- These are the best web browsers of 2019
Via Techdows
Matt is TechRadar's Managing Editor for Core Tech, looking after computing and mobile technology. Having written for a number of publications such as PC Plus, PC Format, T3 and Linux Format, there's no aspect of technology that Matt isn't passionate about, especially computing and PC gaming. He’s personally reviewed and used most of the laptops in our best laptops guide - and since joining TechRadar in 2014, he's reviewed over 250 laptops and computing accessories personally.