Some websites are coming up with imaginative – and sometimes nefarious – ways of getting around a new Chrome feature that’s supposed to stop sites from detecting whether its visitors are using Incognito mode.
Incognito mode is a way to browse the internet more privately, stopping websites from installing cookies and tracking your movements online. It’s not fully private, but it does offer more protection than standard browsing.
However, many websites have been using methods to detect if a visitor is using Incognito mode – such as trying to write data to a user’s hard drive using FileSystem API. If they weren’t able to do that, it meant the visitor was using Incognito mode.
- The secrets web browsers hold about users – what's the risk?
- Former Edge intern hints Google made changes to mess with Microsoft’s browser
- Microsoft claims Edge is the best web browser for long battery life
With Chrome 76, Google introduced a feature that allowed the browser to pretend to accept the request, but instead write the data to RAM – which would then be wiped.
This was designed to fool websites into thinking users weren’t using Incognito mode. It was a crafty move, but it appears some websites have already found ways around this.
Hide and seek
According to Vikas Mishra, a security researcher, websites can use the Quota Management API to detect if the data is being written to a hard drive or RAM, depending on the storage space available. If the user is found to be using RAM, it means they’re using Incognito mode.
Another developer, Jesse Li, has found a timing attack that can be used to see how fast the data is being written. If the write speed is very fast, it means it’s being written to RAM, and therefore the visitor is using Incognito mode.
We don’t know how many websites are using these methods, but it’s likely to be used by any website that wants to know if users are using Incognito mode – for example if they want to limit how many free articles a user can view before they have to subscribe.
The good news is that Google is aware of the issue, and is working on a way to stop websites using these workarounds.
- These are the best web browsers of 2019
Sign up to receive daily breaking news, reviews, opinion, analysis, deals and more from the world of tech.
Matt is TechRadar's Managing Editor for Core Tech, looking after computing and mobile technology. Having written for a number of publications such as PC Plus, PC Format, T3 and Linux Format, there's no aspect of technology that Matt isn't passionate about, especially computing and PC gaming. Ever since he got an Amiga A500+ for Christmas in 1991, he's loved using (and playing on) computers, and will talk endlessly about how The Secret of Monkey Island is the best game ever made.