Google to plug Chrome loophole that exposes Incognito status to sites

Chrome Incognito
(Image credit: Google)

In Google’s latest blog post, the tech giant has promised to put and end to a loophole in its Chrome web browser that compromised its users' privacy when using its ‘Incognito’ private browsing mode.

Currently, websites are able to detect when a user is browsing in Incognito Mode by scanning for the presence of Chrome’s Filesystem API (Application Programming Interface), which is disabled in this mode in order for the user’s browsing activity not to leave traces on their device.

A website can assume the user is browsing in Incognito Mode if it receives an error message when checking for the availability of this API. In Chrome 76, which is slated for release on July 30, Google promises that sites scanning for the API will no longer receive the error message.

Google claims it “wants you to be able to access the web privately, with the assurance that your choice to do so is private as well”, citing examples of political oppression and domestic abuse as valid reasons for wanting to privately browse the web.

Bypassing paywalls

As a byproduct of this modification to Chrome’s Incognito Mode, Google acknowledges that sites that use a metered paywall – those offering a finite amount of free articles before having to subscribe, for instance – will no longer be able to detect when people are circumventing the block via private browsing.

“Our News teams support sites with meter strategies and recognize the goal of reducing meter circumvention, however any approach based on private browsing detection undermines the principles of Incognito Mode. We remain open to exploring solutions that are consistent with user trust and private browsing principles.”

Porn sites and what they know about you

While this change may make it trickier for sites to know when you are indeed using Incognito Mode, it certainly doesn’t stop them continuing to track your usage when you do so.

The splash page for Chrome’s Incognito Mode specifically states that, while “other people who use this device won’t see your activity”, it “might still be visible to websites that you visit, your employer or school, and your internet service provider”.

For instance, a recent report jointly published by Microsoft Research, Carnegie Mellon University and the University of Pennsylvania has found that a whopping 93% of the 22,484 pornography websites they analyzed were collecting user data and leaking it to third party data brokers.

Perhaps more shockingly, the report found that 45% of the studied sites used the visited sites to build a profile of the user’s gender, sexual identity and preferences which, for users in certain political environments, could be incredibly dangerous.

If you’re looking to hide your browsing habits from the sites you visit as well as the devices you browse on, you’ll need to go further than Chrome’s Incognito Mode. Services such as Tor and its Firefox-based browser offer a secure alternative, as does Opera’s integrated VPN.

Harry Domanski
Harry is an Australian Journalist for TechRadar with an ear to the ground for future tech, and the other in front of a vintage amplifier. He likes stories told in charming ways, and content consumed through massive screens. He also likes to get his hands dirty with the ethics of the tech.