Google Promises To Plug Hole That Let Websites Track Chrome Incognito Sessions
Google's Chrome browser has for a long time incorporated an Incognito Mode that aims to deliver web surfers more privacy when they are cruising the internet. The problem is that the feature doesn't prevent sites from detecting people who are using Incognito Mode. Google is now saying that later this month, Chrome will plug a loophole that has allowed sites to identify people in Incognito Mode.
Google notes that this change will affect some publishers who have used the loophole to deter metered paywall circumvention. Google says that it wants users to be able to access the web privately no matter their reasons for doing so. There are a myriad of reasons why people might want to keep their web surfing private, including cases of domestic abuse or political oppression according to Google.
The loophole that some sites are using to track Incognito Mode browsers was an unintended one. The search giant says that the FileSystem API is disabled in Incognito Mode to avoid leaving activity on a user's device. Sites can check for the availability of the FileSystem API, and if an error message is received, the website knows that someone is using a private browsing session and can deliver the user a different experience.
In Chrome 76, set to launch on July 30, the FileSystem API behavior will be modified to prevent this type of Incognito Mode detection. Chrome will work to remedy any current or future means of identifying Incognito Mode browsers. Google also says that the change will affect websites that use the FileSystem API to intercept Incognito Mode sessions and force the users to log in or switch to a normal browser on the assumption that they are trying to circumvent a paywall.
Sites wishing to deter meter circumvention will have options like reducing the number of free articles someone can view before being forced to login or requiring free registration to view any content. Google also says it recognizes the goal of reducing meter circumvention, but an approach based on private browser detection undermines the principals of Incognito Mode.