Google | Aug 13, 2019 | Master3395
But websites have found a different solution.
In earlier versions of Chrome, web pages had the option of checking if visitors have Incognito mode turned on.
However, as of Chrome 76, web pages cannot check whether the FileSystem API is available. When websites lose this opportunity, it means that it becomes impossible to determine whether or not the user has Incognito mode.
Sealed holes, but it was not enough
The New York Times still able to identify whether or not the user is in Incognito mode.
TechDows thinks they have the answer to why. Security experts Vikas Mishra and Jesse Li have figured out how websites can get past Google's protections. Previously, web pages about FileSystem API, which asks to write directly to the hard disk, returned an error. If an error message was received, Incognito mode was turned on.
Google fixed this problem by having Chrome write data to the computer's memory instead.
But now websites can use the Quota Management API to exploit differences in the way temporary storage quotas behave between Incognito mode and regular browsing. In addition, web pages can also track write speeds to determine whether the data is written to the hard disk or memory (RAM). As the speed of writing is faster through memory, this may be an indicator of whether the user has enabled Incognito mode or not.
Google has previously promised that Chrome should not reveal whether or not the user has private browsing turned on. Chrome developers have already created an error report for both of these gaps, so we should not overlook the fact that the company is launching a bug fix shortly.
Keywords: chrome, inkognito