Google is closing a Chrome API loophole to make Incognito Mode more secure and private
Following increasing awareness that using Incognito Mode in Chrome can be detected, and it is still possible for sites to track your online behavior when you're using it, Google has announced upcoming changes that will close a loophole.
The update is due at the end of this month and it addresses a chink in the FileSystem API. Google says the change are coming in Chrome 76, and will also make it harder for publishers to determine when people are trying to bypass paywalls.
- Google kills off its censored Chinese search engine, Project Dragonfly
- Yes, Google really is listening in on what you say to Google Assistant
- There will be no more tablets from Google
Google says that it is introducing the changes because it wants "you to be able to access the web privately, with the assurance that your choice to do so is private as well". The company recognizes that people have numerous reasons for wanting to hide their online activities, including "situations such as political oppression or domestic abuse" but also -- obviously -- browsing porn.
In a blog post about the upcoming changes, Google says:
Today, some sites use an unintended loophole to detect when people are browsing in Incognito Mode. Chrome's FileSystem API is disabled in Incognito Mode to avoid leaving traces of activity on someone’s device. Sites can check for the availability of the FileSystem API and, if they receive an error message, determine that a private session is occurring and give the user a different experience.
With the release of Chrome 76 scheduled for July 30, the behavior of the FileSystem API will be modified to remedy this method of Incognito Mode detection. Chrome will likewise work to remedy any other current or future means of Incognito Mode detection.
Google acknowledges that the change will affect sites' ability to easily detect paywall circumvention but it goes on to say:
Sites that wish to deter meter circumvention have options such as reducing the number of free articles someone can view before logging in, requiring free registration to view any content, or hardening their paywalls. Other sites offer more generous meters as a way to develop affinity among potential subscribers, recognizing some people will always look for workarounds. We suggest publishers monitor the effect of the FileSystem API change before taking reactive measures since any impact on user behavior may be different than expected and any change in meter strategy will impact all users, not just those using Incognito Mode.
The company concludes by saying that it is "open to exploring solutions that are consistent with user trust and private browsing principles".