Incognito mode allows users to privately surf the internet without site data being monitored and browsing history saved. It also prevents websites from tracking visitors with cookies. While in Incognito mode, users are basically blocking advertisements from targeting them based on their signature (web history). It can also be used to get around article limits on some subscription based websites. This has led several websites to block incognito mode with an on-screen prompt in an attempt to stop users from circumventing its paywall.
According to 9to5Google, Google is aware of a trick that web developers have been exploiting which enables them to detect if a user is visiting a website in Chrome’s Incognito mode. This loophole as revealed allows websites to block visitors from accessing the site’s content, forcing them to switch out of Incognito mode if they want to view the page.
The workaround is fairly simple, when incognito mode is being used, Google Chrome disables the FileSystem API, which stores application files. Several websites looking to block private browsing in Chrome can just check for this API when a browser loads the page.
Google is working to fix this exploit by having Chrome create a virtual file system in RAM. By doing this, websites won't notice the missing API. To ensure data is not saved, this virtual system will be automatically deleted when a user leaves Incognito mode. However, according to 9to5Google, the search engine giant is also looking to completely remove the FileSystem API from Chrome altogether.
Google is set to close the loophole via an opt-in feature with Chrome 74, which The Verge point out is expected to arrive in April. The option is tentatively expected to be the default option by Chrome 76.
Source:
1
