Want to check your Facebook profile at work but don't want your boss to know? We've all been there, and most people will access incognito mode in Google Chrome to avoid their browsing being tracked. However, that may not be enough because websites can still use a Chrome loophole to know if a user is accessing through private browsing.
So, the next time you're scraping the bottom of the internet barrel, remember websites know what you're up to. Web owners use the Chrome loophole to keep track of users even in incognito mode, and even to stop them stumping paywalls.
Google knows about this loophole and says it is closing it. The company says it will shut down the workaround in the FileSystem API, essentially bringing complete privacy in incognito mode.
Whenever Chrome is in use, it creates a FileSystem API for data storage. When entering Incognito mode, the browser disables FileSystem so no traces in storage are created. It is this feature that allows websites to know if a visitor was Incognito or not. If the FileSystem API is not present, it means the users is browsing privately.
Closing the Door
The loophole was being used by advertisers to send targeted content to users even if they were browsing privately. We reported back in February that Google was preparing to close the loophole. It seems an upcoming update will make that move a default in Chrome.
From July 30, the company says it will be preventing the FileSystem API workaround and will also strop any other methods for tracking users in incognito mode.
“Sites that wish to deter meter circumvention have options such as reducing the number of free articles someone can view before logging in, requiring free registration to view any content, or hardening their paywalls,” Google explained. Other sites offer more generous meters as a way to develop affinity among potential subscribers, recognizing some people will always look for workarounds. We suggest publishers monitor the effect of the FileSystem API change before taking reactive measures since any impact on user behavior may be different than expected and any change in meter strategy will impact all users, not just those using Incognito Mode.”