Skip to content

Google Chrome’s loophole allowed sites to detect people in Incognito mode: Fix issued

  • by
  • 3 min read

Google Chrome’s incognito mode, which is supposed to aid the user to surf the internet privately, has an ‘unintended loophole’ that allowed sites to detect if a user is browsing in incognito mode and will be fixed by the end of this month.

When a user enters the incognito mode, Chrome’s FileSystem API is disabled to avoid leaving traces of user activity. Sites can check for the FileSystem API and while doing so if they receive an error message, they determine that the user is logged into private browsing and then can decide to change the user experience on their website.

The loophole had allowed certain sites to deter the circumvention of their metered paywall.

On July 30, Google Chrome 76 update will be rolled out, which will modify the behaviour of FileSystem API to solve the loophole and prevent sites from determining whether a user is logged in the incognito mode.

Also read: Google personalises search results even in incognito mode: Study

“People choose to browse the web privately for many reasons. Some wish to protect their privacy on shared or borrowed devices or to exclude certain activities from their browsing histories. In situations such as political oppression or domestic abuse, people may have important safety reasons for concealing their web activity and their use of private browsing features,” stated Barb Palser, Partner Development Manager, News and Web Partnerships.

This update will surely hit the metered paywall sites hard as they’ll have to either change their meter strategy by reducing the number of free articles or needing the user to register for the free articles. Sites also have the option of a hard paywall that has no meter.

While Google realises that the changes made to FileSystem API will affect metered paywall sites, they also seem to be hardpressed on enhancing user privacy and maintain that “any approach based on private browsing detection undermines the principles of Incognito Mode.”

“We suggest publishers monitor the effect of the FileSystem API change before taking reactive measures since any impact on user behaviour may be different than expected and any change in meter strategy will impact all users, not just those using Incognito Mode.”

In other news, Google has increased the reward amount for the Google Chrome bug bounty programme from $5000 to $15000 (baseline) and from $15,000 to $30,000 (for high-quality reports).

Google Play Security Reward Program has also increased its rewards for remote code execution bug from $5000 to $20,000, theft of insecure private data from $1,000 to $3,000, and access to protected app components from $1,000 to $3,000.

Also read: DuckDuckGo vs Google: Which search engine should you use?


Writes news mostly and edits almost everything at Candid.Technology. He loves taking trips on his bikes or chugging beers as Manchester United battle rivals. Contact Prayank via email:

Exit mobile version