Google Chrome 76 closes a gap that websites use to detect when users are using the browser's incognito mode.
In recent years, you may have noticed that some websites prevent you from reading articles while using the private mode of a browser. The Boston Globe started this in 201
Chrome 76 – currently in beta and expected to be available on the stable channel on July 30 – prevents these websites from finding that they're private mode. Google explained the change yesterday in a blog post titled "Protecting Private Surfing in Chrome."
Today, some websites use an unintentional loophole to determine when people are surfing in incognito mode. Chrome's FileSystem API is disabled in incognito mode to prevent activity traces on another user's device. Web sites can check the availability of the FileSystem API, and if an error message occurs, they can determine that a private session is taking place and provide a different experience for the user.
With the release of Chrome 76, the behavior is scheduled for July 30, the FileSystem API is changed to fix this method of detection in incognito mode.
With today's beta release of Chrome 76, I confirmed that the Boston Globe, the New York Times, and the Los Angeles Times did not recognize that my browser was in private mode. However, all three sites saw private mode in Safari for Mac and Chrome 75.
Google acknowledged that websites may find new loopholes for detecting private mode, but promised to close it as well. "Chrome will also work to eliminate other current or future means of detecting incognito mode," says Google's blog post.
Change Affects Publisher Paywalls
Google also acknowledged that this change will make it harder for publishers to enforce paywalls. Many news pages restrict unsubscribed readers to a certain number of articles per month, but entering private mode may circumvent those article restrictions.
Google found that the article restriction model is "inherently porous, because it relies on a website's ability to track the number of free articles anyone has viewed, typically using cookies." Google recommended that publishers use For example, to monitor the impact of Chrome 76 on readers before making any changes:
For example, sites that want to prevent the counter from being circumvented can reduce the number of free items that can be viewed before signing up, and require a free registration to make content display harden their paywalls. Other sites offer more generous ads to increase the affinity between potential subscribers, and recognize that some users are always looking for workarounds. We recommend that publishers monitor the impact of the FileSystem API change before taking any reactive action, as the impact on user behavior may be different than expected, and any change in the measurement strategy will affect all users, not just users use incognito mode.
Incognito Mode is Not a Full Privacy System
While Google stated it "[s] recognizes the goal of reducing counter-rounds," it was also said that "any approach based on the detection of based on private browsing that undermines the principles of incognito mode ".
Want to protect their privacy on shared or borrowed devices or exclude certain activities from their browsing history In situations such as political repression or domestic abuse, people may have important security reasons to hide their web activity and the use of private browsing features. Google said.
In Google's blog post, it was not mentioned that the incognito mode has limited use for privacy protection and the incognito mode would not do much for someone trying to dodge "political oppression" If you're using incognito mode, "Chrome will not store your browsing history, cookies, and website data, or form-input information," a Google support page says, which is useful for keeping people from browsing in front of other users of the same device or Google Account but not to hide your location or identity from websites and network operators, your employer or school, or your ISP, "reads the same Google support page. For more complete privacy protection, there are systems such as Tor and VPNs. However, finding a private and secure VPN requires some research.