Often When you browse in incognito mode with Google Chrome when visiting certain websites, they prevent you from accessing the content. These websites, Google explained, They exploit a flaw in the filesystem API to detect whether it receives visits in incognito mode or not.
With this, Google announced this week that from version 76 of Google Chrome, it will improve the security of your browser's private browsing. Websites will no longer be able to detect the type of navigation.
Private browsing is present in all modern browsers. This mode helps users avoid unwanted cookies and dynamic tracking.
To continue guaranteeing its users a good private browsing experience, Google decided to take action and put a solution to it.
How do some websites avoid Google Chrome's incognito mode?
The facts revealed that in the last two years, some websites have exploited a vulnerability in the FileSystem API to prevent users from accessing websites who used this method.
The websites simply had to try to use the file system API that is used to store temporary or permanent files.
This API was disabled in incognito mode, but was present in normal mode. This created a status difference that is exploited to detect whether a user was browsing a website using incognito mode and preventing them from viewing the content of the site.
Google has already tried to solve the problem in Chrome 74 but without success, as your solution is to create virtual file system using RAM in private browsing mode. Protection works well against the first detection method used by content providers.
But soon, websites have found another alternative to detect browsing in incognito mode.
This other is based on the API that manages the assigned quota TEMPORARY and PERSISTENT, the storage resources available to the browser's applications and websites. There are two types of storage available for websites and applications: TEMPORARY and PERSISTENT.
TEMPORARY storage, as the name implies, is temporary and can be used without requesting a quota and is shared with all websites running on the browser.
However there are differences between normal browsing and incognito mode, as there is a strict limit of 120 MB, which is not the case for normal browsing.
And it is clear, that for what temporary storage quota is less than 120MB in non-incognito mode, device storage must be less than 2,4GB. However, for practical reasons it is safe to assume that most of the devices used today have more than 2.4 GB of storage. By using this information, it is easy to know whether the user is in incognito mode or not.
The solution will arrive in Chrome 76
Faced with this persistence by different websites for continuing to try to detect private browsing, the company explained that the new change will affect sites that use the FileSystem API to intercept incognito sessions and ask users to switch to normal browsing mode.
With the release of Chrome 76 scheduled for July 30, the behavior of the FileSystem API will be modified to remedy this incognito detection method. Similarly, Chrome will work to address any other current or future means of detection in incognito mode »
“We recommend that publishers monitor the effects of modifying the FileSystem API before taking reactive action, as any impact on user behavior may be different than expected and any change in counter policy will affect all users and not only those who use incognito mode, "Google explained in its post.
Source: https://www.blog.google