Chrome's Incognito Mode has loophole

By on
Chrome's Incognito Mode has loophole

Google has revealed that the Incognito Mode in its Chrome browser has a loophole “that has allowed sites to detect people who are browsing”.

The good news is that the company’s explanation of the problem says that the result of the loophole is not identification of individuals. Rather it means sites can detect those who visit while using Incognito Mode.

But the outcome is still bad because, as Google explains, “Chrome’s FileSystem API is disabled in Incognito Mode to avoid leaving traces of activity on someone’s device. Sites can check for the availability of the FileSystem API and, if they receive an error message, determine that a private session is occurring and give the user a different experience.”

Google doesn’t see a privacy problem with that. But it does see a business problem because it reckons that the loophole has often been used “to intercept Incognito Mode sessions and require people to log in or switch to normal browsing mode, on the assumption that these individuals are attempting to circumvent metered paywalls.”

Version 76 of Chrome, due on 30 July, will therefore change the behaviour of the FileSystem API “to remedy this method of Incognito Mode detection.” Future versions of Chrome will continue to foil other methods of Incognito Mode detection.

Google reckons the change will help business, provided they devise a strategy to handle users that try to get around their paywalls or registration requirements.

“Our News teams support sites with meter strategies and recognize the goal of reducing meter circumvention, however any approach based on private browsing detection undermines the principles of Incognito Mode,” the post concludes. “We remain open to exploring solutions that are consistent with user trust and private browsing principles.”

In related news, Google has increased the value of payouts in its bug bounty program for Chrome. The maximum baseline reward amount has tripled, going from US$5,000 to $15,000. Nasty bugs can now score double the maximum reward: that's now $30,000, up from $15,000.

The company has also set the bar higher to score the big rewards, by requiring "a reliable exploit that demonstrates that the bug reported can be easily, actively and reliably used against our users." Details of the new bounties are here.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
browsers chrome google paywall privacy security

Partner Content

Build cybersecurity capability with award winning Fortinet training from Ingram Micro
Build cybersecurity capability with award winning Fortinet training from Ingram Micro
How NinjaOne Is Supporting The Channel As It Builds An Innovative Global Partner Program
How NinjaOne Is Supporting The Channel As It Builds An Innovative Global Partner Program
Kaseya Dattocon APAC 2024 is Back
Kaseya Dattocon APAC 2024 is Back
Tech For Good program gives purpose and strong business outcomes
Tech For Good program gives purpose and strong business outcomes
Ingram Micro Ushers in the Age of Ultra
Ingram Micro Ushers in the Age of Ultra

Sponsored Whitepapers

Stop Fraud Before It Starts: A Must-Read Guide for Safer Customer Communications
Stop Fraud Before It Starts: A Must-Read Guide for Safer Customer Communications
The Cybersecurity Playbook for Partners in Asia Pacific and Japan
The Cybersecurity Playbook for Partners in Asia Pacific and Japan
Pulseway Essential Eight Framework
Pulseway Essential Eight Framework
7 Best Practices For Implementing Human Risk Management
7 Best Practices For Implementing Human Risk Management
2025 State of Machine Identity Security Report
2025 State of Machine Identity Security Report

Events

techpartner.news MSP index - Brisbane
techpartner.news MSP index - Brisbane
techpartner.news Channel Leader List / Golf day
techpartner.news Channel Leader List / Golf day
techpartner.news Pipeline Conference 2025
techpartner.news Pipeline Conference 2025
Integrate Expo 2025
Integrate Expo 2025
Security Exhibition & Conference 2025
Security Exhibition & Conference 2025

Most read articles

AI ambition: Nick Beaugeard looks to harness AI agents to provide tech services

AI ambition: Nick Beaugeard looks to harness AI agents to provide tech services
Tech Research Asia to present Australian IT M&A report

Tech Research Asia to present Australian IT M&A report
MSPs pressed to review ransomware response as new reporting rules commence

MSPs pressed to review ransomware response as new reporting rules commence
Comms Group to spend $10m to buy TasmaNet business and assets

Comms Group to spend $10m to buy TasmaNet business and assets

Log in

Email:
Password:
  |  Forgot your password?