Google Chrome's Incognito mode will be strengthened in a future update. Google will fix an old flaw that allows websites to detect when this mode is enabled on the browser by querying an API that stores browsing data.
Google Chrome's Incognito private browsing mode offers a certain sense of privacy, but it is still a little too permissive compared to some alternatives such as VPNs. During private browsing, the browsing history is not recorded, nor are site data and input information. The same applies to cookies, which are neither stored nor accessible to websites.
Google Chrome hides an old flaw that allows developers to know when a user activates private browsing mode. According to 9to5Google, a simple search for "how to detect private browsing mode" in the Google engine leads to a result of Stack Overflow, a developer forum where it is explained how to detect the use of this mode on the browser.
The Google Chrome flaw will soon be fixed
When private browsing mode is enabled, Google Chrome disables an API called FileSystem that allows data to be stored temporarily or permanently. In doing so, the browser prevents the recording and access to navigation information. By querying this API, developers can find out whether or not private browsing is enabled, which Google does not want to allow.
In a series of changes made to the public source code of Chromium, 9to5Google identified changes to fix the flaw. In practical terms, rather than disabling the FileSystem API, the browser will now create a temporary file system in RAM memory that will self-destruct when the user leaves private browsing mode.
This will render inoperative all current detection methods that allow, for example, some websites to restrict access to their content, much as is the case with ad blockers, since navigation data is essential for the delivery of relevant ads.
According to 9to5Google, the new feature will first be deployed in Chrome Canary before arriving in Google Chrome 74 as an option that can be activated in the flags. It will then be enabled by default from Chrome 76.
When private browsing mode is enabled, Google Chrome disables an API called FileSystem that allows data to be stored temporarily or permanently. In doing so, the browser prevents the recording and access to navigation information. By querying this API, developers can find out whether or not private browsing is enabled, which Google does not want to allow.
In a series of changes made to the public source code of Chromium, 9to5Google identified changes to fix the flaw. In practical terms, rather than disabling the FileSystem API, the browser will now create a temporary file system in RAM memory that will self-destruct when the user leaves private browsing mode.
This will render inoperative all current detection methods that allow, for example, some websites to restrict access to their content, much as is the case with ad blockers, since navigation data is essential for the delivery of relevant ads.
According to 9to5Google, the new feature will first be deployed in Chrome Canary before arriving in Google Chrome 74 as an option that can be activated in the flags. It will then be enabled by default from Chrome 76.