Posted On 26 Mar 2019
Chrome updates will soon address a loophole that has allowed sites to block any web users who are using ‘Incognito’ mode. Because Incognito stops websites from tracking users with cookies, many sites have been preventing these users from accessing their pages.
While Incognito keeps your browsing history clear, it also stops websites from tracking you. Because internet ad revenue is so dependent on this tracking ability, sites like MIT Technology Review and The Boston Globe have been blocking Incognito users. In order to read their articles, users have had to turn off Incognito mode, thus enabling the sites to track their use.
Most websites detect Incognito browsing through an API called ‘FileSystem’. This is disabled whenever Incognito mode is selected because it creates permanent records. However, recent developments suggest that Chrome will soon trick websites into thinking that the API is always enabled.
In the future, when a site requests use of the API and the user is in Incognito mode, Chrome will create a virtual file system in RAM: no longer will the website receive a conspicuous error message. Once the Incognito browsing session is complete, the RAM file will be deleted, and no permanent record stored.
This patch could, however, be a temporary measure as Google looks to remove the API entirely. If Google finds that the API has no legitimate use and is simply being used to detect Incognito users, FileSystem may be completely removed.
The workaround is intended to feature in Chrome 74 as an opt-in solution. Users can access the fix via the ‘chrome://flags’ menu within experimental features. Available from April, it is hoped that this fix will become a default setting by the time Chrome 76 is launched.