Chrome's 'more private' Incognito mode: Websites can still detect you're using it

Web developers are using two tricks to get around Chrome's new Incognito mode anti-detection methods.

New bans and rules for shady Chrome extension practices Google cracks down on misleading marketing and extensions with shady descriptions. Read more: https://zd.net/2MIQ1k9

Website developers have already crafted methods to bypass Google's recent efforts to stop them detecting when Chrome is in Incognito mode. 

Only last month, Google announced it was modifying Chrome's Filesystem API, which sites use to store temporary or permanent files. 

Previously, if the API was not available, a website could assume the browser was in Incognito mode. Google also promised to close off any new methods to detect when a browser is in Incognito mode. 

Some news websites attempt to detect when Chrome is in private mode to enforce free article limits and ask visitors to switch to regular tabs. 

The changes to the Filesystem API came in Chrome 76 by making it available to websites when in private mode, therefore preventing them from using its absence as a proxy for detecting Incognito mode. 

But security researcher Vikas Mishra recently found that publishers could tell if a tab is in Incognito mode by looking at the amount of space the API makes available to a website. 

Mishra discovered that by using another API that manages the quota assigned to the amount of space a website has in temporary storage -- RAM rather than disk -- it was possible to infer when a browser is in Incognito mode.

SEE: 60 bad habits IT pros need to break (TechRepublic)

The "key differences in TEMPORARY storage quota between Incognito and non-Incognito mode are that in case of Incognito mode, there's a hard limit of 120MB while this is not the case for non-Incognito window", Mishra wrote. The available quota in normal mode is much bigger than 120MB.

Another security researcher Jesse Li has built on this technique by measuring the speed of writes to the quota API. Li found that write speeds in normal mode are both slower and vary more significantly than a browser in Incognito mode. 

Li notes that his technique is slower and less reliable than existing techniques. However, it is also harder to patch because of the technical decision to store data in memory rather than disk. He thinks the only way to block this technique is for Incognito mode and normal mode to use the same storage.    

Chromium developers are working on a fix for both the quota and timing bugs, described as the two related surfaces for Incognito-mode detection using the Filesystem API. As noted in the bug report, the New York Times is already using the quota-detection method to tell when Chrome is in Incognito mode. 

More on Google Chrome