Google has announced that it’s going to fix a loophole in its Chrome browser that allows websites to detect whether a user is browsing in the Incognito Mode. The loophole will be fixed with the upcoming Chrome 76 update, which will be rolled out on July 30. The move is going to draw sharp criticism from websites, mainly news publishers. Google says it’s aimed at protecting user privacy when browsing in the Incognito Mode.
The Google Chrome browser has an Incognito Mode that allows users to browse websites privately. The browser itself doesn’t access or save your browsing history, passwords, usernames, cookies, and details entered in the forms. However, your private browsing is still visible to the websites you visit, your Internet service provider, and your employer or school.
Many websites like to check whether you are browsing in Incognito Mode, and sometimes demand that you disable it to proceed. But they won’t be able to detect it after the upcoming update.
Back in April, Google introduced FileSystem API to prevent websites from detecting Incognito browsing. But if users wanted to take advantage of this feature, they had to manually go to a “flags” page and toggle on the “Enable FileSystem API in Incognito.”
Websites scan for the presence of FileSystem API in Google Chrome browser, which is disabled when you are browsing incognito. When websites get an error message while scanning for this API, they know that the user is browsing in the Incognito Mode. “The behavior of the FileSystem API will be modified to remedy this method of Incognito Mode detection,” said Google.
When the Chrome 76 update rolls out, websites will no longer be able to check whether the FileSystem API is available because they will no longer get the error message. The search engine giant also assured users that it will also work to “remedy any other current or future means of Incognito Mode detection.”
Google says it wants users to access the web privately “with the assurance that your choice to do so is private as well.” Private browsing could help users avoid political oppression or surveillance, domestic violence and other situations.
The update will affect paywall-based publishers who give out only limited content for free before requiring them to sign in or subscribe. These publishers will no longer be able to detect when users enable private browsing to circumvent their paywall. The Incognito Mode resets the counter of free articles they have read. Until now, many websites have been denying entry to people browsing incognito and asking them to switch to regular browsing to view their content.
Google has asked publishers not to take any “reaction measures.” They should first see how it affects them before making a decision. The company suggested that publishers could offer “more generous” number of free articles or require free registration to view all content, or harden their paywalls.
It’s not entirely foolproof, though. Over the years, several websites and hackers have found one workaround or another to track users’ activity even in Incognito Mode. Though it’s a step in the right direction, there is no guarantee it will prevent developers and hackers from tracking your private browsing activity.
Google explicitly says that “Your activity might still be visible to: websites you visit, your employer or school, and your Internet service provider” even in Incognito Mode.
Earlier this week, a study conducted by Microsoft Research, Carnegie Mellon University, and the University of Pennsylvania revealed that a staggering 93% of the 22,484 porn websites surveyed were leaking user data to third parties. The report added that Facebook, Google, and Oracle were able to track users browsing pornographic websites.
What’s more, the study found that 45% of the surveyed porn websites used the browsing data to build a profile of the user’s gender, sexual preferences, and identity. The surprising thing is that many people believe their porn browsing activity is private just because they visit those URLs incognito.
Google responded to the report by saying that it doesn’t allow ads on adult content sites. “We prohibit personalized advertising and advertising profiles based on a user’s sexual interests or related activities online,” a Google spokesperson told the New York Times. Facebook has also denied that it’s tracking your porn browsing habits to build ad profiles.