Chrome 76 closed a loophole that allowed sites to detect when the Incognito Mode was being used, but a bypass for it has already been discovered.
The Incognito Mode, or private browsing, allows users to access websites without having unwanted cookies saved on disk and without being tracked by certain websites.
Prior to Chrome 76, the FileSystem API was disabled by default in Incognito Mode, and websites started tracking the API to determine whether the user was browsing normally or not. Now, Chrome makes the FileSystem API available in Incognito Mode as well, thus closing the loophole.
However, this does not resolve the issue where websites can detect whether Incognito Mode is in use, thus delivering a different experience to users.
Developer Jesse Li discovered that, although the FileSystem API is used in Incognito Mode, Chrome stores data written to the API in memory instead of saving it to disk.
“When we choose to use memory, we make some tradeoffs: RAM is temporary storage, making it an attractive medium for incognito. But side effects include smaller space and higher speed than disk,” Li notes.
Thus, websites could determine whether the user browses in Incognito Mode or not by measuring the speed at which data is written to the FileSystem API.
For that, websites would simply need to benchmark the filesystem by repeatedly writing large strings to it and then measuring how long that takes. Thus, the site could then determine when the data is written to memory, since the operation is faster than when writing to disk.
The developer says that 100 iterations of the benchma ..
Support the originator by clicking the read the rest link below.
