Google inadvertently opens two new 'Incognito' mode detection methods to publishers after patch

R0binHood

Habitué
Joined
Nov 23, 2011
Messages
1,388
Fascinating article here on how Google accidentally opened two new methods for sites, of particular use to paywalled ones, to detect if a user is in incognito mode after they tried to patch another method. One of these is already being used in production by the NYT.

Quite cleverly one uses the Chrome Filesystem API to check the RAM available to the browser, which is restricted in incognito mode. The other measures filesystem access times, which are different in incognito mode due to is using a memory filesystem, vs a disk filesystem.

https://www.bleepingcomputer.com/ne...-mode-can-still-be-detected-by-these-methods/
 
Last edited:

LeadCrow

Apocalypse Admin
Joined
Jun 29, 2008
Messages
6,562
Chrome is engineered to leak user data in unbypassable ways, dont use it or Google services expecting any modicum of privacy. Chromium-powered browsers are just slightly less bad, Firefox and Safari are pretty much the lnly serious options nowadays.
 

Alfa1

Administrator
Joined
May 28, 2007
Messages
3,964
Google and incognito do not belong in the same sentence.
 

doubt

Tazmanian
Joined
Feb 25, 2013
Messages
4,864
Chrome is engineered to leak user data in unbypassable ways, dont use it or Google services expecting any modicum of privacy. Chromium-powered browsers are just slightly less bad,
And Microsoft wants their browser to be based on Chromium as well.
 

LeadCrow

Apocalypse Admin
Joined
Jun 29, 2008
Messages
6,562
And Microsoft wants their browser to be based on Chromium as well.
Microsoft's angle is not as obvious as it may appear initially. Electron is based on chromium right now, powers a lot of desktop apps and is Microsoft's trojan horse to ensure websites conform to their implementation of chromium rather than the google-controlled one, and end running better on it.

Note there are more developpers familiar with web technologies than native code like c++, and these figures are bound to increase now that tech curriculums are abandoning native code courses in favour of modern languages and frameworks in actual demand in the job market.
 
Top