A new Chrome feature, to be included in future versions of Google’s browser, is expected to finally address a fairly well-known loophole that allows websites to detect and block the use of Incognito Mode browsing.
The loophole that Google is trying to fix involves the use of Chrome’s “File System” API. Basically, this API has to be disabled in order for users to use Incognito Mode as intended.
Which means websites can totally tell if you’re using Incognito Mode simply by checking to see if Chrome’s API is enabled as you try to access a site. If the API is disabled, some websites will detect it and then block your use of Incognito Mode.
And they will block you. As both 9to5Google and Engadget have noted, paywalled sites like The Boston Globe, are particularly motivated to block users who use Incognito Mode to bypass paid subscription requirements.
Google’s solution to this loophole seems simple enough: When prompted by a website to provide its FileSystem API, it will simply generate a temporary file system with a computer’s RAM to be used while Incognito Mode is in use. While in use, third-party sites won’t be able to detect Chrome’s disabled API because of the temporary file system. Once Chrome is closed, the temporary file system will be deleted.
The loophole fix is expected to be first available in Chrome 74’s Canary build, with the use of a flag. Later, the feature should be available by default in Chrome 76. According to the Chromium Dash webpage, Chrome 74’s stable release is scheduled for April 23. The stable release for Chrome 76 is slated for July 30.
It is worth noting however, that 9to5Google has also reported that the new feature may be a temporary development overall, since Google may just get rid of the FileSystem API altogether.
In fact, according to documents obtained by 9to5Google, Google is considering the removal of the API system because the API only seems to be useful for web developers hoping to exploit the Incognito Mode loophole.