Google Chrome will roll out a fix for a loophole in its FileSystem API that let sites know when users are browsing in Incognito Mode. In Chrome 76, which is scheduled for July 30 Google will modify the behavior of the FileSystem API to fix the issue. The fix is said to affect publishers who used the loophole to deter metered paywall circumvention.
For those unaware, Google Chrome’s Incognito mode allows anyone to browse privately. In this mode, Chrome does not save a user’s browser history, cookies and site data, or information entered in forms. Still, Google has detected a flaw in FileSystem API that allows some sites to detect when people are browsing in Incognito Mode.
“Chrome’s FileSystem API is disabled in Incognito Mode to avoid leaving traces of activity on someone’s device. Sites can check for the availability of the FileSystem API and, if they receive an error message, determine that a private session is occurring and give the user a different experience,” Barb Palser, Partner Development Manager, News and Web Partnerships explained in a company blog post.
The move follows last week’s study by researchers from Microsoft, Carnegie Mellon University (CMU) and the University of Pennsylvania, which claims that major companies like Google and Facebook are tracking pornographic habit of users even in ‘incognito mode’.
The study points out that out of 22,484 pornography sites that the researchers analysed, 93 per cent leak data to third-party apps. Non-pornography-specific sites such as Google, Oracle, and Facebook were identified as among the top ten third-parties that track users, whereas exoClick, JuicyAds, and EroAdvertising were pornography-specific.
Google Chrome’s loophole, however, only lets a site detect whether a user is browsing in Incognito mode, which will be fixed in Chrome 76. Meanwhile, the study suggests that the data sent to companies by trackers can be potentially used to determine personal habits, sexual preferences of users without their knowledge.