Tech giant Google recently confirmed that it is working on an update in order to patch a bug on its Chrome browser exposes a user's status on sites even when they are in Incognito private browsing mode.
Security researchers and Google itself have confirmed that some websites re taking advantage of this loophole. By using this bug, websites can detect whether the user is browsing using the Incognito Mode by scanning if Chrome's Filesystem API is activated. In normal browsing modes, the Filesystem API is, by default, activated. However, once users turn the Incognito mode is turned on, this API is automatically disabled.
By detecting the status of the Filesystem API, websites can essentially tell whether the user is using Incognito mode or not. This defeats the whole purpose of using Incognito, which is to privately browse a website without it knowing your status and leaving no digital footprint.
Websites can tell a user is using Incognito mode if, after scanning a user's Chrome connection status, it receives an error message telling them .of the availability of the Filesystem API. Google said that the patch for this bug would be added in Chrome version 76, which is expected to be rolled out on July 30. The tech giant said that once the update is installed, websites will no longer receive that error message once they start scanning for the Filesystem API.
Based on a number of investigations, one of the biggest abusers of this Incognito status bugs is porn sites. A report published by Microsoft Research in conjunction with the University of Pennsylvania and Carnegie Mellon University revealed that 93 percent of more than 22,000 porn sites that they analyzed were found to have been collecting user data. The worst part of this discovery is that the websites sell or leak these data to third party data brokers.
Another shocking discovery the report found out was that 45 percent of the websites that were analyzed build user profiles based on their sexual identity, gender, and preferences. This puts a lot of people in danger, especially in places where political establishments have biases towards gender.
According to security experts, in order to make get a foolproof browsing habit that ensures total anonymity, features like Google's Incognito mode is not enough. Using services like Tor and virtual private networks or VPN is also a great start.
