Chrome fixes loophole that allows sites to block Incognito users


Future versions of Chrome fix a flaw that allows websites to detect and block users trying to access them using the browser's browser mode, the report says. 9to5Google.

In addition to storing no local records of your browsing history, Chrome's Chrome mode prevents websites from tracking you with cookies. However, as a significant portion of the Web's advertising revenue is based on this tracking data, some sites, such as The globe of Boston and MIT Technology Review, prevent you from reading their articles if you visit them using this mode.

To do this, most sites try to use the "FileSystem" API, which is disabled when Incognito mode is enabled because it allows the creation of permanent files. However, recent commitments regarding the Chromium source code, which were first discovered by 9to5Google, show that the browser will soon deceive websites into believing that its FileSystem API is still operational.

When sites ask to use the API when the browser is in incognito mode, Chrome no longer returns any apparent error. Instead, it will create a virtual file system in the RAM. This will then be deleted at the end of your private browsing session, so that no permanent record can be created.

However, this workaround might prove to be a short-term solution before the complete removal of the FileSystem API. Internal design documents seen by 9to5Google suggest that the feature can be removed if Google discovers that it sees no legitimate use other than discovering users in Incognito mode.

The fix is ​​currently intended to become an optional feature with Chrome 74, accessible through the "chrome: // flags" menu of experimental features. This should happen in April, before being enabled by default in Chrome 76. We contacted Google to get their opinion. We will update this element if we hear an answer.

Source link