After testing a fix to a long-running Incognito Mode loophole, Google will bring it to the masses as part of the Chrome 76 update due out on July 30th.
Google began testing the fix in Chrome Canary, its pre-release test version of Chrome, back in April.
The issue with Incognito Mode relates to the FileSystem application programming interface (API). The API allowed sites to check for and access a device’s storage — a useful tool for downloading things or saving cookies, among other things. However, Chrome disables the API in Incognito, making it an easy way for websites to see who’s using the private mode.
While that doesn’t seem like a significant issue at first, it made Incognito Mode less private and became a tool for websites to prevent users from accessing their services.
News outlets are a prime example of this, as many restrict the number of free articles users can read before having to subscribe (known as a metered paywall). Incognito mode allows readers to bypass the restriction as it prevents sites from saving data like cookies, which they use to track how many articles you’ve read. So, news sites used the loophole to detect Incognito users and block their access entirely.
While there are plenty of other ways sites can use the loophole, news outlets’ and publishers’ use of metered paywalls is one of the more well-known examples. Worse, they’re likely to dislike the change. Regardless, Google seems determined to cut off the loophole to protect user privacy.
In a blog post about the upcoming fix, Google noted that while some users rely on Incognito mode to dodge paywalls, there are more important and more serious reasons for staying anonymous online. The search giant suggested publishers should switch away from metered paywalls and use ‘registration walls’ that require users to create an account to view content. Then, sites can apply restrictions to the number of ‘free views’ account holders get before requiring payment, instead of using browser tracking tools to restrict article views.
Google says it recognizes and supports the goal of reducing meter circumvention, but says that “any approach based on private browsing detection undermines the principles of Incognito Mode.”
You can learn more about the upcoming changes here.