A longstanding loophole in Chrome’s Incognito Mode allows websites to recognize when people are browsing the web privately. Recently, sites like The Boston Globe and MIT Technology Review have started using the loophole to block anyone browsing in Incognito Mode to keep people from avoiding paywalls and to maximize data capture. Now, according to 9to5Google, Google plans to close the loophole.
The issue is rooted in Chrome’s “FileSystem” API. When a browser is in Incognito mode, the API is disabled; when third-party sites cannot access the API, it’s an Incognito red flag.
In the future, when third-party sites request the FileSystem API, Chrome will create a temporary virtual file system in a computer’s RAM. Third-party sites won’t know which system Chrome is running and won’t be able to detect or block Incognito web browsers. This also makes it easy for Chrome to delete this temporary file system as soon as the browser is closed
However, as The Verge points out, this could be a temporary fix until the FileSystem API is removed entirely, which may happen if Google determines the API does little more than reveal Incognito users.
For now, this workaround will first show up as an experimental feature in the Canary build of Chrome 74. With any luck, the feature will be standard by Chrome 76.