The end of Google Chrome 76's private browsing mode detection has only been temporary. Two new methods to detect the incognito mode of the browser have just been discovered.
By updating its Chrome web browser to version 76, Google hoped to put an end to the detection of private browsing. This questionable practice was used by some websites to prevent their visitors from accessing their content in an unlimited way.

Private browsing to bypass some paywall
Designed to offer a navigation without trace, the private browsing allows to surf the web without any history of navigation is preserved, but especially without any cookie is registered on your machine.

Only problem, without the recording of these famous cookies on your machine, the editors of contents can not count your number of visits. You've probably already been dealing with a site limiting the free reading of its content to five articles per month, with the obligation to pay a digital toll to go beyond.

To prevent the use of private browsing, some websites such as the New York Times or the Financial Times, have integrated a script to detect the use of Chrome's incognito mode by their visitors to prevent them from accessing their site. unlimited free content.
To work, this script simply made sure of the presence, or not, of a certain API, activated in classic navigation, but absent from the incognito mode. Thus, when the site consulted did not detect the presence of this API, he knew that the user was using private browsing. To prevent this detection, Google has made the choice to implement this API in both conventional navigation and private browsing.

To complete its correction, it was also decided that the FileSystem API no longer uses free disk storage to store temporary files in incognito mode, but relies only on RAM so that it is cleaned automatically at the same time. end of each session.

Insufficient patch that paves the way for two new detection methods
Unfortunately, the respite will have been short-lived as two new methods of detecting private browsing have been unveiled.

The first, discovered by Vikas Mishra, a security researcher, is based directly on the choice to use RAM rather than the traditional storage medium to store temporary files. How? Simply based on the amount of available storage allocated to the browser. The security researcher explains, in fact, that in private browsing, Chrome allocates a maximum quota of 120 MB.

Based on this data, he was able to generate a script that, once in place on a website, is able to ask the visitor's browser the amount of memory allocated to the system files. If the returned response is closer to 120 MB or less, Google Chrome is in private browsing.

Measure the speed of memory
The second method, unveiled by Jesse Li, another security researcher, relies on the speed of access to the storage medium on which the temporary files are stored.

Since RAM is by nature always faster than a conventional disk, simply measuring the speed of writing temporary files is enough to know if the visitor is using Chrome's private browsing. For example, a site that wants to detect the use of private browsing could simply run a script that starts a read / write speed measurement.

Leave a Reply