- Activating the ‘FileSystem’ API enables websites to detect the Incognito Mode.
- Google is working to resolve this issue by bringing new implementation that eliminates the need for FileSystem API.
Google Chrome's Incognito mode is a helpful feature for private browsing however, it is not free of any faults. An article on 9to5Google, which covers latest developments on Google and Android, shed light on how Incognito Mode could simply be detected and blocked by activating the FileSystem API.
Usually, this API is used by applications to manage temporary or permanent files. In Incognito Mode, Chrome turns off the API so that user privacy is not violated by storing permanent files in the browser. However, websites can rely on this to detect whether users are browsing through the Incognito mode.
“Unfortunately, it’s been no secret among web developers that there’s a very simple trick to determine whether or not a user is in Incognito Mode. A simple search for 'how to detect Incognito mode' returns results from Stack Overflow, where developers have shared the best ways to do so,” detailed the 9to5Google article.
A long-lasting fix
On the other hand, developers from Google are incorporating new methods to totally eliminate the need for FileSystem API. The new commits show that Google is implementing a virtual file system for Chrome to be presented in the Incognito mode so that the website trying to detect the mode cannot do so by the absence of file system.
This would make it difficult for other web developers to check for the Incognito Mode. Moreover, commits on Chromium Gerritt show developers working to slowly deprecate the file system API altogether in future.
These latest developments are expected to be first released as an optional feature in Chrome 74, although a fully stable detection prevention feature would be seen in Chrome 76. Google developers say that the feature-enabled update is scheduled to be rolled out by July this year.