Skip to main content

Google Chrome 76 will stop websites from seeing users in Incognito Mode

Google Chrome 76, scheduled to roll out on July 30, will fix a loophole that allows websites to detect visitors who are Incognito Mode, a move that will affect how publishers implement paywalls for their content.

In a blog post, Google said that some websites have been taking advantage of an unintended loophole involving Chrome’s FileSystem API. When in Incognito Mode, the API is disabled so that people will not leave traces of activity. Websites have been checking for the availability of the API, and if they do not find it, they determine that Incognito Mode is activated.

In Chrome 76, the behavior of the FileSystem API will be changed to prevent the Incognito Mode detection. Google also expressed its commitment to the principles of private browsing by saying that it will fix any other means of Incognito Mode detection.

The fix, which was first flagged in February, will impact publishers, particularly those who assume that users on Incognito Mode are trying to bypass metered paywalls. The Boston Globe started blocking visitors in Incognito Mode in 2017, requiring users in private browsing to log in to paid subscriber accounts to gain access to the website. The New York Times, Los Angeles Times, and other newspapers followed suit.

Ars Technica confirmed with Chrome 76 beta that the Boston Globe, the New York Times, and the Los Angeles Times were unable to detect that the browser was in Incognito Mode, unlike with Chrome 75.

Google acknowledged that the move will complicate matters for publishers who are enforcing paywalls, with many news websites limiting readers without subscriptions to a limited number of free articles per month. Incognito Mode, however, may bypass these limitations.

Google said that metered paywalls are “inherently porous,” as it requires cookies to track the number of free articles that a user has viewed. The company suggested options to news websites that include reducing the number of free articles, requiring free registration to view content, and hardening paywalls. Google added that publishers should take a look at the effect of the FileSystem API fix before making any changes to their websites.

“Our News teams support sites with meter strategies and recognize the goal of reducing meter circumvention, however any approach based on private browsing detection undermines the principles of Incognito Mode,” said Google.

Editors' Recommendations

Aaron Mamiit
Aaron received a NES and a copy of Super Mario Bros. for Christmas when he was 4 years old, and he has been fascinated with…
Why Google Chrome Incognito Mode isn’t what it claims to be
Google Chrome icon in mac dock.

A seemingly obscure little class-action lawsuit filed in 2021 has exploded into the mainstream news lately, alleging that Google continues to track users when they’re using incognito mode on Chrome.

Of course, any savvy web user knows there’s no such thing as complete privacy on the internet, at least not without running Tor through a VPN tunnel while wearing a Guy Fawkes mask. But it seems what we expect of Google Chrome’s incognito mode and what Google actually does are two different things.

Read more
Google Chrome tops this list of most vulnerable browsers
Google Chrome logo appears over photo of laptop with chart of vulnerabilities.

According to a recent report, Google Chrome is the most vulnerability-ridden browser of all the major players. Chrome also happens to be the most popular browser in the world, accounting for over 60% of usage according to most sources, which means that a larger number of people are at risk until the bugs are fixed.

Every browser suffers from these security weaknesses from time to time, including the increasingly popular Apple Safari, Microsoft Edge, and Mozilla Firefox, but Chrome has had a startlingly high number of weaknesses in 2022. The vulnerability report from Atlas VPN summarized data found in the VulDB vulnerability database. In this year alone, 303 vulnerabilities have been detected in Google Chrome. Firefox came in a distant second with 117, while 103 were found in Edge, and only 26 in Safari.

Read more
Spellcheckers in Google Chrome could expose your passwords
Office computer with login asking for password and username.

If you like to be thorough and use an advanced spellchecker, we have some bad news -- your personal information could be in danger.

Using the extended spellcheck in Google Chrome and Microsoft Edge transmits everything you input in order for it to be checked. Unfortunately, this includes information that should be strictly encrypted, such as passwords.

Read more