Under normal browsing, the total storage capacity, shared across all apps, is at least 10% of the disk drive’s maximum capacity with a maximum of 2 GB. Chrome and other browsers have a Storage Quota Management API, used by web apps to know how much temporary storage space they’ve been allotted and how much of that allotment remains. Security researcher and PhD student Vikas Mishra claims to have found another API that behaves differently in Incognito Mode.
Google closed this loophole by enabling a memory-based version of the FileSystem API for Incognito. Before Chrome 76 could even release, however, a security researcher has discovered another way to reliably detect Incognito Mode.īefore Chrome 76, web developers and news publications could detect Incognito readers by simply checking whether they could access Chrome’s FileSystem API, which was disabled on Incognito Mode for security reasons. As of Chrome version 76, Google has made this detection method cease to function, providing better anonymity to Incognito Mode.
For years, it was possible for web developers to use a simple trick to detect whether someone was browsing from Chrome’s Incognito Mode.
