Researchers found the website still detect incognito mode in Chrome v76
Earlier, some websites used the file system to detect whether Google Chrome was in incognito mode, which caused the attention of the Google Chrome development team and promised to solve it. In recent versions, Google Chrome has adjusted the file system interface strategy. In theory, it has been impossible to use the system to determine the browser incognito mode. However, some researchers have found that this adjusted file system can still be used for testing, but the detection method requires a slightly modified website.
Researcher Jesse Li published the latest results of the Google Chrome file system on his blog and concluded that it can still be used to determine browser incognito mode. The study found that if users use the incognito mode to load websites, Google Chrome uses a file system to host the page resources of those websites.
The test found that the file system was written to the cache file very quickly and with little interference, while the normal mode was slower and more intrusive. After hundreds of tests, you can see that the write speed in incognito mode is more than four times the write speed in normal mode, so the website is easy to judge. In particular, the result is more obvious when a large amount of data is written, so the website can completely use the above method to continue to detect whether the user is in incognito mode.
Jesse Li said that from the test situation, this method of detecting whether the user is in incognito mode is not perfect, mainly because data reading and writing takes time. Therefore, it may take ten or even tens of seconds to draw conclusions using the above method, and the previous version of the file system interface can complete the detection in an instant. But although it’s not perfect, it can be used and Google is hard to fix this bug because the incognito mode data is placed in memory rather than on hard disk storage. Unless Google completely changes the working model of browser incognito mode, this problem cannot be fixed and can continue to be abused by developers of the site.
Interested users can view the source code here.