Google explains Chrome Incognito detection loophole, closure impact on publishers

With Chrome 76 later this month, Google will make it harder for websites to detect when you’re using Incognito Mode. Private browsing is a common way to get around paywalls, and Google today addressed concerns that publishers might have about this Chrome loophole changing.

Google Chrome currently contains an “unintended loophole” that allows sites to detect when Incognito is active. Many publications will automatically block readers from viewing articles when browsing privately, and require them to sign-in/subscribe.

Chrome’s FileSystem API is disabled in Incognito Mode to avoid leaving traces of activity on someone’s device. Sites can check for the availability of the FileSystem API and, if they receive an error message, determine that a private session is occurring and give the user a different experience.

With the next version of Chrome — rolling out from July 30th, the FileSystem API will be modified “to remedy this method of Incognito Mode detection.” Google is also committing to close any future loopholes and other means of detecting Incognito to ensure user privacy and security.

Today’s blog post addresses some concerns that news publishers might have at no longer being able to enforce metering, which offers a certain number of free articles to all visitors. Incognito resets the cookies used to track the number of articles a user has viewed, and makes bypassing subscriptions easier.

The change will affect sites that use the FileSystem API to intercept Incognito Mode sessions and require people to log in or switch to normal browsing mode, on the assumption that these individuals are attempting to circumvent metered paywalls.

Google’s advice to publishers is to first track the impact of this upcoming Chrome Incognito loophole closure before making any changes, like mandatory registration or reducing the meter count.

We suggest publishers monitor the effect of the FileSystem API change before taking reactive measures since any impact on user behavior may be different than expected and any change in meter strategy will impact all users, not just those using Incognito Mode.

Our News teams support sites with meter strategies and recognize the goal of reducing meter circumvention, however any approach based on private browsing detection undermines the principles of Incognito Mode. We remain open to exploring solutions that are consistent with user trust and private browsing principles.