SoylentNews is people
SoylentNews
Google Chrome Incognito Mode Can Still Be Detected by These Methods:
With the release of Chrome 76, Google fixed a loophole that allowed web sites to detect if a visitor was using Incognito mode. Unfortunately, their fix led to two other methods that can still be used to detect when a visitor is browsing privately.
Some web sites were using Incognito mode detection in order to prevent users from bypassing paywalls or to give private browsing users a different browsing experience.
This was being done by checking for the availability of Chrome's FileSystem API, which was disabled in Incognito mode. If a site could access the FileSystem API then the visitor was in a normal browsing session and if it could not access the API the user was in Incognito mode.
As Google wanted users to be able to browse the web privately and for their browsing mode choices to be private as well, they have closed a loophole by making the API available in both browsing modes. As part of this fix, instead of using disk storage for the FileSystem API, when in Incognito mode they are using a transient memory filesystem that gets cleared when a session is closed.
The use of a memory filesystem, though, create two new loopholes that could be used to detect Incognito mode
[...] In research presented by security research Vikas Mishra, he found that when Chrome allocates storage for the temporary memory filesystem used by Incognito mode, it will have a maximum quota of 120MB.
"Based on the above observations, key differences in TEMPORARY storage quota between incognito and non-incognito mode are that in case of incognito mode, there's a hard limit of 120MB while this is not the case for non-incognito window. And from the above table it's clear that for the temporary storage quota to be less than 120MB in case of non-incognito mode the device storage has to be less than 2.4GB. However for all practical purposes it is safe to assume that the majority of the devices currently in use have more than 2.4GB of storage."
The other method relies on the fact that it takes much longer to access data in storage than in memory. As of this writing no PoC (Proof of Concept) has been released for the latter method, but a PoC has been released for the filesystem size method.
Microsoft Edge developer Eric Lawrence, the New York Times, is testing this method to detect when a visitor in in private mode.
My first thought was to put a cache ahead of all filesystem writes to obviate the write-timing hack (albeit at the risk of a system crash losing cached but as yet unwritten data). For the latter method, allocate the temporary file storage quota to be some significant fraction of free storage, but when a program tries to write more than, say, 120MB (or 256MB, or whatever) then put up a dialog box noting same and asking the user if they want to continue. That was off the top of my head; what did I miss? How would you solve this problem?
(Score: 0) by Anonymous Coward on Monday August 12 2019, @11:20AM (12 children)
Except, they (the publisher) already have, within their grasp, a perfectly standard way to "control how has ... access to their published content".
That perfectly standard way is to require user login before publishing any of that content to anyone.
But they (publishers) don't get to have their cake and eat it too (publish it openly for free, but then also try to restrict who gets to see the open, freely published material). They have but two choices: 100% lock-down, or 100% free and open. They are not allowed any other choice. If those two do not allow them to 'monetize' things, well then, one less website on the web will not harm anyone.
(Score: 2, Interesting) by c0lo on Monday August 12 2019, @11:50AM (11 children)
Except it is not up to you or anyone else but them to decide that the method you suggest is satisfactory and sufficient for their needs. Like it or not, the content is theirs.
If they decide it to give some to you for either the price of tracking you or the price of their subscription, it's their choice.
As it is your choice to decide if you accept any of the prices they propose or refuse to consume their content altogether (personally, I chose the latter).
But, the important point is: no matter the balance between the two interests, yours and theirs, Google has no standing to intervene between the two of you.
The moment it does, you can bet the driving factor for Google to do it is neither your interest nor the publisher's.
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 2) by Arik on Monday August 12 2019, @12:47PM (6 children)
This is how the internet works, we made it that way for good reasons, and if they don't like it they can f right off and make their own.
If laughter is the best medicine, who are the best doctors?
(Score: 0) by Anonymous Coward on Monday August 12 2019, @01:54PM
Psssst... I'll tell you a secret, they already made their own internet, with their own routers and paying their own connection, so you eff right off of theirs.
(Score: 2, Interesting) by c0lo on Monday August 12 2019, @02:10PM (4 children)
First, I doubt you have any notable contribution to how the internet works, so the use of the first person (even if plural) is likely disingenuous.
Second: are you saying those "good reasons" mean that everybody should be able to access whatever piece of content, disregarding any control the owner of the information put in place to protect his interest? Or that this control reduces to the binary "granted/denied" access? Really? If so, I reckon "your internet" is long dead and was replaced by a newer one you certainly has no claim to have contributed to.
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 2) by lentilla on Tuesday August 13 2019, @05:45AM (3 children)
I disagree. Allow me to use "my village" as an analogy:
Alice, Bob and Charlie bought some land in the middle of nowhere. Alice was a great gardener, Bob a fantastic builder, and Charlie - he was a charismatic, kind and forward-thinking leader. Together they built a tiny; beautiful; village.
Travellers came through and some liked the place so much they stayed and built homes in keeping with the spirit of the place.
Some years passed and the village could call itself a town. A beautiful town.
Then one day a passing marketing executive plastered advertising all over the town and was surprised when the townsfolk gave him the boot.
In short: just because one isn't the visionary or builder does not mean that a deliberate contribution to a cause is meritless. An handful of people are responsible for the creation of the Internet but many more came and nourished it through their participation because they loved it so. As in the story above it is entirely reasonable that the villagers reject plans to raze the village by people that have no standing through blood, sweat and tears.
(Score: 2) by c0lo on Tuesday August 13 2019, @07:29AM (2 children)
The analogy is flawed.
To correct it:
0. Alice, Bob and Charlie, most of them in academia, build their small village and some ivory towers sprinkled around (sunsite.unc.edu and ftp.funet.fi were two places I used in early '90-ies to download linux from)
1. then (Al Gore opened the internet to commercial) and there came some publishers and commerce people who build their own sky(s)craper and the village people didn't boot him out, actually visited now and then some facilities in there (altavista.com, yahoo.com remember them? Hey, did you know eBay and Amazon are as old as 1995?)
2. the other publishers and commerce people got into it and the village people didn't boot them out but actually visited now and then visited some facilities in the new skyscrapers too (google.com - 1998, paypal.com 1998-1999, the early social media started to creep in too)
3. after a while, there were so many publishers and commerce people and technology providers (iTune/iPod/iPhone, Android) that the initial village people were a minority for a long time already. But they too started to pay for the new gadgets and songs and artsy/crafty things on etsy, and so on.
4. and then new crooks started to build their version of monsters (facebook, twitter) and facilities (CDN and clouds and NSA interception) and old publishers turned crooks too and everybody started to plaster their skyscrapers with ads (well, maybe not NSA).
If you still think you are seeing the small, nice and civil village in the beginning, something is wrong with your eye or you deliberately chose to wear pink glasses. But no, the Internet of today is no longer the internet of the early age. It simply cannot be.
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 2) by lentilla on Tuesday August 13 2019, @10:11AM (1 child)
Please - they aren't pink glasses - they are rose coloured. OK?
I fold. You are quite right.
That being said... perhaps we can take some comfort that whilst the web might have suffered Eternal October, the Internet itself can support the various disparate groups, providing nation states don't interfere. (Urgh, who am I kidding.)
(Score: 2) by c0lo on Tuesday August 13 2019, @10:36AM
OK.
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 1, Insightful) by Anonymous Coward on Tuesday August 13 2019, @01:19AM (1 child)
Indeed it most certainly is now up to us to decide for them what methods they are allowed to utilize. We allowed them to play the "here, have it free, in exchange for some ads". They have gone too far. As a result, they must now be shoved, kicking and screaming, into a simple binary deal. They either offer the content for free, to everyone, with no ads and no tracking, or they lock it up behind an iron clad pay wall. They no longer are allowed the freedom to pick and choose on a continuum between those two extremes, because they were offered that freedom and they abused it. So now, we, the internet, fight back and put them into their proper place in the world.
If they can't make money from free, and they can't make money from a paywall, well then, they just go out of business and disappear, and the world becomes a better place.
(Score: 2) by c0lo on Tuesday August 13 2019, @03:09AM
The fair solution is to refuse to use whatever they proposed if it doesn't serve your interest. That's what I'm doing.
Anything else is imposition, and I'm not sure I agree with it when other solutions exists.
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 2) by jmorris on Wednesday August 14 2019, @03:45PM (1 child)
> Like it or not, the content is theirs.
And the browser is mine and serves me. Else I replace it with one that understands that I won't allow a 3rd party to own my computer.
(Score: 2) by c0lo on Wednesday August 14 2019, @09:27PM
Agreed. That's one more reason for which I won't use Chrome (but will thank Google for announcing what they done).
I do want the publisher to know I'm asking for a "Don't track me" treatment and decide what is to be done with their content while respecting my wish. If I deem the conditions the publisher announce to me as unacceptable for my interest, I'll stop asking for their content and drop the bargain (thus respecting publisher's interest). I consider this exchange fair for both parties and a browser that tries to stop this negotiation from occurring as a shit I won't touch.
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford