The real question at this point is how is New York Times able to detect the user even when it is one incognito mode? To answer this problem, two security researchers at TechDows explained that there was, in fact, a way that can be used by a website to bypass the sophisticated Google protection that has been implemented. To keep this possible, websites keep a check if there was any call made to FileSystem API asking about writing to the hard drive of the user directly that can help in returning the error when the system was on incognito mode. To solve this issue, google made a fix by telling the Google chrome to write data to RAM, instead which will soon be erased.
- Also read: Chrome iOS App to Get Credit Card Scanner
Although this fix worked in the eyes of Google, websites can use the Quota Management API in order to exploit the differences. The main thing is that the temporary storage quota is different between the incognito mode and regular browsing and websites tried to fill this difference. These websites by bypassing the fix can also keep an eye on the write speed that can help them to see if the data is beginning written to the RAM or even hard drive. Just because most of the write speed on Ram is relatively faster than a hard drive, this is also important. This can be used as another indirect mean that can help in the detection of the user private browsing.

Image: AP Photo/Mark Lennihan
Read next: Google 76 hides sub-domains but there are tricks to undo it
No comments:
Post a Comment