A new way to recognize incognito mode

Recently, we wrote about the incognito mode in the Chrome browser. It was mainly about the fact that the mode does not blur as many tracks, as many assume and also that soon, this possibility will be taken into account, to recognize this mode in users. This was used, for example, on a website with paywalls to prevent abuse.

So far, it’s been very easy to find out via an API whether a user is traveling in incognito mode or not. Subsequently, contents could also be adapted and now Google recently reported that this kind of detection should be prevented with the new version of Chrome. But as soon as that was said, the search for new opportunities began – and it was not long before another “gap” was recognized, with which you can notice the incognito mode. Again, it’s an API that’s being used. In this case, the Storage Quota Management API. This interface allows websites to read out the temporary storage space of a computer. This makes sense, for example, when it comes to sophisticated web apps or the like.

Typically, the value that can be read through this API is 10 percent of disk space, but no more than 2 GB. If a user is traveling in incognito mode, however, at most 120 MB are outputted via the API. If it is such a low value, certainly the incognito mode is enabled – or the hard disk of the user has a capacity of less than 2 GB and that would be very unlikely for today. Using this facility is easy with a snippet of code, and as it stands, Google can not stop this API query. Thus, this problem is solved again for a while – until Google will again find ways to disguise the mode of use and resourceful inventors open up new ways, etc. The economic interests of the website operators are very high, to discourage such hurdles!