Is incognito mode in the browser a fiction?
July 30, Google released Chrome 76 with enhanced incognito mode . Now the browser bypasses the "payvols", which set the limit for readers to "several articles per month", and then require a subscription or registration.
For example, The New York Times reads ten articles a month , while Wired lets you read four . Metered paywalls accounted for 33% of online media payvol . Users in incognito mode are not welcomed there:
In Chrome 76, bypassing the paywall has been simplified to the limit: just right-click on the link and select "Open the link in a window in incognito mode." Now the browser does not recognize that you are in "private mode". The counter of read articles in incognito does not work due to the lack of cookies.
An interesting fact is that earlier these sites could recognize “incognito”. This peculiar "weakness" is now eliminated.
The fact is that in incognito mode, Chrome disables the FileSystem API to prevent cookies or other identifying files from being written to disk. Sites can check the availability of the FileSystem API, and if it is absent, make a conclusion about the browser in "private" mode and display an error message, as shown above.
In Chrome 76, the FileSystem API has been adjusted to prevent information leakage, the developers said . Now they are working on eliminating the rest of the incognito recognition methods. And there are a lot of such methods, and it’s impossible to eliminate some of them.
The fundamental problem will not go away. The incognito mode in the browser is a fiction that does not really provide privacy.
Recently, we talked about the Dataspii system for tracking millions of Internet users in near real time. The service positions itself as “analytical” and provides customers with paid access. They call this service "god mode for the internet." For $ 49 per month, the service allowed you to track the actions of employees or users of a particular company / site: for example, Apple, Facebook, Microsoft, Amazon, Tesla Motors or Symantec.
Surveillance for users was carried out through third-party browser extensions . About a dozen Chrome and Firefox extensions participated in the data collection. After notification of malicious activity, these extensions were removed from official directories, but the security hole in browsers remains. Third-party extensions still have access to the user's private information, which they can send to a remote server.
The problem is that you can not trust a single extension, because any of them can change its functionality during the upgrade. Google promises to correct the situation with the release of the new standard extensions Manifest V3. But experts at the Electronic Frontier Foundation explain in detail why Manifest V3 will not solve the privacy problem.
Google Chrome allows you to use extensions in "private" mode, although they are disabled by default. But extensions are not the only problem. Moreover, there are many ways to track user activity even in this “private” mode.
It should be remembered that the IP address is still visible to everyone, and the Internet provider, government intelligence agencies, the owner of a WiFi access point or any intruder “in the middle” sees which sites the user visits, what files he downloads, etc. Finally, he The browser can transmit to developers any information that is loaded into it, including page addresses and their contents. This is especially true for Google’s Chrome browser, because the latter is directly interested in collecting such data.
To ensure real privacy and anonymity, the web uses much more reliable tools. The set of these tools depends on the level of the task. In some cases, a VPN is enough, while in others you need to install Tor and obfuscate traffic. Maximum privacy is provided by the TAILS operating system (The Amnesic Incognito Live System) with the appropriate software, including the Tor browser, which works through a network of anonymizers.
TAILS operating system
The name of the system "The Amnesic Incognito Live System" means that the system completely "forgets" all previous user activity. There are absolutely no traces left on the computer, unless you specifically created a special encrypted section where you save information. Edward Snowden used this operating room at one time (perhaps he still uses it).
One way or another, but the "incognito" mode in a standard browser in no way provides real privacy. This is just a “toy” for the layman, which hides the history of the pages visited from family members, nothing more. Well, it also allows you to bypass payvol.
For example, The New York Times reads ten articles a month , while Wired lets you read four . Metered paywalls accounted for 33% of online media payvol . Users in incognito mode are not welcomed there:
In Chrome 76, bypassing the paywall has been simplified to the limit: just right-click on the link and select "Open the link in a window in incognito mode." Now the browser does not recognize that you are in "private mode". The counter of read articles in incognito does not work due to the lack of cookies.
Chrome Weakness
An interesting fact is that earlier these sites could recognize “incognito”. This peculiar "weakness" is now eliminated.
The fact is that in incognito mode, Chrome disables the FileSystem API to prevent cookies or other identifying files from being written to disk. Sites can check the availability of the FileSystem API, and if it is absent, make a conclusion about the browser in "private" mode and display an error message, as shown above.
In Chrome 76, the FileSystem API has been adjusted to prevent information leakage, the developers said . Now they are working on eliminating the rest of the incognito recognition methods. And there are a lot of such methods, and it’s impossible to eliminate some of them.
The fundamental problem will not go away. The incognito mode in the browser is a fiction that does not really provide privacy.
Data leakage through extensions
Recently, we talked about the Dataspii system for tracking millions of Internet users in near real time. The service positions itself as “analytical” and provides customers with paid access. They call this service "god mode for the internet." For $ 49 per month, the service allowed you to track the actions of employees or users of a particular company / site: for example, Apple, Facebook, Microsoft, Amazon, Tesla Motors or Symantec.
Surveillance for users was carried out through third-party browser extensions . About a dozen Chrome and Firefox extensions participated in the data collection. After notification of malicious activity, these extensions were removed from official directories, but the security hole in browsers remains. Third-party extensions still have access to the user's private information, which they can send to a remote server.
The problem is that you can not trust a single extension, because any of them can change its functionality during the upgrade. Google promises to correct the situation with the release of the new standard extensions Manifest V3. But experts at the Electronic Frontier Foundation explain in detail why Manifest V3 will not solve the privacy problem.
Google Chrome allows you to use extensions in "private" mode, although they are disabled by default. But extensions are not the only problem. Moreover, there are many ways to track user activity even in this “private” mode.
It should be remembered that the IP address is still visible to everyone, and the Internet provider, government intelligence agencies, the owner of a WiFi access point or any intruder “in the middle” sees which sites the user visits, what files he downloads, etc. Finally, he The browser can transmit to developers any information that is loaded into it, including page addresses and their contents. This is especially true for Google’s Chrome browser, because the latter is directly interested in collecting such data.
True privacy
To ensure real privacy and anonymity, the web uses much more reliable tools. The set of these tools depends on the level of the task. In some cases, a VPN is enough, while in others you need to install Tor and obfuscate traffic. Maximum privacy is provided by the TAILS operating system (The Amnesic Incognito Live System) with the appropriate software, including the Tor browser, which works through a network of anonymizers.
TAILS operating system
The name of the system "The Amnesic Incognito Live System" means that the system completely "forgets" all previous user activity. There are absolutely no traces left on the computer, unless you specifically created a special encrypted section where you save information. Edward Snowden used this operating room at one time (perhaps he still uses it).
One way or another, but the "incognito" mode in a standard browser in no way provides real privacy. This is just a “toy” for the layman, which hides the history of the pages visited from family members, nothing more. Well, it also allows you to bypass payvol.
All Articles