Google has finally activated a new API feature in Chrome’s Canary Channel related to the FileSystem API that makes it far more difficult for a website to detect incognito mode, highlighted in a recent report from TechDows. The immediate implications of the change, accessible via a Chrome hidden flag setting, is that users no longer need to worry about being recognized by a website they’ve previously visited when revisiting in the more privacy-focused incognito mode.
Turning on the flag is straightforward, with users navigating to “chrome://flags” in the Chrome browser’s Omnibox before entering the term “FileSystem API” in the on-page search box. Setting the option “FileSystem API in Incognito” to “Enabled” via the drop-down menu activates the feature, essentially disabling access by sites when in Incognito mode. The flag indicates that works in Chrome OS, Windows, Mac, Linux, and Android.
Solving a common problem
The most obvious fix the change is going to provide for users, although possibly not a fix from the perspective of a website’s owners, can be linked back to paywalls that limit the viewing of content on a given site. Namely, those are associated with pop-ups that crop up on various websites — most commonly large news sites — to allow only a set number of articles or visits before locking down content behind a paywall.
Prior to changes made by a number of those sites, users were able to bypass signing up for a subscription and logging in simply by navigating to the same page in an Incognito Chrome window. That practice didn’t work for too long before site owners realized what was happening and began implementing new methods to track users through to Incognito mode.
While the need to support an organization via a subscription is understandable, many of the sites in question also serve up ads for revenue — negating the validity of the subscription model in the eyes of many users. With the new FileSystem API alteration in place, sites should no longer be able to track a user from a standard window through to one that’s meant to be more private.
Other possible positive implications
Incognito was never meant to be completely private and still won’t necessarily protect users doing things they shouldn’t be doing on devices such as computers owned or managed by their employer, ISP, or similarly authoritative entities. The change doesn’t simply doesn’t appear to be intended to bypass the measures in use there.
That also means that websites will undoubtedly eventually be able to block off users trying to get past paywalls but there could be other positive results of the change too.
One of the biggest complaints against Google in recent months has centered around the fact that Incognito mode really doesn’t appear to protect them against much of anything at all. That’s led to the company’s browser being called out by competitors and some in the media as untrustworthy, at best, and deceptive at worst.
With access to the FileSystem effectively cut off after the latest flag is enabled, that perception might be changed too. That’s because the purpose of the alteration seems to be letting users prevent cross-site tracking in Incognito mode, to begin with. There’s not necessarily anything there that would stop Google itself from continuing to snap up data on a user and store it but this does look like a start in that direction.