Google fixed a loophole in the FileSystem API, websites still able to detect Incognito Mode

-

chrome icognito mode detection by loophole in the filesystem api

We published a report on Google’s plan to fix a loophole in the FileSystem API last month. The loophole in the FileSystem API was being used by websites to detect the traces of activity still if the user using incognito mode. The fixes have already been applied, the New York Times, however even able to identify the private browsing activities.

[wpinsertshortcodead id=”bzyqm5d3e04029f48f”]

As per Techdows report, two security researchers Jesse Li and Vikas Mishra figured some ways out which can still work after Google’s incognito mode detection prevention.

However, As per Vikas Mishra report websites can still detect by playing around Quota Mangement API. Jesse Li found a way in which websites could use to inspect private mode by measuring the speed of writes to FileSystem API. And says, “FileSystem API writes are measurably faster and less noisy in an incognito mode allowing websites to detect incognito visitors by benchmarking their write speed.”

Google assured to prioritize its users’ privacy when it revealed the fix to the FileSystem API and assured to repair any future ways of Incognito mode detection. The web browser’s developers have currently developed a bug report for these two loopholes and will likely have them repaired at some point quickly.

[wpinsertshortcodead id=”zxikm5d3e04a8f1451″]

Below is the bug description:

After adding in-memory file system API (issue: 93417). We have two other related surfaces for incognito mode detection using FS-API:

  1. Available quota in regular mode is much bigger then incognito mode, and this creates an almost clear detection surface.
  2. Access to memory is much faster than disk, and it makes timing attacks possible.

For the latest tech news and updates about technology follow Whooptous on FacebookTwitter and Pinterest.

Whooptous News Desk
We are a group of Engineers who are tech enthusiasts and like to make people aware of the latest technologies and how it may also help people to enhance and improve life. We dig deep into the below-ground depths of technological understanding, digging up the most vital, behind-the-scenes information. Contact Whooptous staff at [email protected] or by filling the Contact Form.

Follow us

1,465FansLike
1,110FollowersFollow

Trending

Windows 10 black screen

How to fix black screen issue on Windows 10 by troubleshooting connection problems and...

0
On Windows 10, a black screen can take place for a number of factors. It can be connected...
microsoft build 2020

Microsoft Build 2020 Developer Conference from May 19-21

0
Microsoft announced the dates for its flagship event Microsoft Build 2020 developer conference which are going to takes place next year.
Windows 10 optional cumulative update

Optional cumulative update KB4550945 for Windows 10 version 1909 and 1903

0
Microsoft releases new optional patch updates KB4550945 for Windows 10 version 1909 and 1903 following the Patch Tuesday of this month, which is a week ago.
Microsoft flaunts new Windows logo and redesigned app icons- feature image

Microsoft flaunts new Windows logo and redesigned app icons

0
Recently, Microsoft has published a post in Medium about the new Office icons. The company redesigned the icons to cop up with the changing world.

Intel 10th Generation Processors “Comet Lake” Line-up leaked

0
Earlier AMD's Ryzen 7 3000 family, providing a body blow to Intel's whole high-end product stack. The...