With the release of Chrome 76, Google has fixed a hole that allows websites to detect whether visitors are using anonymous mode. Unfortunately, when fixing errors, there are two other methods that can still be used to detect when visitors are browsing private web.
|
Join the channel Telegram belong to Anonyviet 👉 Link 👈 |
Some websites have used a hidden way to prevent users from ignoring payments or to provide private web browsing users with another browsing experience.
This has been done by checking the comfort of Chrome’s Filesystem API. This feature will be disabled in anonymous mode. By using the following method:
- If the browser access the Filesystem API: no anonymous
- If the browser cannot access the filesystem API: Anonymous
However, because of wanting to protect the privacy of users, Google has patched holes by providing APIs in both browsing modes. But instead of using disk storage for API filesystem when in anonymous mode, Google is using a temporary memory file system (Memory Filesystem) being deleted when closed.
Use Memory Filesystem Creating two new holes can be used to detect anonymous mode. See how to work.
Detecting anonymous mode thanks to the storage limit on RAM
When Google creates anonymous mode, temporary information on RAM. This has opened a new method to detect it based on the storage capacity on the RAM used by the browser.
In the study presented by Vikas Mishra security research, he discovered that when Chrome allocated storage for memory system memory used by anonymous mode, it will have a capacity. Maximum of 120 MB.
Using this knowledge, Mishra has launched a script that will query the allocation of quotas. Specifically, the browser system file capacity is stored on RAM if:
- 120 MB or lessthen the browser is in anonymous mode
- From 120 MB or more Browser in normal mode
Using Mishra’s script, Anonyviet has released a POC to perform this technique. You can see examples here.
Detecting Incognito mode through access time
When it comes to reading and writing data, RAM is always faster than memory on the hard disk. When chrome turns into a memory in anonymous mode, you can detect private browsing by measuring the speed of the system file.
This new detection method was discovered by researcher Jesse Li. He has measured a series of activities on the browser’s system file. Based on the speed of records, theoretically, a website can determine whether the browser is using anonymous mode.
If you want to measure the speed of both anonymous mode and normal browsing mode of the system file, Li has created one code Which you can see the difference in recording speed.
Open the browser in 2 modes and wait patiently. You will see the file will be different
Frequently asked questions
Is the anonymous mode on Chrome really completely anonymous?
Not entirely. Although Chrome Incognito is designed to enhance privacy, some methods can still detect whether users are using this mode, based on the technical characteristics of the temporary file system used in the anonymous mode.
What are the methods of detecting anonymous mode based on?
The two main methods are mentioned based on: 1) RAM capacity limit is allocated to the temporary file system (about 120MB for anonymous mode); 2) Access speed and record data into the temporary file system (much faster in normal mode).
What can I do to increase security when browsing the web?
Using VPN, restricting personal information, updating browsers and software regularly, and always alert to suspicious websites are useful measures to enhance security and online privacy.
