Detection of incognito / private browsing mode #82
Comments
|
Discussion of "Panopticlick for Private Browsing Mode" and possible IETF hackathon project in July 2019 happening on the PING list. In their 14 June 2019 doc, the TAG set a goal that private browsing modes should not be detectable. Also, PING now has a draft privacy mode doc: https://github.com/w3cping/privacy-mode/blob/master/private-browsing.md |
|
September 2019 workshop had a consensus among browser vendors that these modes should not be detectable. Mechanisms for that include providing all APIs in these modes, with partitioned (and wiped) storage. Browsers are making incremental progress. Unclear if standards work is helpful. |
|
There is consensus that private mode should not be detectable (see below), and the work to make that happen is in individual specs. The open question is what clean-up work needs to happen in existing APIs to achieve that goal. Leaving this item open for now. As mentioned above, the W3C TAG Observations on Private Browsing Modes says:
In addition, the TAG's Web Platform Design Principles says:
|
As sites begin to turn away browsers in incognito or private mode, will browsers be forced to run in modes that provide less privacy? Can we make incognito or private mode less identifiable?
Example of the day:
https://arstechnica.com/information-technology/2017/05/boston-globe-website-no-longer-lets-you-read-articles-in-private-mode/
Some sample detection code:
https://gist.github.com/cou929/7973956
The text was updated successfully, but these errors were encountered: