Chrome's private browsing is broken
This defeats the purpose of Incognito. If any website is able to tell you're browsing in private mode, then the browser is leaking data that shows it's not private
@cypnk Private Browsing is not broken. The website is making a best-guess about user behavior, and there are various ways to do that. Here's a hack-and-slash approach based on expected vs. actual state in a browser tab during pageload, combined with sniffing proprietary browser attributes:
https://gist.github.com/cou929/7973956
I'd bet that even if these eventually fail, there will be more complex methods involving fingerprinting the browsers of visitors and maintaining a record server-side.
@ardgedee Please see an earlier reply
https://mastodon.social/@cypnk/99302930254983921
If this is intended behavior, it’s not only broken, it’s actively harmful
@cypnk Exposing incognito/private mode is not an intended behavior. The state can be inferred because the private tab has to suppress services like Local Storage to provide your privacy. A spoofed form of Local Storage would be worse, causing problems for sites that are using Local Storage for non-intrusive purposes.
Sites are exploiting something working as designed. It will be nice to ensure your desire for privacy also be kept private, but that will be a pretty hard problem.
@ardgedee Disabling localStorage in lieu of same-origin enforcement seems to be the issue
If you look at the thread, others have discovered that blocking ajax.googleapis.com makes the site work again