r҉ustic cy͠be̸rpu̵nk🤠🤖 is a user on mastodon.social. You can follow them or interact with them if you have an account anywhere in the fediverse. If you don't, you can sign up here.
r҉ustic cy͠be̸rpu̵nk🤠🤖 @cypnk

Chrome's private browsing is broken

This defeats the purpose of Incognito. If any website is able to tell you're browsing in private mode, then the browser is leaking data that shows it's not private

rysiek ✅ @rysiek

@cypnk I wonder *how* they notice it. Also, does it work in Firefox?

r҉ustic cy͠be̸rpu̵nk🤠🤖 @cypnk

@rysiek It seems to work in FF. I have no-script installed and settings to forget all cookies on exit. Which I guess is a roundabout way to get "Incognito"

rysiek ✅ @rysiek

@cypnk there's a private browsing mode in FF too. What I wonder is if this site detects FF private mode too.

r҉ustic cy͠be̸rpu̵nk🤠🤖 @cypnk

@rysiek Yup. It does. It only happens when I enable JavaScript so Firefox is leaking incognito mode info as well

rysiek ✅ @rysiek

@cypnk right, so they're using JavaScript to detect this? Interesting.

Rain 🚱 @grainloom@cybre.space

@rysiek @cypnk afaik it's possible to detect visited links, so you can check if a specific url has been visited.
If history is turned off entirely, you can add a redirect or push a history item through JS, then add an <a> element somewhere with the same URL and check its state.

Rain 🚱 @grainloom@cybre.space

@cypnk @rysiek it actually seems like that specific attack vector has been taken care of:
stackoverflow.com/questions/72

r҉ustic cy͠be̸rpu̵nk🤠🤖 @cypnk

@grainloom @rysiek Once again, JS proves to be the weak point

· Web · 0 · 3
mastodon.social powered by Mastodon