![]() You'll get a false-positive if the user simply clears his cookies for your site, or uses a secondary profile (e.g. ![]() on Friday he was 10.1.2.3, he didn't use your app over the weekend, and on Monday he is 10.1.4.5).Īs mentioned in Sonny Ordell's answer, if another person uses the same browser in private browsing mode to access a separate account on your site, you will get a detection - but this is a slightly different case than if the "normal" user simply switches to private browsing mode. The switch to private browsing is not immediate and his ISP has issued a new IP (e.g.usually uses FF and switches to Chrome for Incognito mode). He switches to a different browser (e.g.He uses something like ProxySwitchy or TorButton to activate Tor during private browsing, thus changing IP.When you get a cookie-less request for a matching (IP, UA) record, you might infer that the corresponding user is private browsing. In the trivial case, you keep track of (IP, user-agent) for each user.If you get a positive detection on all of them, it seems more likely that your user is private browsing. I'm not sure how to probe for downloads, but I think the others can be probed. The aspects of private browsing are (at least in Firefox): history, form/search entries, passwords, downloads, cookies, cache, DOM storage. I'm specifying that the user has an account, because this strategy relies on tracking various bits of behavior data. Let's assume you operate a web application, and you want to detect when one of your users (with an account) switches to private browsing. As Sonny Ordell mentioned, I'm also not sure that you can distinguish private browsing from the ad hoc use of various privace-enhancing features (e.g. As indicated in my comment on the question, whether this is good enough or fits your application depends on what you want to be able to do in reaction to detecting private browsing. I'm not sure you could reliably detect private browsing, but I think you may be able to apply some heuristics to make a good guess that a user is using various privacy-enhancing features. Please see one of the good current answers below 1 2 for more up to date information. Today the answer is an unequivocal YES - as of this writing in 2020 there are reliable techniques in wide use and have been for a while. So, can anyone provide any more recent information about whether there's a way for a website to test whether its visitors are using private browsing mode? It is also possible that this might not work at all. It is possible this might yield a partial leak of information, I suppose, but it sounds unreliable at best - if it even works. ![]() However, if the user isn't logged into other services, then I guess all we can say is that we don't know whether private browsing mode is in use. If the user is currently logged into other services (like Facebook), a website could plausibly guess that the user is not currently using private browsing mode - this is not a sure thing, but perhaps one could make some kind of probabilistic inference. ![]() There may be ways for a website you're visiting to learn whether you are currently logged into other sites (think: Facebook). (I realize the defenses against history sniffing are not perfect, but they may be good enough for these purposes.) (In private browsing mode, sites are not added to the history, so you can use history sniffing to check whether the visitor is in private browsing mode.) Since then, though, modern browsers have incorporated defenses against CSS history sniffing attacks.Ĭonsequently, I would not expect that method of detecting whether the browser is in private browsing mode to be successful any longer. Unfortunately, it doesn't really answer the question above.Ī 2010 study of private browsing mode showed that it is possible for web sites to detect whether the browser is in private browsing mode, by using a CSS history sniffing attack. Here's what I've been able to find related to this question. In modern browsers, can a web site detect whether a user who is visiting the web site has private browsing mode enabled or not? Most modern browsers support " private browsing mode" (also known in Chrome as "Incognito mode"), where the browser does not save any information to disk about your browsing while in this mode.
0 Comments
Leave a Reply. |