Privacy improvements in Chrome 76 will make it easier to bypass paywalls

Future improvements to Chrome will fix a gap in Incognito Mode, preventing publishers from blocking users from using incognito mode to jump over soft paywalls.

How to read web pages offline in Android's Google Chrome

Google Chrome 75 was released last week, with welcome additions such as a (hidden, for now) reader mode and fixes to the "evil cursor" bug abused by tech support scammers. Developers have now turned their attention to the next version of Chrome, with a beta release of Chrome 76 issued earlier this week, featuring a fundamental change to how Chrome's Incognito Mode works.

As a simple explanation, Incognito Mode partitions off your existing cookies, giving users something similar to a blank slate of a browser. This makes it more difficult—though far from impossible—to track users across the web. However, prior to Chrome 76, using Incognito Mode disabled the FileSystem API outright, which can be trivially checked in JavaScript if files are readable or writable, making it possible to detect users in Incognito Mode.

For soft paywalls—like those of The New York Times and The Washington Post—that permit free reading of a limited number of articles per month, the number of articles read is tracked using cookies. For cases in which cookies cannot be used, such as Incognito Mode, publications have taken to blocking Incognito Mode outright, as the Times did in February.

SEE: G Suite: Tips and tricks for business professionals (free PDF) (TechRepublic)

According to Chrome developer Paul Irish, this implementation has been fixed, essentially rendering useless scripts that attempt to detect Incognito Mode, thereby making it possible to bypass soft paywalls.

Irish also notes that "becoming a subscriber to your favorite sources of quality journalism is incredibly fulfilling. If you can afford it, I encourage you to pony up the handful of dollars to subscribe."

As a polite reminder, registration for TechRepublic is free.

For more, check out "Evernote Chrome extension vulnerability allowed attackers to steal 4.6M users' data" and "Fix on the way for Google Chrome flaw allowing malicious websites to break back button" on TechRepublic.

Also see


Image: CNET