Status
Not open for further replies.

Exterminator

Community Manager
Verified
Staff member
Reddit user stumbles over Chrome's privacy bug
Back in 2012, Google introduced Incognito Mode for its Chrome browser, a feature now present in all of its variants, on Android, iOS, Mac, Linux, and Windows. The feature allows users to surf the Web without storing information about which sites they visit on their local computer.

Apparently the Android version has a bug in its Incognito Mode implementation which allows some of the user's browsing history to be stored somewhere in its settings.

This bug was discovered by the user notarower on Reddit, by accident, while trying to temporarily disable JavaScript in his browser.

Going into "Settings -> Site settings -> All sites" notarower found a log of all recent sites he visited. Surprisingly for him he found Reddit in the list, a site which he admitted of navigating only in incognito mode.

This intrigued him enough to investigate. The user tried to wipe his browsing history from the browser, but apparently that did not remove the browsing history from that section of the browser's settings.

Only by clearing Chrome data in Android's App Info page can the Incognito Mode data be removed
He eventually managed to clean out the records by going into Android's App Info page for Chrome, where he deleted all the app's data. Unfortunately this solution cleared all his browser settings (logins, cookies, preferences), but with a clean browser he was now able to test his theory again, and see that Chrome for Android does save "some" of the browsing history.

After further experiments, he found that Chrome in Incognito Mode stored a list of sites to which he granted permission to store data locally, access the camera, microphone, or to the fullscreen mode.

The Chrome bug is basically a bad implementation of Incognito Mode, which instead of keeping these permissions separately from the other browsing session permissions, it bundles them together.

Since Google has been very careful with user privacy in the past, the bug will probably be fixed in upcoming versions, and permissions granted to websites while in Incognito Mode will be automatically deleted when the user closes his private browsing session.
 
Status
Not open for further replies.
Top