Security News > 2021 > March > Google's 'privacy-first' ad tech FLoC squawks when Chrome goes Incognito, says expert. Web giant disagrees
![Google's 'privacy-first' ad tech FLoC squawks when Chrome goes Incognito, says expert. Web giant disagrees](/static/build/img/news/alt/Data-Cybersecurity-Predictions-medium.jpg)
"Unfortunately, it seems that FLoC contains a privacy design bug that leaks the information about whether the user is browsing in private mode or not," Olejnik wrote in a blog post on Monday, noting that he'd spotted a similar Incognito detection bug in another API. Incognito mode is supposed to prevent online histories from being recorded in the browser's local log and to erase local HTTP cookies and site data from memory at the end of a session.
The service's name suggests otherwise and Google was sued in June, 2020, for allegedly collecting data from Incognito Chrome users.
Prior to Chrome 76, released July 30, 2019, it was possible to detect whether a Chrome user had Incognito mode activated.
Google considers Incognito mode detection to be abuse and aimed to fix it in Chrome 76 by altering the browser's FileSystem API, the mechanism used to infer Incognito state.
As he points out, Google acknowledges as much in its FLoC Security and Privacy Self-Review, stating making a FLoC identifier request while in Incognito mode would throw an error, just like the API is supposed to do when an individual's cohort is not eligible to be calculated or blocked, which can happen currently if the browser is set to block third-party cookies.
"Federated Learning of Cohorts is designed to preserve the privacy of individuals by default and will not reveal if a user is in Incognito mode," a Google spokesperson said.
News URL
https://go.theregister.com/feed/www.theregister.com/2021/03/15/google_floc_chrome_incognito/
Related news
- Google Chrome to let Isolated Web App access sensitive USB devices (source)
- Oops. Apple relied on bad code while flaming Google Chrome's Topics ad tech (source)
- Google's Privacy Sandbox more like a privacy mirage, campaigners claim (source)
- Google's Privacy Sandbox Accused of User Tracking by Austrian Non-Profit (source)
- New ARM 'TIKTAG' attack impacts Google Chrome, Linux systems (source)
- Fake Google Chrome errors trick you into running malicious PowerShell scripts (source)
- Risk of installing dodgy extensions from Chrome store way worse than Google's letting on, study suggests (source)
- Google cuts ties with Entrust in Chrome over trust issues (source)
- Google to Block Entrust Certificates in Chrome Starting November 2024 (source)
- Proton launches free, privacy-focused Google Docs alternative (source)