Security News > 2021 > March > Google's 'privacy-first' ad tech FLoC squawks when Chrome goes Incognito, says expert. Web giant disagrees

"Unfortunately, it seems that FLoC contains a privacy design bug that leaks the information about whether the user is browsing in private mode or not," Olejnik wrote in a blog post on Monday, noting that he'd spotted a similar Incognito detection bug in another API. Incognito mode is supposed to prevent online histories from being recorded in the browser's local log and to erase local HTTP cookies and site data from memory at the end of a session.

The service's name suggests otherwise and Google was sued in June, 2020, for allegedly collecting data from Incognito Chrome users.

Prior to Chrome 76, released July 30, 2019, it was possible to detect whether a Chrome user had Incognito mode activated.

Google considers Incognito mode detection to be abuse and aimed to fix it in Chrome 76 by altering the browser's FileSystem API, the mechanism used to infer Incognito state.

As he points out, Google acknowledges as much in its FLoC Security and Privacy Self-Review, stating making a FLoC identifier request while in Incognito mode would throw an error, just like the API is supposed to do when an individual's cohort is not eligible to be calculated or blocked, which can happen currently if the browser is set to block third-party cookies.

"Federated Learning of Cohorts is designed to preserve the privacy of individuals by default and will not reveal if a user is in Incognito mode," a Google spokesperson said.

News URL

https://go.theregister.com/feed/www.theregister.com/2021/03/15/google_floc_chrome_incognito/