Other than caching, there is no legitimate benefit to allow pages to store local state beyond a session, and I can forgo caching at this point in the game. (I don’t care about offline web apps, to be clear)
Maintaining a whitelist of sites that can have session state would be trivial (the sites in my password manager are a great first cut). I don’t want to restart my browser periodically to clear everything else’s session state.
How hard would it be to build something like this?
In the world of real users? You're probably the extreme minority.
Most people want convenience, and will trade almost anything for it. Especially if they don't realize they are trading something like "privacy" or "trackability" for convenience.
The way I use Chromium , is very convenient to me. The downsides are almost nonexistent, and the upsides are not just in privacy: it is convenient (albeit perhaps of questionable morality?) to not have to worry about newspaper article quotas; likewise with having more control over cookies and other browser data in the "simultaneous multiple sessions" model. For example having more than one user logged in to some Web site does not take any extra effort compared to just one user being logged in.
On the other hand there is a difference between "real users" and those willing to exploit the Unix programming environment/interface to its full potential, and that is required knowledge, or the willingness to get it. For example to use my script tb effectively one has to understand that "being logged in with a Web site" means temporarily storing appropriate data chunks gotten from the Web site (cookies) so that they are accessible to the browser and it could send them back to the server to authenticate.
For the vast majority of people who do not already have Unix skills (or whatever), it is convenient not to have to learn them.
For example, I set my Mom up with a Firefox configuration that doesn't remember anything when you close the window (basically incognito by default). She has used that configuration for years and never complained. In fact, she always compliments me for how safe and reliable I've made her browser. When she sees other people on other computers just load their logged-in websites without having to log in, she thinks they're totally unsafe and exposed.
She associates closing the window == back to safety, so whenever she ends up on a scary website or sees a scary popup, she just closes firefox and opens it back up again. It's wonderful. I didn't have to teach her about cookies or sessions or anything. All I had to teach her was that if she ever got into a situation where she didn't know what to do, just close the window and you're safe again.
Anyway, I feel pretty strongly that if browsers were incognito by default and you had to opt-in to persist sessions (e.g. whitelist cookies), general users would get used to it pretty quickly and end up thinking the time back before was a very unsafe place (like the free love era before the AIDS epidemic).
No, this is what indoctrinated "UX" people think.
I hear it every day from ordinary office workers how sick they are from dysfunctional, progressively dumbed down UIs.
Ask just how many people keep MS Office 2003 just because they can't use the "ribbon" UI.
Also, design is simplified because that strategy works. People want simple UIs, while business doesn't want to invest in design, costs of which rise exponentially unless you have talent both in development as well as management at work, or deal with too many unique support requests.
Here's to hoping that a browser that truly respects its users appears soon.
Take a look at my comment here: https://news.ycombinator.com/item?id=20484845
This may be true today, but that's because Chrome has a bug. (At least, I can't see why we wouldn't view it as a bug.)
Incognito Mode shouldn't be detectable. Hopefully they'll fix that.
Do you have an example of a site that requires "additional forms of authentication"? I remember something like that happening to me before, but I can not remember which site it happened on.
Since I had never used either account before this happened, it’s just a thinly veiled requirement that they can connect my account to an identifiable human.
Perhaps twitters bot problem is some justification, but when they warned me about violating their rules I just deleted my almost-unused account. It was insulting
Yes, SMS can easily be diverted so it's not great for 2FA purposes; a voice call is often an option, and is harder to spoof.
Sites that actually care about your security would go for things like TOTP, or SSH key, or a certificate. These forms do not map easily to your legal identity, but are more reliable proofs of knowing a secret.
It's the biggest reason I use Firefox. Intuitive, straightforward session partitioning. Every browser should have it.
Also, on iOS Safari and Firefox can be defaulted to private browsing.
On desktop, Firefox can be configured to clear all cookies and site data whenever it is closed.
Btw, I store my passwords in Firefox Sync. What would the benefit be of storing them in a third-party password manager, from a security and privacy perspective?
Maybe he, like me, just thinks there is no reason for history, form data, cookies and all that stuff to be saved after starting a new browser instance, except in rare circumstances.
> What would the benefit be of storing them in a third-party password manager
Decoupling, less dependance on a specific browser. "Unix philosphy".
I achieved it by using Disposable Virtual Machines in Qubes OS. Works flawlessly.
I use Firefox for this purpose, not in private mode - I just let FF delete everything whenever I close it. It's not "100% stateless", as I still allow cookies and such while my browser is open (I use uBlock and Privacy-Badger to block out the worst), but whenever I close the browser I still have a "clean slate" whenever I reopen it.
There are definitely a few downsides (as much as I love the GDPR, the compliance banners are annoying), but together with a password manager, it's definitely a setup that works for me.
It is better than "Incognito mode".
> "You’re browsing as a Guest"
> "Pages you view in this window won’t appear in the browser history and they won’t leave other traces, like cookies, on the computer after you close all open Guest windows. Any files you download will be preserved, however."
It's kind of like Incognito, except none of your preferences or extensions are there, either, it's just an entirely new profile that self-destructs when you close it.
The OP's detector considers a guest profile not to be Incognito mode.
Re your question: I use Firefox with 1st party cookies only (and the other associated privacy options) and it works pretty good. Some WebApps break, but very rarely.
even without that consideration, for things like disk storage, there is no reason why incognito mode should have less access than normal mode. all websites should function as normal. the only difference is that in incognito mode everything is wiped once it is closed, and nothing is written to disk.
 ok, so the reason for the limitation is that the disk has to be emulated in memory because incognito mode must not write to the disk which could leave artifacts behind.
this makes me wonder if it is possible to detect a difference in timing for example when writing lots of data with an emulated disk vs a real one.
1. I don't want others who have access to my client machine to be able to see a history of what I did online.
2. I don't want servers to be able to know anything about me except maybe my IP address.
It feels like tying these two together under one setting makes them both fragile. E.g. for scenario 2, I don't care whether a web page can use local storage as long as they don't have access to the data between sessions.
I'd much rather have two options - hide from the server and hide from your boss (or whoever). And maybe some UI to help me always hide from specific servers or delete all the artifacts from a specific session after the fact.
I try to wipe my drives and repartition every 30 to 60 days, with a full OS reinstall. The Virtual Machines I run with VirtualBox are even less persistent than the bare metal, often stateful for mere hours. I do not retain browser history, and I have only about 5 bookmarks, and trash my cookies and cache at least every day, multiple times usually.
But I want #2 for like 75% of the time. The other 25% of the time, that state almost never lasts 48 hours. When I go to bed, the current browser state dies forever. I usually have a hard time staying awake for 48 hours straight.
This means #2 will become 100% every 48 hours, with 48 hours being an extreme maximum lifetime for session data, and the true norm being 8 hours (9 to 5, each work day).
Considering that #1 & #2 are sure to intersect every 48 hours, dividing attention between them seems burdensome.
I don't want the New York Times to ID me, but I don't care if my wife knows I read it.
I don't want red tube to forget about my all access pass, but I don't want it in my browser history.
the times could switch to genuine browser/device fingerprinting and store that information server side. if they are careful enough so that false possibles are not possible (rather let a few slip through) then they could effectively control how much free access everyone gets.
the browser could even encrypt all their data by default. (but for non-incognito mode with a known key) it could then write the normal and incognito data in such a way that you can't even see that there is incognito data in there if you don't have the incognito key
The amount of encrypted data could be a side channel
In particular, why do particular APIs need to be shimmed or disabled? In my empty-profile based proto-proposal, even if a website writes to disk, wouldn't closing the session cause any data written to be rolled back?
Not even using Chrome, except have to have it installed because lots of apps depend on it. :P
Unfortunately, every browser seems to change it's behaviour as soon as you try not to store your history.
Some browsers do try and stop these detection methods... And by the time they've patched them out new methods have emerged.
Iirc on *nix there’s a difference between inodes and vnodes that you might be able to take advantage of as well. The supervisor would create, open, and delete the directory before filling it. Holding the directory open gives it a vnode count of one and deleting it gives an inode count of zero thus making the current process the last thing to ever be able to reach the directory. You’d have to make sense of a full disk binary scan to guess what used to there if the disk wasn’t zeroed out, so encryption could help there too.
Isn't the purpose of Incognito mode to protect against tracking inside the browser? At least I haven't heard so far that its also supposed to shield data from access outside the browser.
So, wouldn't be enough to simply delete the space after closing the tab? (Or use a new, empty storage location for each newly opened tab)
incognite mode is useful for two situations:
A: you want to hide the fact that you visited a site.
B: you want to hide from the site that you have visited before.
the incognito-detection is largely against the second case (B), so your suggested workaround would work. what would also work is firefox tab groups. since each tab-group starts off empty.
the problem is that both ways are cumbersome. you have to open a new browser with that profile or you have to create a new tab-group and remove it after each use.
in firefox the problem could be solved by adding a "wipe, but don't delete tab group" feature. for the profile method you'd need a feature to "open link in new profile" to make that convenient.
I get arbitrary IP addresses from my ISP but if my router isn't reset then it can be the same for weeks; Brave solves this with incognito+tor.
i'd use full browser/device fingerprinting to achieve the same effect. much more reliable.
for most of my stuff i want to keep the history and whatever else around. i also never restart my browser or my machine if i can't avoid it. (restarts happen when i don't want them, and that's when i don't want to loose my current state). so i am still stuck with specific sites that i need a second, cleanable mode for. it's the mode switching that is the issue. switching into incognito mode or to a new browser group is easy enough. so fixing either is the way to go.
In my workflow, when I want "Incognito", I just start a new Chromium session on tmpfs. No switching needed.
so i right-click, open link in private mode, or in a tabgroup.
i am done reading, i close the private window or wipe the group.
with your method i'd have to first start a new browser with that second profile, then copy the link to the new browser to read. that's a lot more work than just selecting an entry from the right-click menu.
But that is just about a second of work: my wrapper executable for chromium is named tb, and I use Dmenu with DWM for X window management, thus in four key presses and one mouse middle click the new browser instance is started and the URI copied: "ALT-P" "t" "b" "Mouse button 2".
"you have reached your monthly limit of articles, please pay"
opens private tab to read article
"we see you are in a private window, please load our site in a normal window"
browser perfectly mimics regular mode but now you need to grant permission
"we see you havent granted permission, please allow access to read our article"
I'm becoming increasingly wary of web apps having all sorts of access to things outside of the browser, sometimes without explicit permission. Browsers should limit every app to the same amount, perhaps 100MB, or maybe even 10MB. Apps that need more should ask for permission.
Surely websites are using anti incognito tactics, and users would want to bypass those detection schemes.
One of the clients I work with is a university. Staff are forced to set-up 2FA.
We received numerous support calls, particularly from users of Safari, who would find themselves accidentally in incognito/private browsing mode - and then complain that the "remember my device" functionality (which relies on a cookie) didn't work.
We solved this with a visible warning to users who are in incognito mode to remind them that they will need to provide a new code each time they login.
1. Force their ad networks to police ads for malware, movies, tracking code, and slow-loading crap.
2. Stop sharing private user data with others.
I would turn off my ad blocker and incognito mode tomorrow if e.g. the Washington Post would take these steps.
Keep blocking ads.
I don't necessarily think that it's reasonable to have a zero tolerance policy for ad networks or the sites serving them regarding malware (cuz perfect security doesn't exist), but what about requiring some basic standard of due diligence for the ad networks themselves?
Then of course when an ad network screws up you have a certificate revocation problem, but that's another story.