Open in app

Sign in

Write

Sign in

Detect incognito/private mode in the browser.

Nisar Shaikh
4 min readDec 16, 2020

This blog demonstrates how to detect incognito mode in chromium-based browsers.

What is Chromium?

Chromium is an open-source browser project that aims to build a safer, faster, and more stable way for all Internet users to experience the web. This site contains design documents, architecture overviews, testing information, and more to help you learn to build and work with the Chromium source code.

There are several browsers based on chromium like Chrome, Edge, Brave, Opera, and many more.

What is the Incognito mode?

Incognito or private browsing is present in all modern browsers. This mode helps people avoid unwanted cookies, stateful trackers and is also useful in reading articles on newspaper websites since some of them limit the users to a certain number of free articles per day or simply block access if opened in incognito mode.

Incognito window allows you to browse privately, and other people who use this device won’t see your activity.

Detecting the Incognito window before Chrome 74:

Before Chrome 74, there was a bug that a lot of websites exploited to detect whether a user is visiting the website in Incognito mode or regular mode. The websites simply had to attempt to use the FileSystem API, which is used to store temporary or permanent files. This API was disabled in the Incognito mode but was present in the non-incognito mode.

A simple search on Google for Detecting Incognito Window leads to a lot of results, one of them being a Stackoverflow question with the accepted answer

Later on webkitStorageInfo and webkitRequestFileSystem were depriciated.

Detecting the Incognito window in Chrome 74

Recently, I was playing around with the Quota_Management_API and discovered a method to detect incognito mode. This API manages the quota assigned for TEMPORARY and PERSISTENT storage available to the applications and websites on the browser. The quota for TEMPORARY storage can be queried by using the following code snippet taken from Jeff Posnick’s article:

There are two kinds of storage available to the websites/applications, TEMPORARY and PERSISTENT, since TEMPORARY storage, as the name suggests is temporary, it can be used without requesting any quota and is shared by all the websites run on the browser.

Some interesting points about TEMPORARY storage and its quota.

  • As mentioned here, In non-Incognito mode, the quota is in gigabytes. But in Incognito, the quota cap is no more than 120MB.
  • TEMPORARY storage has a default quota of 50% of the available disk as a shared pool for all the applications/websites
  • Applications/websites can query their quota by calling queryUsageAndQuota() method of the Quota API without any permissions
  • The quota for an incognito window is a fraction (10%) of the device memory with an upper limit of 120MB.
  • The quota for a non-incognito window is a fraction of the device storage.

The following table lists the minimum TEMPORARY Storage quota available for devices with different disk sizes, which is calculated on the basis of the amount of space the browser attempts to keep free at all times in the device.

From the above table, it’s clear that for the temporary storage quota to be less than 120MB in the case of non-incognito mode the device storage has to be less than 2.4GB.

Using this information, I came up with a simple rule for detecting incognito mode i.e if the temporary storage quota <= 120MB then it's safe to say that it’s an incognito window.

Last year, Google introduced the navigator.storage.persist() the method, which allows your web application to request that its storage be exempted from the automatic cleanup.

It’s now joined by the navigator.storage.estimate() the method. The promise that estimate() resolves with an object containing two properties: usage, representing the number of bytes currently used, and quota, representing the maximum bytes that can be stored by the current origin.

How accurate is the estimate?

It’s hard to miss the fact that the data you get back from the function is just an estimate of the space an origin is using. It’s right there in the function name! Neither the usage nor the quota values are intended to be stable, so it's recommended that you take the following into account:

  • The usage reflects how many bytes a given origin is effectively using for same-origin data.
  • The quota reflects the amount of space currently reserved for an origin. The value depends on some constant factors like the overall storage size, but also a number of potentially volatile factors, including the amount of storage space that's currently unused.

Conclusion

This blog helps you to understand the storage of chromium-based browsers and detect the incognito window.

Google
Chrome
JavaScript
Privacy
Learning

--

--

Nisar Shaikh

Written by Nisar Shaikh

9 Followers

Help

Status

About

Careers

Blog

Privacy

Terms

Text to speech

Teams