Free: Assessment Does your website build trust with buyers and bring in revenue?

Score My Website

Free: Assessment

Does your website build trust with buyers and bring in revenue?
Take this free 6 question assessment and learn how your website can start living up to its potential.
Score My Website

Free: Assessment

Google Plans To Remedy Loophole in Incognito Mode — But Some Publishers Aren't Happy

By Iris Hearn

Google Plans To Remedy Loophole in Incognito Mode — But Some Publishers Aren't Happy

Google has announced plans to remedy a loophole in its private browsing mode that can allow websites to detect when Incognito Mode is being used. 

This change comes a few months after Mozilla’s Firefox browser released an update that better locks down privacy protections for its users — directly calling out Google and Facebook for “misleading” users into believing that their private sessions are truly private. 

There are many valid reasons that people choose to use private browsing modes online. As Google points out in the announcement, in cases of domestic abuse or political oppression, it’s important to ensure that these sessions are truly airtight when browsers are claiming to offer privacy. 

For Google, who has come under fire several times about its shortcomings in protecting users in Incognito Mode, this is a step in the right direction. Chrome is one of the most popular internet browsers, so taking steps to make its policies more closely aligned with emerging web standards for private browsing modes sets a strong precedent for other browsers to follow suit. Though you could argue that Firefox got the ball rolling on this one. 

However, this solution could negatively affect publishers who are using this loophole to “catch” users trying to dodge paywalls by using Incognito Mode sessions. 

Chrome’s Incognito Mode loophole

The loophole that allowed sites to see who’s browsing in Incognito Mode stems from the ability to detect Chrome’s FileSystem API. 

When you start a session in Incognito Mode, Chrome disables the FileSystem API in order to avoid leaving any traces of the session activity on someone's device. That’s what keeps the session “private” for users. 

However, Google discovered that some sites found a loophole in the system by checking for the availability of the FileSystem API in a user’s session. If the search comes back with an error, then they can determine that a private session is being used, and give users a different experience. 

For example, if your site uses cookies to track certain features (like blogs viewed, webinars watched, or resources downloaded), websites can choose to block those features for Incognito sessions using this loophole. 

So, while your data may not be tied back to your personal email, Facebook, or device, sites can still pick up on the fact that you’re using an Incognito session. 

By fixing this loophole, Google is able to ensure that Chrome users can freely access private browsing, and their choice to do so will remain private as well.  

How this may affect publishers 

If you have a business blog with the purpose of posting free content to gain organic traffic and educate potential prospects, this change won’t affect you. 

Publishers that will feel the effects of this update are the ones that use metered paywalls to limit users' access to content. 

A “metered paywall” allows publishing websites to offer a limited number of free articles before users need to either create an account or get a monthly subscription to read more. 

For example, I hit one on Inc’s website earlier this week: 


Of course, like most people who get these metered paywalls, I just went into Incognito Mode to read the article. For Inc, this seems to work fine — so it's not one of the sites taking advantage of the loophole. 

Because these metered paywalls rely heavily on cookies to track how many articles a user has read, they use the FileSystem API mode to “catch” users trying to get around the limitations.  

While I understand why websites have used this loophole, it doesn’t change the fact that it is invading the privacy of users who have specifically relayed they don’t want to be tracked. 

Furthermore, by blocking access to all users browsing in Incognito Mode, publishing companies risk alienating audiences who may not be taking advantage of the metered paywall, but just browsing in Incognito Mode for other reasons. For example, some marketers use Incognito Mode to avoid skewing cookie traffic data when testing websites or paid ads. 

By locking down this information, you could actually lose an interested customer who may have otherwise subscribed to your content. 

So, if you’re a publishing company that relies on this loophole to convert subscribers, you may want to consider who you could be losing out on in the process. 

Still, Google is sympathetic to the concerns of these publishers, and offers the following advice: 

“Sites that wish to deter meter circumvention have options such as reducing the number of free articles someone can view before logging in, requiring free registration to view any content, or hardening their paywalls. Other sites offer more generous meters as a way to develop affinity among potential subscribers, recognizing some people will always look for workarounds.

However, Google suggests that publishers don’t make any substantial changes just yet. Instead, they recommend monitoring how the initial change affects overall metrics, then craft a plan for moving forward:

“We suggest publishers monitor the effect of the FileSystem API change before taking reactive measures since any impact on user behavior may be different than expected and any change in meter strategy will impact all users, not just those using Incognito Mode.”

Essentially, this will help eliminate multiple variables when determining what changes affected user traffic and conversions, allowing publishers clearer insights into the best changes to make. 

Final thoughts 

We have access to nearly an infinite amount of free information online. As such, many are turned off by any paywalls at all. 

If you have a user that will attempt to circumvent metered paywalls using Incognito Mode, it’s unlikely they’ll convert to a paying customer. 

As Google recommends, it may be a better approach to offer a set of free content, and also a selection of articles that live under a hard paywall — meaning you need a paid subscription to access that group of premium content no matter what. 

For example, TechCrunch’s “Extra Crunch Exclusive” subscription: 


With this model, you can still produce content for your audience to enjoy while also offering a premium product, without needing messy tracking workarounds to do so. 

This approach helps TechCrunch gain a loyal following of people that read its free content each day. Avid fans who want more can upgrade to Extra Crunch based on really wanting the content, not because they’re being forced to subscribe. 

Google is flipping the switch to remedy this loophole on July 30th, so publishers should start thinking about how they want to approach access to the content they produce.

Free: Assessment

Does your website build trust with buyers and bring in revenue?
Take this free 6 question assessment and learn how your website can start living up to its potential.


Search Engine Optimization
Published on July 29, 2019

Recent Articles

9 SEO Best Practices for Stronger Organic Traffic in 2023
November 18, 2022 • 12 min read
Video SEO: How To Optimize Videos To Drive Traffic to Your Website
May 9, 2022 • 8 min read
37 Eye-opening SEO Statistics To Nail Your 2022 Search Strategy
April 28, 2022 • 10 min read
10 Reasons Why Your Website Is Not Ranking In Google
February 10, 2022 • 15 min read
Google Shares New Tools to Audit Website User Experience
August 12, 2021 • 3 min read
Google: Website Content Quality More Important Than Quantity
August 10, 2021 • 3 min read
How Long Tail Keyword Research Can Drive Business
August 9, 2021 • 7 min read
How to Optimize Videos On Your Business Website for Search
July 23, 2021 • 4 min read
Google: 'Here's how to prepare for the future private web'
July 16, 2021 • 4 min read
Too many internal links in content can confuse Google about site structure
July 9, 2021 • 5 min read
Google July 2021 core update rolling out over next 2 weeks
July 2, 2021 • 4 min read
Inbound Marketing Help: My Traffic And Leads Are Down. What Can I Do?
June 28, 2021 • 5 min read
Finally, Google page experience core update is rolling out
June 18, 2021 • 3 min read
What is a Featured Snippet? [Definition + Examples]
June 10, 2021 • 4 min read
Google June 2021 core update live, July core update coming
June 4, 2021 • 3 min read
Google's June page experience core update will be mobile first, then desktop
May 21, 2021 • 3 min read
Google confirms demise of Q&A search feature, Question Hub lives on
April 26, 2021 • 1 min read
Big Google algorithm update moved to June with new performance report
April 21, 2021 • 4 min read
No, changing page publish dates won't increase Google search rankings
April 10, 2021 • 4 min read
Google: 'zero-click search' claims and data 'misleading'
April 5, 2021 • 6 min read
3 quick SEO fixes that will increase your website rankings right away
March 30, 2021 • 5 min read
10 Google Analytics metrics you absolutely must track (updated)
March 29, 2021 • 5 min read
Meet the new Google My Business review management view
March 20, 2021 • 2 min read
Google Ads help: Top 10 reasons your Google Ads campaigns are failing
March 10, 2021 • 10 min read
Google 'price drop' structured data for e-commerce can grab buyer eyes
March 9, 2021 • 2 min read