1

Searching a word in corpus.byu.edu seems fine.

But when I use its search service on Private mode, it gives me the following error

Sorry, but if you're in "incognito/private mode" then you need to first log in before doing a search.

How is this website able to check my browser mode?

How to get around this problem in Firefox?

jamava
  • 11
  • 1
  • 2
    This can be done by checking whether the FileSystem API is enabled: https://stackoverflow.com/questions/2909367/can-you-determine-if-chrome-is-in-incognito-mode-via-a-script. There's probably not much you can do about it since the whole point of incognito mode is to disable some features and alter the behavior of others. – Marc Dec 19 '17 at 00:29
  • 1
    @Marc, Why the browser does not provide a fake FileSystem API? Also is it the only way to detect private mode? – jamava Dec 19 '17 at 00:34
  • 1
    @jamava No, there are (literally) dozens of way to check if a system is in private mode, as well as uniquely identify said systems. This is an entire field called browser fingerprinting. – forest Dec 19 '17 at 03:02
  • @forest, it is very easy to get around user agent. Just use a random user agent generator. But user agent identifies people but not the private mode. – jamava Dec 19 '17 at 03:23
  • A random user agent actually makes you _more_ unique due to your specific randomness distribution, among other reasons. Even if you could get around that, audiocontext fingerprinting (used by many advertising companies) can uniquely identify hardware with near 100% accuracy, regardless of the browser or operating system you are using. – forest Dec 19 '17 at 03:29
  • @forest, what if we randomly switch between a few mostly used user agents? Also, is there a way to tweak audiocontext fingerprint? – jamava Dec 19 '17 at 06:36
  • Randomly switching would not be particularly useful, as things like HTML5/CSS3 feature support can reveal that your user agent is a lie. And no, you cannot tweak audiocontext fingerprinting. You have to either completely disable JavaScript, or use a heavily patched browser like Tor Browser (which is designed to resist fingerprinting). But it's not just audiocontext fingerprinting that is powerful. There's also WebGL fingerprinting, perf fingerprinting, vcore fingerprinting, screen resolution fingerprinting, and a lot more. Most of them cannot be mitigated just by changing settings. – forest Dec 19 '17 at 06:38
  • Google chrome and Firefox should fix this. I don't want some sites to store cookies on my browser. What's the point of opening private window if they can easily detect that I'm in private mode. Instead of fooling the websites, the user is getting played. – defalt Dec 19 '17 at 08:08
  • @defalt - Why does it matter that they know you are in private mode? At the end of the day to legally use a site you have to agree to their Terms and Conditions of use (for example here https://stackexchange.com/legal for StackExchange) - they could always write into that your browser must support tracking. Private mode is designed to stop data being shared accross sessions and records of that session being stored on your PC - not to "fool websites". – Hector Dec 19 '17 at 09:07
  • @Hector If it doesn't matter then those sites don't have to detect if their users are using private window. It certainly matters to them. I don't care about their Terms, I actually disagree with most of them. They don't own any rights on my machine even if they make me agree to. I would still give them false information . I'm going to build a userscript to block this request. No harm to SE. – defalt Dec 19 '17 at 10:39
  • @defalt - If you don't agree with the terms then don't use the site. If you proceed anyway then depending on your legal jurisdiction you may well find they do own rights over your machine. What is your userscript going to block? Blocking something is generally very easy to detect... as suggested above its the lack of existance of the FileSystem API that is one factor making detection of private mode trivial. If you truly want them to not identify you you need to emulate a real environment whilst providing false / random results. – Hector Dec 19 '17 at 10:43
  • @defalt - if you're really that concerned you also need to use antifingerprinting techniques. I'd suggest looking at tor browser and addons like privacybadger. – Hector Dec 19 '17 at 10:44
  • @Hector My legal juridiction may allow them to own some rights but I don't allow them to **use** their rights on my machine even if I agree to them. I'll do a little research what other factors allow them to discover private window and based on that I'll feed them with wrong data or may completely remove the detection mechanisms before getting loaded. I'm not that much privacy concern user so need of Tor but it'll help people who get annoyed to see such privacy warning. – defalt Dec 19 '17 at 10:59
  • @defalt - If the terms on their site say "you agree to x when you use our site" and you continue to use their site then yes they do get to expect you to honour those rights as long as the expectations fall within valid contract law. As for removing detection mechanisms each will be site specific - there isn't a generic way to do this for all sites. – Hector Dec 19 '17 at 11:14
  • "Just don't use their site" Yeah, like that's realistic. How dare he value his privacy over some exploitative ToS. He is free to use whatever website he wants. If he instead followed your ethos of not using any website with disagreeable ToS, he'd have a very limited selection of things he can do on the internet. – Monica Apologists Get Out Dec 19 '17 at 13:59

0 Answers0