Google said on 18 July that it will “remedy” a loophole that has allowed websites to detect some users of its Chrome browser who are using it in “incognito mode”, making it easier for users to circumvent paywalls on news websites and to maintain their privacy online.
Some Chrome users use its incognito mode to read news articles that would otherwise be inaccessible because of a paywall as the browser’s FileSystem API is disabled in incognito mode to avoid leaving traces of activity on someone’s device.
However, publishers were able to check for the availability of the FileSystem API and, if they received an error message, determine that this mode was being used and stop those users from circumventing the paywall by serving them a different experience to the one a paid subscriber would receive.
In an upcoming version of Chrome due to be released at the end of July, Google are planning to fix the loophole by modifying the behaviour of the FileSystem API. The search engine did not provide details as to the modifications that it plans to make.
Google noted that there are many reasons that users seek to hide their online activity by privately browsing the web – such as protecting their privacy on shared or borrowed devices, or for safety due to political oppression or domestic abuse – and that it believes users should “have the choice to browse the web privately” in accordance with “emerging web standards for private browsing modes”.
However, it also acknowledged that some users attempt to use private browsing modes to “circumvent metered paywalls” which offer a number of free articles before you must log in to read any more, the type of paywall typically used by most – although not all – news websites.
This type of paywall is “inherently porous”, Google said, as it relies on a site’s ability to track the number of free articles someone has viewed, typically using cookies, and private browsing modes are one of several tactics people use to manage their cookies and thereby “reset” the meter count.
According to Google, websites that “wish to deter meter circumvention have options such as reducing the number of free articles someone can view before logging in, requiring free registration to view any content, or hardening their paywalls”.
The search engine noted that “other sites offer more generous meters as a way to develop affinity among potential subscribers, recognizing some people will always look for workarounds”. Publishers use paywalls to charge for content in order to fund their work without placing advertisements on their pages and to create some kind of brand loyalty – and relationship – with their customers.
Google suggested that publishers should “monitor the effect of the . . . change before taking reactive measures since any impact on user behavior may be different than expected and any change in meter strategy will impact all users, not just those using incognito mode”.
It said that it does “support sites with meter strategies” and recognizes “the goal of reducing meter circumvention” but reiterated that “any approach based on private browsing detection undermines the principles of Incognito Mode” and that it would be “open to exploring solutions that are consistent with user trust and private browsing principles”.