AI DevwWrld CyberDSA Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

Google faces and settles $5 billion privacy dispute

Potential bypass identified in Chrome's incognito mode. Possible solutions

Google has settled a $5 billion legal dispute over the tracking of incognito mode user data on its Chrome browser. One programmer, Jesse Li, discovered how websites can detect whether a user is using incognito mode thanks to the way Chrome handles FileSystem API data. This could be prevented if Google standardized the type of data storage in normal and incognito modes.

This pill is also available in Italian language

Google has decided to put an end to a legal dispute, with an estimated value of 5 billion dollars, which accused the company of tracking user data even when they browsed in incognito mode with the Chrome browser. While the details of the settlement remain confidential, the resolution of the dispute was announced Thursday and final terms are expected to be finalized on February 24. This lawsuit was filed in 2020, following allegations that Google was able to collect user information despite the supposed privacy protection offered by incognito mode.

A bypass discovered in Chrome's incognito mode

With the introduction of Chrome 76, a flaw that allowed websites to detect the use of incognito mode was eliminated. However, a programmer named Jesse Li has identified an alternative strategy for recognizing whether a user is browsing in this mode. The key difference found is how the browser handles writing data to the FileSystem API in this mode, opting to use volatile memory (RAM) rather than disk storage.

Benchmarking the FileSystem API as a detection method

Through a series of benchmarking operations, websites could theoretically determine whether information is stored in RAM or on disk, based on writing speed. The road test illustrated by Li indicates that data written to memory is up to three or four times faster than data recorded on a hard disk. However, this test takes several minutes and is subject to variables such as device hardware configuration and system workload, which can generate false positives.

Potential developments and patches for Chrome

To definitively counteract this detection methodology, it would be sufficient for Google to standardize the type of data storage between normal and incognito modes. In 2018, some Chrome developers had already hypothesized the possibility of such an attack and suggested encrypting files on disk, keeping only the metadata in memory. This approach would minimize the risk that sites could make a distinction based on different writing times, but does not exclude the possibility of identifying the use of incognito mode through the existence of metadata.

Follow us on Telegram for more pills like this

12/31/2023 11:06

Marco Verro

Last pills

Italy's success in cybersecurityHow Italy achieved excellence in global cybersecurity: strategies, collaborations, and international successes

IntelBroker alleged breach of Deloitte systemsServer exposed: how Deloitte's security may have been compromised by a cyber attack

Vo1d infections on Android TV boxes: how to protect your devicesLearn the essential measures to protect your Android TV boxes from the dreaded Vo1d malware and keep your devices safe from cyber threats

Hacker attack in Lebanon: Hezbollah under fireTechnological shock and injuries: cyber warfare hits Hezbollah in Lebanon