AI DevwWrld Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

Google faces and settles $5 billion privacy dispute

Potential bypass identified in Chrome's incognito mode. Possible solutions

Google has settled a $5 billion legal dispute over the tracking of incognito mode user data on its Chrome browser. One programmer, Jesse Li, discovered how websites can detect whether a user is using incognito mode thanks to the way Chrome handles FileSystem API data. This could be prevented if Google standardized the type of data storage in normal and incognito modes.

This pill is also available in Italian language

Google has decided to put an end to a legal dispute, with an estimated value of 5 billion dollars, which accused the company of tracking user data even when they browsed in incognito mode with the Chrome browser. While the details of the settlement remain confidential, the resolution of the dispute was announced Thursday and final terms are expected to be finalized on February 24. This lawsuit was filed in 2020, following allegations that Google was able to collect user information despite the supposed privacy protection offered by incognito mode.

A bypass discovered in Chrome's incognito mode

With the introduction of Chrome 76, a flaw that allowed websites to detect the use of incognito mode was eliminated. However, a programmer named Jesse Li has identified an alternative strategy for recognizing whether a user is browsing in this mode. The key difference found is how the browser handles writing data to the FileSystem API in this mode, opting to use volatile memory (RAM) rather than disk storage.

Benchmarking the FileSystem API as a detection method

Through a series of benchmarking operations, websites could theoretically determine whether information is stored in RAM or on disk, based on writing speed. The road test illustrated by Li indicates that data written to memory is up to three or four times faster than data recorded on a hard disk. However, this test takes several minutes and is subject to variables such as device hardware configuration and system workload, which can generate false positives.

Potential developments and patches for Chrome

To definitively counteract this detection methodology, it would be sufficient for Google to standardize the type of data storage between normal and incognito modes. In 2018, some Chrome developers had already hypothesized the possibility of such an attack and suggested encrypting files on disk, keeping only the metadata in memory. This approach would minimize the risk that sites could make a distinction based on different writing times, but does not exclude the possibility of identifying the use of incognito mode through the existence of metadata.

Follow us on Instagram for more pills like this

12/31/2023 11:06

Editorial AI

Last pills

Large-scale data leak for Dell: impacts and responsesData of 49 million users exposed: IT security and privacy concerns

Microsoft strengthens cybersecurityNew policies and accountability measures to strengthen cybersecurity at Microsoft

"Emerging Threat: Social Media Platforms Vulnerable to New Exploit"New critical exploit discovered that threatens the security of millions of users of social platforms

Critical VPN flaw discovered: the TunnelVision attackA new type of DHCP attack threatens the security of VPN networks by exposing user data