Google is testing a new feature to improve privacy in Chrome’s incognito mode on Windows: incognito script blocking (PrivacySandboxFingerprintingProtectionEnabled). This feature will block third-party scripts that use fingerprinting techniques to re-identify a user across different websites.
In the current implementation, the blocking will not affect all scripts, but only domains in a special Marked Domain List (MDL). The restriction will be triggered if such a script is launched as a third party and attempts to extract data without authorization.
The technology aims to counteract the abuse of web APIs that allow additional system information to be acquired, such as via canvas, WebGL, fonts, or audio codecs. These methods are often used to secretly create a unique user ID. Google proposes to amend the Fetch specification so that browsers have a standard “hook” to block or replace requests after common checks like CSP or mixed content.
Recent tests show that, for example, by visiting a restaurant’s website that contains a third-party script integrated with digital identification methods (browser fingerprinting), a unique user ID can be generated and transmitted, for example, to an advertising system. The latter, using the same script on another resource, will be able to compare the data and track the user without using cookies. The new incognito mode feature blocks the loading of this script, preventing the creation of an ID.
Similar solutions are already used by competitors: Safari has the Intelligent Tracking Prevention feature and Firefox has Enhanced Tracking Protection. Microsoft Edge also offers built-in tracking protection.
Unlike Firefox and Safari, which block tracking scripts in normal mode, Chrome currently implements this approach only in incognito mode and for domain lists. Google has emphasized that it does not plan to enable the feature by default in all Chromium-based browsers.
If the protection is working, an “eye” icon will appear in the address bar. Users can disable blocking for a specific site or disable it entirely in the settings if it interferes with the resource.
Therefore, Chrome’s new technology is designed to make browser fingerprinting more difficult, but its effectiveness will depend on the relevance of the MDL and users’ willingness to use incognito mode.
Follow us on Google News to receive daily updates on cybersecurity. Contact us if you would like to report news, insights or content for publication.
