Incognito detection
652 views
Skip to first unread message
Mr-Yellow
Sep 2, 2008, 11:15:24 PM9/2/08
to Gears Users
This may be a repost, however I had no email indicating the post went
through and it has not appeared.
The affiliate marketing model depends on cookies. When these cookies
are cleared affiliates miss out on their commissions. Chrome has this
feature built-in while Firefox and IE plan to add a private browsing
mode in their next versions.
A possible solution is to detect incognito browsers and implement MS
userdata objects or Gears local database for persistent storage of
this affiliate information.
However..... The user-agent for Chrome standard and Chrome incognito
are the same.
Is there a javascript method or the like to detect when an incognito
browser is used?
Can you please change the user-agent string for Chrome when launched
in this state?
-Ben
through and it has not appeared.
The affiliate marketing model depends on cookies. When these cookies
are cleared affiliates miss out on their commissions. Chrome has this
feature built-in while Firefox and IE plan to add a private browsing
mode in their next versions.
A possible solution is to detect incognito browsers and implement MS
userdata objects or Gears local database for persistent storage of
this affiliate information.
However..... The user-agent for Chrome standard and Chrome incognito
are the same.
Is there a javascript method or the like to detect when an incognito
browser is used?
Can you please change the user-agent string for Chrome when launched
in this state?
-Ben
Mr-Yellow
Sep 2, 2008, 9:59:22 PM9/2/08
to Gears Users
Incognito browsers run the risk of adversely effecting the affiliate
marketing model. Especially on adult sites given that they are largely
the target of such private browsing features which both IE and Firefox
also intend to integrate.
To this end affiliate marketing may need to run gears database as a
backup persistent data store to ensure that affiliates get credit for
their sales, the only other option involves paying out more to
account for all the sales affiliates lose.
How to detect a google incognito browser? The user-agent is the
same.... the environment is the same....
Is there any Javascript or the like that can be used to detect such a
browser?
If not I'd implore the team to add an indication to the user-agent
string of the type of browser being used i.e. public or private.
-Ben
marketing model. Especially on adult sites given that they are largely
the target of such private browsing features which both IE and Firefox
also intend to integrate.
To this end affiliate marketing may need to run gears database as a
backup persistent data store to ensure that affiliates get credit for
their sales, the only other option involves paying out more to
account for all the sales affiliates lose.
How to detect a google incognito browser? The user-agent is the
same.... the environment is the same....
Is there any Javascript or the like that can be used to detect such a
browser?
If not I'd implore the team to add an indication to the user-agent
string of the type of browser being used i.e. public or private.
-Ben
Ben Lisbakken
Sep 3, 2008, 12:53:09 PM9/3/08
to gears...@googlegroups.com
Hey Ben --
Are you referring to Chrome? It's not really an incognito browser, and it doesn't have an incognito feature that allows users to be "invisible" on the internet; rather, it has a feature that allows users to visit webpages and have no activity stored on their local hard drive.
Sorry if I'm totally missing your point :)
-Ben
Mr-Yellow
Sep 3, 2008, 7:47:19 PM9/3/08
to Gears Users
Yeah Chrome..... Brought it here as the solution to this issue
involves Gears....
I took this to the IRC channel and was told that ID'ing the incognito
mode "defeats the purpose".
Now.... To my understanding the purpose of incognito mode is to hide
your browsing history from your wife, NOT to hide your browsers
features from the web-server.
It is not a internet privacy feature but a local privacy feature. It
still accepts cookies and every other kind of browser feature, however
it doesn't indicate to web developers that it won't store persistent
data.
Without persistent data or the ability to detect browsers that don't
allow persistent data there is a hole in the functionality for
developers.
Thus..... I suggest Gears localdatabase offers not only local file
permissions protection but also encryption and/or obsufcation of the
domain the database is for.
This coupled with the ability to detect incognito mode would allow
developers to gracefully degrade their systems to accept alternative
methods of persistent storage when cookies are set to fail on repeat
visits.
Without the ability to detect such a browser mode and provide
alternatives it leaves the affiliate marketing model in trouble if
these kind of browsing practices become standard. Most purchases don't
happen on the same session, it takes 5-7 visits on average before a
customer decides to purchase, thus persistent storage is key to the
affiliate model and it's continued success.
Cookies will become a session storage device only with no clear
solution for persistent stateful storage if the browser doesn't
indicate it's preferences for cookie handling.
Without commerce, content dries up.... Sure home users produce content
as well as corporations, however without commerce the corporations and
their affiliates will have find other fish to fry.
-Ben
involves Gears....
I took this to the IRC channel and was told that ID'ing the incognito
mode "defeats the purpose".
Now.... To my understanding the purpose of incognito mode is to hide
your browsing history from your wife, NOT to hide your browsers
features from the web-server.
It is not a internet privacy feature but a local privacy feature. It
still accepts cookies and every other kind of browser feature, however
it doesn't indicate to web developers that it won't store persistent
data.
Without persistent data or the ability to detect browsers that don't
allow persistent data there is a hole in the functionality for
developers.
Thus..... I suggest Gears localdatabase offers not only local file
permissions protection but also encryption and/or obsufcation of the
domain the database is for.
This coupled with the ability to detect incognito mode would allow
developers to gracefully degrade their systems to accept alternative
methods of persistent storage when cookies are set to fail on repeat
visits.
Without the ability to detect such a browser mode and provide
alternatives it leaves the affiliate marketing model in trouble if
these kind of browsing practices become standard. Most purchases don't
happen on the same session, it takes 5-7 visits on average before a
customer decides to purchase, thus persistent storage is key to the
affiliate model and it's continued success.
Cookies will become a session storage device only with no clear
solution for persistent stateful storage if the browser doesn't
indicate it's preferences for cookie handling.
Without commerce, content dries up.... Sure home users produce content
as well as corporations, however without commerce the corporations and
their affiliates will have find other fish to fry.
-Ben
Chris Prince
Sep 3, 2008, 7:52:08 PM9/3/08
to gears...@googlegroups.com, Matt Perry
I bet Matt (CC'd) can clarify what happens today -- and what may
change in the future, if anything -- when the Gears Database is
accessed while in Incognito mode.
change in the future, if anything -- when the Gears Database is
accessed while in Incognito mode.
Ben Lisbakken
Sep 3, 2008, 8:00:23 PM9/3/08
to gears...@googlegroups.com
On Wed, Sep 3, 2008 at 4:47 PM, Mr-Yellow <meiste...@gmail.com> wrote:
Yeah Chrome..... Brought it here as the solution to this issue
involves Gears....
I took this to the IRC channel and was told that ID'ing the incognito
mode "defeats the purpose".
Now.... To my understanding the purpose of incognito mode is to hide
your browsing history from your wife, NOT to hide your browsers
features from the web-server.
It is not a internet privacy feature but a local privacy feature. It
still accepts cookies and every other kind of browser feature, however
it doesn't indicate to web developers that it won't store persistent
data.
Without persistent data or the ability to detect browsers that don't
allow persistent data there is a hole in the functionality for
developers.
Thus..... I suggest Gears localdatabase offers not only local file
permissions protection but also encryption and/or obsufcation of the
domain the database is for.
This coupled with the ability to detect incognito mode would allow
developers to gracefully degrade their systems to accept alternative
methods of persistent storage when cookies are set to fail on repeat
visits.
Isn't the point of incognito mode that I don't want websites to store information on my computer? If we made a mechanism for Gears to allow storage when cookies fail, why should we disable cookies in the first place? I understand your logic that it could make tracking users a little harder but I'm not sure I'm following how using the Gears database is the solution.
Mr-Yellow
Sep 3, 2008, 9:23:06 PM9/3/08
to Gears Users
Does reply to the emails from the subscription here not post back to
the thread? Getting posting errors on reply.
-------------------
Yeah there is definitely a choice to be made here regarding persistent
storage in general and incognito mode.
i.e. Will incognito mode also delete localdatabases as well as
cookies, or can localdatabases be secured to the point that they can
be considered private for "porn mode" purposes.
The Chrome team seem to think that incognito mode is more about
anonymous browsing (which it isn't and doesn't) then keeping local
data private.
-Ben
-------------------
I just don't believe that users intend to use incognito mode as a
tracking defeater. Instead it's more about local privacy. If the data
can be private, and non-private methods such as cookies are the only
ones effected. Then I believe all the functional requirements of this
feature would be met.
Thus incognito becomes more of "what you do will be private" vrs "what
you do will be deleted (including any functionality you actually
needed)".
-Ben
the thread? Getting posting errors on reply.
-------------------
Yeah there is definitely a choice to be made here regarding persistent
storage in general and incognito mode.
i.e. Will incognito mode also delete localdatabases as well as
cookies, or can localdatabases be secured to the point that they can
be considered private for "porn mode" purposes.
The Chrome team seem to think that incognito mode is more about
anonymous browsing (which it isn't and doesn't) then keeping local
data private.
-Ben
-------------------
I just don't believe that users intend to use incognito mode as a
tracking defeater. Instead it's more about local privacy. If the data
can be private, and non-private methods such as cookies are the only
ones effected. Then I believe all the functional requirements of this
feature would be met.
Thus incognito becomes more of "what you do will be private" vrs "what
you do will be deleted (including any functionality you actually
needed)".
-Ben
Message has been deleted
Scott Kingsley Clark
Sep 4, 2008, 4:42:37 PM9/4/08
to Gears Users
@Mr-Yellow - Google Gears requires authorization from domains to add
information to your localdatabase. Regardless if privacy-enabled
browsers, like Google Chrome, offer this feature to use Google Gears
alternative if cookies won't persist -- The user will still have to
authorize that domain or the security model of Google Gears would have
a huge hole in it.
information to your localdatabase. Regardless if privacy-enabled
browsers, like Google Chrome, offer this feature to use Google Gears
alternative if cookies won't persist -- The user will still have to
authorize that domain or the security model of Google Gears would have
a huge hole in it.
Mr-Yellow
Sep 5, 2008, 9:45:46 PM9/5/08
to Gears Users
Yes this is exactly my point.
The security authorisation on Gears makes it no good as a primary
method of persistence.
However if incognito could be detected by a different user-agent or
some DOM element that can be checked, then cookies could be used and
the Gears security auth only popped up once cookies has been
determined to be unavailiable for persistence (they work for sessions
not for longer persistence).
The other aspect of it is "What is incognito mode?"...... If it's
about local privacy then there is no reason that localdatabase
couldn't be secured to the point that it is considered private enough
to be left behind after an incognito session is closed..... If the
purpose of incognito mode is to block advertisers from tracking their
sales then sure, turn off all the good stuff. However I don't believe
it's about tracking, I believe the users functional requirements for
this feature come from a need to keep visible, easily accessable, web
surfing footprints from a local machine.
So I think the Gears team needs to talk to the Chrome team saying
something along the lines of "Hey if we get our localdatabase really
private will you guys not delete them after a session?"........
Followed by "Ok if we can still use Gears in incognito, it would be
really handy for our developers if Chrome would report what level of
support it's offering for the features, so that devs can decide which
methods to use based on which mode the browser is in".
-Ben
The security authorisation on Gears makes it no good as a primary
method of persistence.
However if incognito could be detected by a different user-agent or
some DOM element that can be checked, then cookies could be used and
the Gears security auth only popped up once cookies has been
determined to be unavailiable for persistence (they work for sessions
not for longer persistence).
The other aspect of it is "What is incognito mode?"...... If it's
about local privacy then there is no reason that localdatabase
couldn't be secured to the point that it is considered private enough
to be left behind after an incognito session is closed..... If the
purpose of incognito mode is to block advertisers from tracking their
sales then sure, turn off all the good stuff. However I don't believe
it's about tracking, I believe the users functional requirements for
this feature come from a need to keep visible, easily accessable, web
surfing footprints from a local machine.
So I think the Gears team needs to talk to the Chrome team saying
something along the lines of "Hey if we get our localdatabase really
private will you guys not delete them after a session?"........
Followed by "Ok if we can still use Gears in incognito, it would be
really handy for our developers if Chrome would report what level of
support it's offering for the features, so that devs can decide which
methods to use based on which mode the browser is in".
-Ben
Chris Prince
Sep 5, 2008, 9:54:39 PM9/5/08
to gears...@googlegroups.com
The plan is for the Database API to respect Incognito mode in the same
way as cookies would.
way as cookies would.
From the perspective of user privacy, database content is analogous to
a Really Big cookie, and it should behave the same way.
Reply all
Reply to author
Forward
0 new messages