How does it do that? Do browsers set a flag? That seems like a privacy hole.

makepanic · on April 3, 2018

Peeking into the source:

  /**
   * Detects incognito/private mode in various browsers.
   *
   * Adapted from:
   *   https://gist.github.com/cou929/7973956
   */

Something1234 · on April 3, 2018

Link for the lazy.

https://gist.github.com/cou929/7973956

Jacqued · on April 3, 2018

My guess is that they feature detect, using disabled stuff (eg localStorage error 22 on safari private mode) to find out if your browser looks like one in private mode.

bentruyman · on April 3, 2018

There are certain browser APIs disabled in the browser in incognito mode that can be detected. How else would you implement incognito mode?

brohee · on April 3, 2018

By sandboxing, e.g. localStorage fully functional but deleted at the end of the session...

2fifty3 · on April 3, 2018

Mozilla recently released containerized tabs[0], I imagine the next logic step is building containerized Private Browsing Mode

[0]: https://addons.mozilla.org/en-US/firefox/addon/multi-account...

Paul-ish · on April 3, 2018

My understanding is that things actually went the other way. Private browsing came first, then the same approach was used to create more labels than just "private" and not "private". I think more features may be turned off in private browsing mode though.

m-p-3 · on April 4, 2018

I use multiple computers daily and not having those synced with my Firefox account is a pain in the ass.

Analemma_ · on April 3, 2018

That's interesting. Why are the storage APIs disabled, instead of just using ephemeral storage that goes away when the window is cleared?

lallysingh · on April 3, 2018

It's less work to disable them. There's likely already an API access control system in place, for internal-only APIs, testing, etc.

lilyball · on April 3, 2018

It also means sites can avoid promising to do things that aren't actually possible, like saving information for access next time.