Chrome is outsmarting websites that try to detect Incognito mode

Google is once again making it harder for websites to detect when you’re using Chrome’s Incognito mode. This time, the work is happening quietly, under the hood, inside the browser’s storage system, rather than through any visible change.

In our testing with beta versions of Chrome on desktop and Android, the detectIncognito tool was unable to detect Incognito mode, as you can see in the screenshots.

For years, Incognito detection in Chromium‑based browsers relied on differences in storage behavior. One of the most reliable tricks used the Storage API: when a site called navigator.storage.estimate(), Chrome reported how much storage you were using and how much quota you had.

In normal mode, Chrome reported a large quota that roughly reflected your actual disk space. In Incognito, where data is temporary and more limited, the reported quota was much smaller. That gap alone was enough for scripts like detectIncognito to conclude “this looks like a private window.”

As a side effect, sites in normal mode could also infer your device’s approximate storage size from that quota, giving them a fingerprinting signal to distinguish users.

To address both issues, the Chromium team has introduced what it calls a predictable reported storage quota. Instead of tying the reported quota to your actual disk or RAM, Chrome now returns a predictable value for sites without special storage permissions.

That means normal and Incognito windows both see the same quota regardless of your real hardware. The change affects the StorageManager.estimate() API and aims to reduce fingerprinting while also closing off storage quota as a side channel for private browsing detection.

Google’s Chromium discussions acknowledge that the earlier predictable quota behavior did not fully stop Incognito detection. One Chromium note states that the feature “does not prevent Incognito detection completely,” which led engineers to work on a follow‑up fix that always reports a fixed quota value in Incognito mode.

It’s rolling out behind a flag of the same name, tested in experiments before reaching release builds. Enterprise admins also get a policy toggle to control the behavior. Google has not confirmed an exact rollout timeline, so it may take time before the change becomes enabled by default across all Incognito sessions.

Tools like detectIncognito have historically combined multiple signals to guess when a user is in private mode. The storage quota gap was one of the clearest. Once Chrome stops exposing it, that method stops working or becomes far less reliable.

This isn’t the first time Google has closed an Incognito loophole. In 2019, Chrome changed the FileSystem API after websites widely used it to detect private windows. Google also said it would continue addressing other detection methods. The storage‑quota change is one of those follow‑up steps. Like the earlier FileSystem API fix, this change makes Incognito detection less reliable.