On Mon, Dec 27, 2010 at 8:43 PM, Glenn Maynard <gl...@zewt.org> wrote: > On Mon, Dec 27, 2010 at 10:55 PM, Drew Wilson <atwil...@google.com> wrote: >> FWIW, the Chrome team has come down pretty hard on the side of not ever >> leaking to apps that the user is in incognito mode, for precisely the >> reasons described previously. Incognito mode loses much of its utility if >> pages are able to screen for it and block access. > > A similar argument can be made for ad blockers, and in my opinion much > more convincingly: ad blockers very directly (even measurably) mean > sites make less money. Yet, in my years of using ABP, I've never once > encountered in the wild a site that refused to work because of it, > despite the fact that they're trivial to detect.
You haven't looked widely enough. There was a fad for a little while of doing precisely that - hiding the content if the page detected that an adblocker was in use, and showing an explanation of why the content was hidden. This fad died out, though, because it's pretty rude and most users don't know how to turn off their adblockers anyway. Note, though, that turning off your adblocker doesn't really open you up to privacy violations. Switching out of incognito (when you don't really understand the distinction in the first place, and just want things to work) does. > If ad blockers had been designed to hide their activity from pages, > the end result would have been much worse. Images would have to be > marked visibility: hidden rather than display: none, since the changes > in layout are detectable. A huge amount of bandwidth would be wasted, > since the server can check to see that a banner is actually being > downloaded. > > This just has the feel of those theoretical problems that are easy to > argue for, but are unlikely to ever actually surface. I agree that making adblockers undetectable would have been a huge problem, and almost certainly not worth the trouble. On the other hand, making incognito mode undetectable is very easy - just act like a normal, fresh invocation of the browser, then silently throw away all the data you've stored at the end of the session. The page has no way to tell you apart from any other new user. >> I do think there's a user education burden that isn't entirely being met >> yet, though - the Chrome documentation doesn't really talk about local >> storage, for example. But I don't think that pushing this responsibility >> onto individual web applications is the right solution. > > My experience suggests that most users will never know the difference > between local and server-side storage, and probably don't want to; > most designs that require that much user education don't work. The > most likely end result is ignoring the issue: let a few people lose > data, and if they complain, tell them "it's your fault for using > incognito mode, and your browser's fault for preventing us from > warning you". Not ideal, but pushing the blame onto the browser is > likely to be the path of least resistance. I agree that it's the path of least resistance. I also believe it's the best solution overall. ~TJ