(How) Can a web site determine if Safari Private Browsing is turned on?
In Safari on Mavericks, I sometimes get a dialog from web sites indicating that some site functions will be blocked or degraded unless I turn off Private Browsing mode. Most users probably expect their choice of whether to use Private Browsing to be private. My impression is that other major browsers do not leak Private Browsing state to web sites.
I have noticed that while in private Browsing mode, Safari will not request favicons, so in theory a site could block caching of the favicon and make a pretty good guess that Private Browsing is on.
In contrast, on iOS, Safari doesn't request favicons at all. But it will, even in Private Browsing mode, request any "apple-touch-icon" if you access the Sharing panel (the apple-touch-icon is used as the Home Screen icon if you subsequently "Add to Home Screen" for that URL).
Other than favicon, are there other known ways that a web site could determine (or guess with reasonable accuracy) that you are using Private Browsing mode in desktop Safari?
On iOS, HTML5's local storage is not available in private browsing mode, which means you can detect it by attempting to save something to local storage and catching the exception with the following JavaScript:
try { localStorage.test = 2; } catch (e) {
alert('You are in Private Browsing mode');
}
Modified from https://stackoverflow.com/a/17741714/
On OS X, there's not really a canonical method, but this should provide some useful information:
- Can web sites detect whether you are using private browsing mode? –Security.SE
If you're looking for implementation guidance, you should probably try Stack Overflow instead
Safari’s Private Browsing doesn’t work in the same way as the other browser Private Browsing.
For example, Chrome’s Incognito Mode creates a separate new session that all the data will be deleted after the browsing session (the website can still track your actions from the IP address in that mode).
While Safari forbid website from creating/writing a file locally, discard all the changes made to cookies, including your activities in browser during this browsing session (the website can still track your activity in this mode, except that they stored cookies in this session will be discarded).
So how does a website know if you’ve turned on Private Browsing? Because it checks if it can write files locally.