New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 833616 link

Starred by 1 user
Status: WontFix
Owner:
rhalavati@chromium.org
Closed: May 2018
Cc:
dominickn@chromium.org
slightlyoff@chromium.org
msramek@chromium.org
awdf@chromium.org
rhalavati@chromium.org
peter@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Android , Windows , Chrome , Mac
Pri: 2
Type: Bug



Sign in to add a comment

Can notification permission default to denied in Incognito?

Project Member Reported by peter@chromium.org, Apr 16 2018 
Push notifications are not available in Incognito mode. This is implemented by rejecting permission requests after a brief amount of time, which was necessary to avoid detection at time of implementation[1] because the Push API permission was different from the Notification API's permission.

This means that when a page is first loaded in Incognito, |Notification.permission| says "default" - i.e. that it will show an infobar. This will automatically change to "denied" briefly after they request permission. (We suppress the infobar.)

From a developer point of view, this obviously is not ideal. They may end up showing UI to enable users to opt-in, while we already know the permission request is never going to succeed.

Can we instead just default the permission to DENIED in Incognito?

One side-effect is that developers could observe that more (seemingly) first-time visitors have blocked notifications - potentially a signal in inferring that it's somebody using Incognito mode. How concerned should we be about that?

[1] https://chromium.googlesource.com/chromium/src/+/9ed9388c5b6984439ced7abaad2e0900ba526191

Comment 1 by msramek@chromium.org, Apr 16 2018

Cc: rhalavati@chromium.org
Owner: rhalavati@chromium.org
Status: Assigned (was: Available)
+rhalavati@

As you probably know, the side effect you're describing is exactly the reason for the current behavior. Changing the default value of a content setting is relatively rare (since that's deep in the settings), and changing a content setting exception before you visit a site would be even rarer.

So while not a deterministic indicator of Incognito, this would become a high-probability heuristic. Similar to how Facebook infers Incognito from the fact that your cookie jar is surprisingly free of their tracking cookies. And with that, it could end up annoying users who really did block notifications.

I'd prefer that we instead explore ways how we can support notifications in Incognito, addressing both the developer point of view and the privacy requirement that web-facing behavior of Incognito should be indistinguishable.

Comment 2 by rhalavati@chromium.org, May 2 2018

Status: Started (was: Assigned)

Comment 3 by rhalavati@chromium.org, May 3 2018

Components: -Privacy Privacy>Incognito
Hi,

Sorry for the delay, I dug up the previous discussions on this issue in:
 crbug.com/401439 ,  crbug.com/479679 , crbug.com/542081, and summary in https://docs.google.com/spreadsheets/d/1BI3Lolm1-8V700_aXgePhAjQVAgTPYpUH2ewc59XKRM

I did not see any argument against implementing Push notifications API in incognito, except for it's not being useful, useless prompts to the user, and clogging up web app's server ( crbug.com/401439#c2 ).

For not using the default DENIED case, the main argument has been what Martin mentioned before, statistical correlation between immediate deny and being in incognito.

So IMHO, a full implementation is the best choice from user experience point of view and also can be useful for developers or testers who need a fresh profile. 

But if we don’t agree or we don’t see implementation of it worth the effort, we should consider that privacy is user’s main concern when s/he is in incognito and sacrificing some level user experience for the sake of better privacy can be the better choice. So I also prefer simulated denied to defaulted denied as it has less chance of revealing the incognito mode.

Comment 4 by peter@chromium.org, May 3 2018

Status: WontFix (was: Started)
Okay. Thanks for the input - let's close this. It's still not feasible to implement Incognito push today due to server-side costs, but those are being worked on with an ETA of later this year.

Sign in to add a comment