We should probably do an incognito check here if we can access it https://cs.chromium.org/chromium/src/components/handoff/handoff_manager.mm?type=cs&q=shouldUseActiveURL&sq=package:chromium&g=0&l=87

or have a way to invalidate the active user activity from somewhere where we *do* know about the incognito session.

+msramek, +huanzhong,

I think this is a high priority issue. Martin, what do you think?

Martin, Huanzhong,

Gentle reminder. +Increasing priority.

Hi rhalavati, 

Thanks for increasing the priority.

Quick question, does this fall under the remit of "Information Leak" on the Bug Bounty for Chrome?

Passing to +erikchen@ from handoff/ OWNERS.

If I understand correctly, this is basically like Chrome's Tab Sync, just done by the OS, and through the iCloud account.

Similarly as we don't sync Incognito history and tabs, we shouldn't make them available for Handoff. If I understand comment #2 correctly, if we can avoid exposing those tabs to Handoff, we should certainly do that.

Re #5: Unfortunately, privacy bugs are currently not covered under the bug bounty program, only security vulnerabilities are.

Re #7 yeah figured, worth asking anyway :D

We probably want to add some simple logic to the code in app_controller_mac or handoff_active_url_observer:

https://cs.chromium.org/chromium/src/chrome/browser/ui/cocoa/handoff_active_url_observer.cc?type=cs&q=handoffActiveURLChanged&sq=package:chromium&g=0&l=32

https://cs.chromium.org/chromium/src/chrome/browser/app_controller_mac.mm?type=cs&q=updateActiveURL&sq=package:chromium&g=0&l=1689

e.g. if we can determine if a  WebContents* is from an incognito window, then I think a single check in updateHandoffManager: may suffice.

Over to elly to find an owner on the macOS team.

avi@, over to you for M72 :)

Errrr.... we already do this.

AppController's -handoffURLFromWebContents: already checks for incognito and guest mode. Investigating.

I have no idea what's going on here.

AppController's -handoffURLFromWebContents: is correctly returning GURL() for incognito and guest browser windows. That null URL is being passed to the handoff manager's -shouldUseActiveURL method. I've verified both.

I cannot reproduce this at all.

OP, can you provide more details? Perhaps a screen recording?

Hmm, is it possible that this was fixed somewhat recently?

I can't reproduce it myself either anymore (Chrome 70 on both Mac devices).

Any changes to how this works in 68-70? 

Ah, I think I know what the issue is.

It isn't incognito users, it is a different Chrome profile that it happens on.

For example, I have 3 profiles on my iMac.

"Profile 1", "Profile 2", and "Profile 3".

Profile 1 is my usual profile, Profile 2 looks like Incognito (Dark chrome - hence my confusion), Profile 3 is light like the standard chrome one.

I can handoff to my device from a different Chrome profile (one that doesn't exist on my laptop).

This works as intended, then.

Handoff is "send the URL I'm using on this other Mac", and we don't distinguish between profiles in that regard. I'm not quite sure how to consider equality of profiles on different Macs.