While Chrome already sandboxes each tab you have open, Incognito Mode takes further steps to protect your privacy. Cookies and other locally-stored data are erased when the session ends, and history is never recorded. However, sites have been able to use well-known workarounds to determine if they were running under Incognito Mode, and Google is finally addressing them.
The FileSystem API was introduced by Google in 2010, and allows sites to create their own virtual file systems for reading and writing local data. The functionality was never widely used, and Chrome and Opera remain the only mainstream browsers supporting it. Chrome disables access to the FileSystem API in Incognito sessions, so sites can check if the API is disabled to determine if they are running in Incognito Mode.
According to a series of commits to the Chromium Gerrit, Google is modifying the API to work under Incognito, by storing files in RAM. According to a design document obtained by 9to5Google, the company hopes to remove the API entirely:
"Since there’s no adoption of the FileSystem API by other browser vendors, it appears to be only used by sites to detect incognito mode. By making this harder, hopefully the overall usage of the API goes down to the point that we can deprecate and remove it."
In short, if a site you visit can figure out when you're in Incognito Mode, it won't be able to for much longer.
- Chromium Gerrit