Scoring

Incognito Scoring

Incognito scoring covers private-mode detection across major browser engines. Private browsing is a legitimate feature, so this result is informational context — not evidence of spoofing or fraud.

Reviewed

Overview

Incognito scoring identifies sessions that are likely in a private-browsing mode. The result is an IncognitoResult attached to FingerprintResult.incognito and DeviceIdResult.incognito.

Unlike consistency scoring, this result does not indicate malicious intent. Private browsing is a legitimate browser feature that millions of real users use daily for non-fraudulent reasons. The result is surfaced to help consumers understand session context (for example, deciding whether storage-based re-identification is available), not to drive blocking decisions.

typescript
// IncognitoResult shape (src/types.ts)
interface IncognitoResult {
  score: number;               // 0.0 to 1.0
  flags: string[];             // names of fired checks
  incognitoLikelihood: 'low' | 'medium' | 'high';
}

// Defensive fallback: a broken check is treated as passing.
// If anything in the incognito pipeline throws, the result is:
return { score: 1.0, flags: [], incognitoLikelihood: 'low' };

Exact check count, score formula, and threshold map are deliberately not published. Treat incognitoLikelihood as the stable interface.

What is checked, at a glance

Coverage spans the primary private-mode mechanisms across Chromium, Safari, and Firefox. Each engine exposes a different observable when in private mode, and Benny probes the appropriate observable per browser rather than relying on a single cross-engine signal.

Specific check names, the exact thresholds that map flag counts to likelihood buckets, and the per-engine probe methods are not part of the public contract.

Things worth knowing

  • If the incognito pipeline throws an uncaught error, it returns { score: 1.0, flags: [], incognitoLikelihood: 'low' }. A broken check is treated as passing.
  • Coverage is per-engine. A single fired flag on the matching engine is meaningful; do not assume cross-engine correlation.
  • Flag names are exposed as opaque strings for telemetry. Consumers should key off incognitoLikelihood, not individual flag names — the set evolves between releases.
  • Hardware-fingerprint output is unaffected by private mode. Cross-browser device identity remains stable whether a user is in a private window or not.

Last reviewed 2026-06-04