Lack of warning if LocalStorage isn't reliable (Incognito window)

[dsernst]

If the user is in an incognito window, local storage will appear available but get wiped as soon as the session closes.

This could completely disrupt voters being able to verify & Privacy Protectors being able to unlock final votes

[dsernst]

First step is to detect if they're incognito.

Options:

• See https://github.com/yankouskia/is-incognito-mode -- doesn't work anymore
• somehow these people are still doing it: https://fingerprintjs.com/ free plan includes 20k checks per month, then $2/1k checks after that
• also: https://mishravikas.com/articles/2019-07/bypassing-anti-incognito-detection-google-chrome.html

[dsernst]

Then need message for /observer page & /vote page

[dsernst]

One thing that's annoying about the fingerprintjs solution is it requires loading in their 3rd party script, which is a security hole. Could especially create bad PR if people notice its from "fingerprintjs", and assume it might compromise voter privacy.

One solution to this is to isolate the call within an iframe or web worker or similar, and then only pass out a boolean is_incognito: true/false, so that the script doesn't have any other access to read or modify the rest of the page.

[dsernst]

Related to https://github.com/dsernst/siv/issues/24, because they ought to confirm their device is good before KeyGen