Or simply disable the filesystem API in both normal mode and incognito... which the article states is what they intend to do long term.
The detection routines will quickly be dropped when normal users are accused of being in incognito mode, but false readings the other way around would be somewhat acceptable.
Biting the hand that feeds IT
