Disable dangerous plugins and other settings in Chrome's Incognito mode

[kristovatlas]

It appears to me that if you are in a Chrome profile with Adobe Flash disabled and you open an Incognito window, Flash will be enabled in those Incognito windows.

I think the reasoning here is supposed to be that Incognito mode is as bland as possible to reduce the machine's distinctiveness, but this also creates a non-obvious security pitfall for users for enabling software they thought was disabled. It also does not seem like a good privacy tradeoff considering that disabling software such as JavaScript, Flash, and the installation of privacy plug-ins (which are disappeared in Incognito mode) reduce a website's ability to interrogate the system and identify a distinctive fingerprint. Thus, the only remaining useful feature of Incognito mode is that data is no longer stored locally once the window is closed.

Possibly the solution here is to educate users not to use Incognito mode, but we could also investigate disabling it or changing its default configuration to protect users better.