More fingerprinting by extension suite sneakiness.
-
Yesterday, web developer 'z0ccc' shared a new fingerprinting site called 'Extension Fingerprints' that can generate a tracking hash based on a browser's installed Google Chrome extensions.
When creating a Chrome browser extension, it is possible to declare certain assets as 'web accessible resources' that web pages or other extensions can access.
These resources are typically image files, which are declared using the 'web_accessible_resources' property in a browser extension's manifest file."This is definitely a viable option for fingerprinting users," z0ccc explained in an email to BleepingComputer.
"Especially using the 'fetching web accessible resources' method. If this is combined with other user data (like user agents, timezones etc) users could be very easily identified" with no extensions.https://www.ghacks.net/2022/06/19/your-installed-browser-extension-may-be-used-to-fingerprint-you/
Browser extensions may use web accessible resources; not all do, but thousands use these resources. These resources, for instance images, may be accessed by websites that are loaded in the browser. The developer of the extension needs to declare web accessible resources explicitly in the manifest.
Internet users have no viable options to protect their identity from this fingerprinting method. Uninstallation of extensions with web accessible resources or the blocking of JavaScript by default may not be viable options.
-
@guigirl I think I'll be fine
59.089% of users share the same extensions
Hash: d751713988987e9331980363e24189ceuBlock Origin FalseYeah, not convinced...
-
What about toggling off the "Images and Animation" down in the toolbar. Will that block the Fingerprinting?
It is one reason why my email is set to "Text Only".
An email sender can include a specially configured image to let them know if the recipient has opened the email
.As I grew up with Lynx I can easily go back if there is a modern alternative.
-
You are right. Look this email:
"A tracking pixel has been detected. You can block it with the pro version"
