As previously disclosed in 2019, it is possible to use web-accessible resources to check for installed extensions and generate a fingerprint of a visitor's browser based on the combination of found extensions.
To prevent detection, z0ccc says that some extensions use a secret token that is required to access a web resource. However, the researcher discovered a 'Resource timing comparison' method that can still be be used to detect if the extension is installed.
"Resources of protected extensions will take longer to fetch than resources of extensions that are not installed. By comparing the timing differences you can accurately determine if the protected extensions are installed," explained z0ccc on the project's GitHub page.[/quote]
tldr: There was an old way to fingerprint based on installed extensions on chromium web browsers . Some extension makers took steps to mitigate this. The mitigation has a flaw. I have no idea wether the secret token thing is real or not because I'm only like, 20% computer nerd. So he could be fooling me (not hard) and this is just the old method
Test it yourself
https://z0ccc.github.io/extension-fingerprints/
I got 0.006% of users share the same extension
This is based on just 3 extension !
Jump in the discussion.
No email address required.
Ah shit, so there was a reason to not install the e621 extension?
Jump in the discussion.
No email address required.
More options
Context