Comment by cbsks
5 hours ago
Looks like Firefox is immune.
This works by looking for web accessible resources that are provided by the extensions. For Chrome, these are are available in a webpage via the URL chrome-extension://[PACKAGE ID]/[PATH] https://developer.chrome.com/docs/extensions/reference/manif...
On Firefox, web accessible resources are available at "moz-extension://<extension-UUID>/myfile.png" <extension-UUID> is not your extension's ID. This ID is randomly generated for every browser instance. This prevents websites from fingerprinting a browser by examining the extensions it has installed. https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/Web...
And they said that using a browser with sub-5% market share would cause us to miss out on the latest and greatest in web technology!
The latest and greatest is not great for you, but for them.
chrome was made by ex-firefox devs, chrome is still not as good!
This is probably a naive question, but...
Doesn't the idea of swapping extension specific IDs to your browser specific extension IDs mean that instead of your browser being identifiable, you become identifiable?
I mean, it goes from "Oh they have X, Y , and Z installed" to "Oh, it's jim bob, only he has that unique set of IDs for extensions"
It's not a naive question. This comment says it's not possible to do that: https://news.ycombinator.com/item?id=46905213
Oh, it's (re)randomised upon each restart, whew, thanks for the heads up
edit: er, I think that that also suggests that I need to restart firefox more often...
15 replies →
Maybe, but how long are the extension ids? And if they are random, how long to scan a trillion random alphanumeric ids, to find matches?
I presume the extension knows when it wants to access resources of its own. But random javascript, doesn't.
The extension IDs are UUIDs/GUIDs, so 128 bits of entropy. No site is going to be able to successfully scan that full range.
2 replies →
yes thats how browser fingerprinting works and it is impossible to defeat because there are just too many variations in monitors (relevant for fonts), simple things like user agent, etc.