Comment by awesome_dude

2 hours ago

This is probably a naive question, but...

Doesn't the idea of swapping extension specific IDs to your browser specific extension IDs mean that instead of your browser being identifiable, you become identifiable?

I mean, it goes from "Oh they have X, Y , and Z installed" to "Oh, it's jim bob, only he has that unique set of IDs for extensions"

16 comments

awesome_dude

triceratops 2 hours ago

It's not a naive question. This comment says it's not possible to do that: https://news.ycombinator.com/item?id=46905213

awesome_dude 2 hours ago
Oh, it's (re)randomised upon each restart, whew, thanks for the heads up
edit: er, I think that that also suggests that I need to restart firefox more often...
- jorvi 10 minutes ago
  
  Doing it on restart makes the mitigation de facto useless. How often do you have 10, 20, 30d (or even longer) desktop uptime these days? And no one is regularly restarting their core applications when their desktop is still up.
  Enjoy the fingerprinting.
  
  2 replies →
- tech234a 1 hour ago
  
  The webpage would have to scan the entire UUID space to create this fingerprint, which seems unlikely.
  
  4 replies →

b112 2 hours ago

Maybe, but how long are the extension ids? And if they are random, how long to scan a trillion random alphanumeric ids, to find matches?

I presume the extension knows when it wants to access resources of its own. But random javascript, doesn't.

maples37 2 hours ago
The extension IDs are UUIDs/GUIDs, so 128 bits of entropy. No site is going to be able to successfully scan that full range.
- b112 2 hours ago
  
  ChatGPT told me it can be done though.
  It won't disclose how, as it says it has had several users report it. And that it expects 50% of the bounty, and will use it for GPU upgrades.