How does using browser extensions help browser fingerprinting?
-
P [email protected] shared this topic
-
Browser fingerprinting takes measurement of things the browser exposes. If a browser exposes installed extensions, this can be used to corelate information. If awebsite checks if the browser loaded something or not, that also can be used to corelate.
Example, you (ip address xxx.xxx.xxx.xxx) visited this website (trackingsite.xyz), with a screen resolution of 1920x1080, using a (Mozilla/firefox) browser. The three trigger pixels did not load, meaning you're using an adblocker, and the remote font loaded from localhost, not google. Your canvas, microphone, and camera are all blocked. Your browser also responded to an api ping for (useful extension). Interesting. This same configuration was also on (othertrackingsite.xyz) and (definitelyalegalsite.xyz), both of which a browser with the same info navigated to for at least 5 minutes, so we know it wasn't a mistype. This same browser configuration was seen regularly browsing these sites on [days of the week] at [time of day], indicating a regular habit.
We know who you are and where you have gone.
-
It’s about the exact combination of extensions you have installed, along with all of the other info that a nosy website can obtain from you (installed fonts, User Agent string including exact version numbers, etc). It doesn’t come down to any one particular piece of info, but every bit adds to the overall picture. Here is a good overview and their main page runs an active test on your browser.
-
Okay, that makes sense (and thanks for the great explanation!). But, don't website ads also track you? So if you're not using an adblocker, can't you be compromised that way? And wouldn't a good VPN help with fingerprinting?
-
Great stuff! Thank you!
-
-
-
-
Great point.
-
Don't use your Tor session to sign in. Also banks will probably not let you sign in via Tor.
-
In the context of fingerprinting I disagree. The vast majority of the world population do NOT use an ad-blocker (supposedly maybe 15% do at most)... so having an adblocker can be used to narrow you down even more IMO. Many extensions can have this issue afaik, especially if it modifies the DOM.
-
Every different part of computer setup/OS/resolution/extension/etc is a data point that can be used to uniquely identify you and track your web browsing. Generally any desktop computer will have a unique fingerprint, the only hardware setup I've heard of being common enough to avoid fingerprinting is something like using safari on a modern iphone.
-
I don't think it was meant exactly that literally. If you use online banking then of course you have to allow whatever they require for it to work. But for non-necessary services that have an account feature... any time you use those of course will have more of your information out there to sell.
-
Trust me, they don't.
-
However, allowing ads means allowing tracking. You got corelation with the ads being served from ad brokers, who can now see what sites you been on and have a record of where you've been.
-
Yes but I think you still need a unique fingerprint in order to tie that data to a single person... and there are much less people who use ad-blockers than those who don't, so to me it's an extra bit of identifying information; obviously this puts the privacy-conscious user in a difficult position and I don't know that there's a perfect answer.
-
Actually as of 2024, 31.5% of internet users worldwide use an adblocker. Source: https://backlinko.com/ad-blockers-users
-
I think it's about the combination of extensions you have. Not everyone has every popular extension and you may have some less popular ones etc.
