A researcher has established a website that generates a fingerprint of your device based on your installed Google Chrome extensions, which may be used to monitor you online.
It is possible to construct fingerprints, or tracking hashes, depending on numerous features of a device connected to a website in order to monitor users on the internet. GPU performance, installed Windows applications, a device’s screen resolution, hardware setup, and even installed fonts are among these variables.
The same fingerprinting technology can subsequently be used to track a device across many sites.
Installed Chrome add-ons leave a fingerprint
‘Extension Fingerprints,’ a new fingerprinting site created by web developer ‘z0ccc,’ may generate a tracking hash based on a browser’s installed Google Chrome extensions.
It is possible to declare specific assets as ‘web accessible resources’ that web pages or other extensions can access when creating a Chrome browser extension.
The ‘web accessible resources’ field in a browser extension’s manifest file is used to declare these resources, which are often picture files.
It is feasible to use web-accessible resources to check for installed extensions and produce a fingerprint of a visitor’s browser based on the combination of extensions identified, as previously disclosed in 2019.
Some extensions, according to z0ccc, use a secret token that is necessary to access a web resource to avoid discovery. However, the researcher identified a mechanism called ‘Resource timing comparison’ that can still be utilized to determine whether or not the extension is installed.
Also Read: Key Aspects Defining Metaverse Technologies
“Resources from protected extensions will take longer to load than resources from unprotected extensions. You can tell if the protected extensions are installed by comparing the time discrepancies “z0ccc stated the project’s GitHub website.
To demonstrate this fingerprinting technology, z0ccc created the Extension Fingerprints website, which checks a visitor’s browser for web-accessible resources in 1,170 prominent Google Chrome Web Store extensions.
uBlock, LastPass, Adobe Acrobat, Honey, Grammarly, Rakuten, and ColorZilla are among the extensions that the website will detect.
The website will generate a tracking hash based on the mix of installed extensions that can be used to track that particular browser, as seen below.
Although some popular extensions, such as MetaMask, don’t expose any resources, z0ccc can nevertheless tell if they’re loaded by looking for the value “typeof window.ethereum = undefined.”
While individuals who have no extensions installed will have the same fingerprint and will be less beneficial for monitoring, those who have a lot of extensions will have a less common fingerprint that can be used to trace them around the internet.
Adding more parameters to the fingerprinting model, on the other hand, can refine the fingerprint and make the hashes unique to each user.
In an email to BleepingComputer, z0ccc explained, “This is definitely a realistic technique for fingerprinting users.”
“Especially when employing the method of ‘fetching web accessible resources.’ Users could be easily identified if this data is paired with additional user data (such as user agents, timezones, and so on).”
with no additions
The Extensions Fingerprints site is only compatible with Chrome browsers that have Chrome Web Store extensions installed. This solution will work with Microsoft Edge, but it will need to be tweaked to use extension IDs from Microsoft’s extension store.
Because Firefox extension IDs are unique for each browser instance, this strategy does not work with Mozilla Firefox add-ons.
The most widely used is uBlock Origin.
While z0ccc does not collect data on installed extensions, his own experiments revealed that the most prevalent extension fingerprint is uBlock.
“Having no extensions installed is by far the most common. As previously stated, I do not collect specific extension data, however based on my tests, having simply ublock installed appears to be a common extension fingerprint “z0ccc is a shared z0ccc.
“Having three or more detectable extensions placed appears to make your fingerprint quite unique.”
Installing three to four extensions reduced the percentage of users using the same extension to 0.006 percent in our tests. Obviously, the more extensions that are installed, the fewer persons will have the same combination.
The 0.006 percent suggests that you are the sole person with that combination of extensions, according to z0ccc, but this will change as more people visit the site.
Extension Fingerprints is now available on GitHub as an open-source React project, allowing anyone to see how to query for installed extensions.
Read more: Top Gadgets That Changed The World