By FactsWow Team
Posted on: 20 Jun, 2022
There is currently a website that uses the installed extensions of your Google Chrome browser to create a fingerprint of your device from which you can be tracked online by this website. Various characteristics of a device connecting to a website can be used to create tracking hashes that can be used to track users on the web.
Performance of GPUs, the installed Windows applications, the screen resolution and hardware configuration of a device, and fonts installed, can all be considered. Through the use of this fingerprinting technique, it would be possible to track a device across different sites.
An extension fingerprinting site is being launched by web developer 'z0ccc' today, using the Chrome extensions installed on a browser to generate an index hash.
'Web-accessible resources' are assets that can be declared as 'web-accessible resources' in Chrome browser extensions so that web pages or other extensions can access them. The 'web-accessible resources' property in the manifest of a browser extension indicates which resources are accessible to the public.
Based on the number of extensions found in the visitor's browser, web-accessible resources can be used as a fingerprint for the visitor's browser, compared to a fingerprint previously revealed in 2019.
Some extensions are protected by a secret token required to view a web resource, explains z0ccc. The researcher found a way to detect if the extension is installed using a 'Resource timing comparison' method
The resource of an unprotected extension will take longer to fetch than the resource of an unprotected extension. On the project's GitHub page, z0ccc describes how to match timing differences accurately to determine if attachments are protected.
The extension fingerprints site from z0ccc illustrates this fingerprinting method by checking a visitor's browser for web-accessible resources within 1,170 popular Chrome extensions. Z0CCC can still identify whether specific popular extensions exist by looking for an 'undefined' value.
For example, MetaMask does not expose any resources. If you don't have extensions installed, you will have the same fingerprint, and you can track them less effectively, while with numerous attachments, you can track them less effectively.
Because Firefox extension IDs are unique to every browser instance, this method cannot be used with Mozilla Firefox add-ons. The fingerprinting model can, however, be further refined by including additional characteristics. In this way, the fingerprints become unique.
For more stories like this
Explore our website