June 30, 2022

TheCyberThrone

Thinking Security ! Always

Chrome Extensions can Track online

Google Chrome extensions are used to generate fingerprint and it used to track online, researcher claims.

Fingerprinting is a way of figuring out what makes your device unique and then using that to identify you as you move around the internet. Websites you visit receive a huge amount of information when you land on their portal it’s a lot more than web browser you use to load up someone’s site.

Advertisements

The site checks for a variety of information related to your device, and then places a cookie on your PC for numerous months:

  • the User agent header
  • the Accept header
  • the Connection header
  • the Encoding header
  • the Language header
  • the Upgrade Insecure Requests header
  • the Referer header
  • the Cache-Control header
  • the BuildId of the browser
  • the list of plugins
  • the platform
  • the cookies preferences (allowed or not)
  • the Do Not Track preferences (yes, no or not communicated)
  • the timezone
  • the screen resolution and its color depth

A high degree of similarity between users for things like content encoding, preference for secure HTTPs requests, supported video formats.

The numbers start to flatten out for aspects of your PC like plugins, adblocker use, media devices plugged in, and lists of fonts.

Advertisements

There’s lots of ways fingerprinting can provide a very in-depth profile of a device.

Visiting the checker site returns a list of potential Chrome extensions, and each entry has a True/False detection flag.

The detection does not work for Firefox as Firefox extension IDs are unique for every browser instance. Extensions for Microsoft Edge can be detected using the same methods but are not supported by this tool.

Some extensions have ways of not showing up in this kind of fingerprinting test.

There’s numerous suggestions as given below.

  • Using a “non-rare” browser, with the caveat that aspects such as fonts and plugins can easily make you identifiable.
  • Disabling JavaScript, with the additional caveat that this may break functionality for most websites.
  • Making use of the private browsing modes included in most web browsers.
%d bloggers like this: