Heads-Up, Chrome Extensions Can Be Used To Track You With Browser Fingerprinting
One of the perks of using Chrome is a wide assortment of browser extensions at your disposal. Including themes and apps, there are over 200,000 of them in the Chrome Web Store. There's strength in numbers but as it turns out, having so many extensions is also a weakness as it applies to privacy. How so? Your profile of extensions can be used to create a browser fingerprint to track your online behavior.
Your browser fingerprint can tell quite a bit about you, such as your browser type and version, your OS, what plugins are active, your time zone, what language you're using, your screen resolution, and other settings. While all this may seem trivial, all these collective data points create a digital fingerprint that is mostly unique to you.
Web developer "z0ccc" created a website that accomplishes the same thing just by looking at your Chrome browser extensions. It scans your browser for over 1,000 extensions and then displays what percentage of Chrome users employ the same combination. You might be surprised by the results.
On our test machine, which features half a dozen extensions, the site found that just 0.005 percent of users are running the same set. It also displays a tracking hash. We've blurred and smudged some of the details in our screenshot because, you know, we actually use this machine. But if you're running Chrome, you can visit the Extensions Fingerprint website to see your own browser fingerprint.
This isn't always easy to pull off. Some extensions try to evade detection by generating a secret token that's need to access certain web resources. Fetch operations made without the token will fail. However, it's still possible to detect these.
"Resources of protected extensions will take longer to fetch than resources of extensions that are not installed. By comparing the timing differences you can accurately determine if the protected extensions are installed," the researchers explains.
Extension fingerprint alone appears pretty effective, and it can also be combined with other collected data to track individuals across the web.