Browser Extensions and Fingerprinting: Know the Score

A Brief Intro to Browser Fingerprinting

Let's just recap for the newbies in the room...

Browser fingerprinting is a particularly invasive way of tracking internet users based on unique browser and device characteristics.

If you're thinking it's the same as cookies, it's not. It's much worse. Cookies can be cleared or blocked but avoiding browser fingerprinting is much harder to do.

Browser fingerprinting relies on a huge number of data points from hardware, software, and user settings. Even with using standard tools like ad-blockers or VPNs, it is very difficult for users to hide all identifying information. That is unless you use dedicated privacy tools like Hoody, but more on this later.

With other so-called anti-fingerprinting methods, websites can still collect various data, leading to unique fingerprints. Limiting or altering the data collected can impact the browsing experience. Or simply make users even more identifiable!

How does browser fingerprinting work?

When you visit a website, your browser willingly divulges information such as your operating system, screen resolution, time zone, the list of installed fonts and plugins, and more.

These details may seem pretty standard and fairly innocent on their own. But when you combine them, they form a distinct and unique fingerprint that can be used to identify and track users across various websites and even multiple devices.

The chances of one user having the exact same settings, language, fonts, etc as another user is so slim that browser fingerprinting has between 90-99% accuracy.

For a more in-depth look at how fingerprinting works, take a look at our previous article: Full Device and Browser Fingerprinting Guide.

Browser Extension Fingerprinting

While browser fingerprinting is already concerning, it gets even trickier when we introduce browser extensions into the mix.

Browser extensions are add-ons that enhance the functionality of your web browser. They provide convenience or enhance the user's web experience with cool additional features.

But, as it turns out, using browser extensions can inadvertently amplify the uniqueness of your fingerprint.

In June 2022, a web developer known as 'z0ccc' created a website named 'Extension Fingerprints' that utilizes a unique method to generate device fingerprints for tracking online users.

These fingerprints are created based on the Google Chrome extensions installed in a user's browser. When a Chrome extension is developed, it can declare certain assets as 'web-accessible resources' that websites or other extensions can access.

The Extension Fingerprints website checks for web-accessible resources in over 1000 popular Google Chrome extensions, including uBlock, LastPass, Adobe Acrobat, Honey, Grammarly, and ColorZilla.

Browser Fingerprinting by Browser Extension: How Does it Work?

The Extension Fingerprints website works by generating a tracking hash based on the combination of installed extensions. This makes it possible to track users across different sites.

If you have multiple extensions, you'll have a less common browser fingerprint, which is useful for tracking.

By combining the browser extension fingerprint with other user data, such as user agents, fonts, and time zones, users can be easily identified.

In fact, tests found that having three or more detectable extensions installed creates a unique fingerprint, with the possibility of users sharing the same combination as low as 0.006%.

At the moment, Extension Fingerprints only works with Chromium browsers that have installed extensions from the Chrome Web Store and does not work with Mozilla Firefox add-ons (yet).

So, What Can You Do?

Some users would tell you not to use extensions or plugins, for the simple fact that they make you more trackable.

The more installed browser extensions you have, the less likely there will be someone else with the same combination installed.

In a test conducted by BleepingComputer, they found that the most popular browser extension was none at all. There is relative "safety" in numbers. Users can hide in the crowd.

While that's true, it's not the most practical advice. Internet users shouldn't have to choose between having a good web experience with convenience and online privacy.

Ironically, there are browser extensions that block certain elements of fingerprinting, such as Canvas Blocker or WebGL Fingerprint Defender.

They might work for that one element, but what about all the thousands of other data points?

Plus, the fact that you're using that particular browser extension could be what makes you stand out, kind of defeating the purpose.

The only real option users have to stop ALL browser fingerprinting is to use the Hoody app.

Hoody is currently the only anti-fingerprinting app that covers every single data point that makes up a user's digital fingerprint. It uses new protocols and an encrypted network, Hoody spoofs your fingerprints and feeds websites with data that isn't yours.

But what sets Hoody apart is that they spoof the fingerprints (and IP addresses) on each tab and every browser.

Other anti-fingerprinting browsers send the same "spoofed data" to every website, meaning that you can still be correlated.

But with Hoody's approach, using real but spoofed fingerprints, for EVERY website means you're a brand new user each time. And that is the only way to achieve real online anonymity.

Read more about how Hoody combats browser fingerprinting for good.