Article Hero
Blog3 minutes read
December 21, 2023
  • telegram
  • facebook
  • twitter
  • github

Browser Extensions and Fingerprinting: Know the Score

Unless you've been living under a very large rock, you'll know that internet users are tracked as they meander across the world wide web. Cookies are no longer the threat they once were, but they have been surpassed by the more invasive and prevalent browser and device fingerprinting.

Fingerprinting is nothing new, but the tactics and data points keep increasing and the methods get more sophisticated, making it almost impossible for general internet users to avoid.

In June 2022, a researcher generated a fingerprint from installed Google Chrome extensions and then used that info to track users online. This now means that your choice of browser extensions could make you stand out from the crowd, making it easier to identify you as a unique user. Let's explore more.


A Brief Intro to Browser Fingerprinting

Let's just recap for the newbies in the room...

Browser fingerprinting is a particularly invasive way of tracking internet users based on unique browser and device characteristics.

If you're thinking it's the same as cookies, it's not. It's much worse. Cookies can be cleared or blocked but avoiding browser fingerprinting is much harder to do.

Browser fingerprinting relies on a huge number of data points from hardware, software, and user settings. Even with using standard tools like ad-blockers or VPNs, it is very difficult for users to hide all identifying information. That is unless you use dedicated privacy tools like Hoody, but more on this later.

With other so-called anti-fingerprinting methods, websites can still collect various data, leading to unique fingerprints. Limiting or altering the data collected can impact the browsing experience. Or simply make users even more identifiable!

How does browser fingerprinting work?

When you visit a website, your browser willingly divulges information such as your operating system, screen resolution, time zone, the list of installed fonts and plugins, and more.

These details may seem pretty standard and fairly innocent on their own. But when you combine them, they form a distinct and unique fingerprint that can be used to identify and track users across various websites and even multiple devices.

The chances of one user having the exact same settings, language, fonts, etc as another user is so slim that browser fingerprinting has between 90-99% accuracy.

For a more in-depth look at how fingerprinting works, take a look at our previous article: Full Device and Browser Fingerprinting Guide.

Browser Extension Fingerprinting

While browser fingerprinting is already concerning, it gets even trickier when we introduce browser extensions into the mix.

Browser extensions are add-ons that enhance the functionality of your web browser. They provide convenience or enhance the user's web experience with cool additional features.

But, as it turns out, using browser extensions can inadvertently amplify the uniqueness of your fingerprint.

In June 2022, a web developer known as 'z0ccc' created a website named 'Extension Fingerprints' that utilizes a unique method to generate device fingerprints for tracking online users.

These fingerprints are created based on the Google Chrome extensions installed in a user's browser. When a Chrome extension is developed, it can declare certain assets as 'web-accessible resources' that websites or other extensions can access.

The Extension Fingerprints website checks for web-accessible resources in over 1000 popular Google Chrome extensions, including uBlock, LastPass, Adobe Acrobat, Honey, Grammarly, and ColorZilla.

Browser Fingerprinting by Browser Extension: How Does it Work?

The Extension Fingerprints website works by generating a tracking hash based on the combination of installed extensions. This makes it possible to track users across different sites.

If you have multiple extensions, you'll have a less common browser fingerprint, which is useful for tracking.

By combining the browser extension fingerprint with other user data, such as user agents, fonts, and time zones, users can be easily identified.

In fact, tests found that having three or more detectable extensions installed creates a unique fingerprint, with the possibility of users sharing the same combination as low as 0.006%.

At the moment, Extension Fingerprints only works with Chromium browsers that have installed extensions from the Chrome Web Store and does not work with Mozilla Firefox add-ons (yet).

So, What Can You Do?

Some users would tell you not to use extensions or plugins, for the simple fact that they make you more trackable.

The more installed browser extensions you have, the less likely there will be someone else with the same combination installed.

In a test conducted by BleepingComputer, they found that the most popular browser extension was none at all. There is relative "safety" in numbers. Users can hide in the crowd.

While that's true, it's not the most practical advice. Internet users shouldn't have to choose between having a good web experience with convenience and online privacy.

Ironically, there are browser extensions that block certain elements of fingerprinting, such as Canvas Blocker or WebGL Fingerprint Defender.

They might work for that one element, but what about all the thousands of other data points?

Plus, the fact that you're using that particular browser extension could be what makes you stand out, kind of defeating the purpose.

The only real option users have to stop ALL browser fingerprinting is to use the Hoody app.

Hoody is currently the only anti-fingerprinting app that covers every single data point that makes up a user's digital fingerprint. It uses new protocols and an encrypted network, Hoody spoofs your fingerprints and feeds websites with data that isn't yours.

But what sets Hoody apart is that they spoof the fingerprints (and IP addresses) on each tab and every browser.

Other anti-fingerprinting browsers send the same "spoofed data" to every website, meaning that you can still be correlated.

But with Hoody's approach, using real but spoofed fingerprints, for EVERY website means you're a brand new user each time. And that is the only way to achieve real online anonymity.

Read more about how Hoody combats browser fingerprinting for good.

Ruby M
Hoody Editorial Team

Ruby is a full-time writer covering everything from tech innovations to SaaS, Web 3, and blockchain technology. She is now turning her virtual pen to the world of data privacy and online anonymity.

Latest


Blog
Timer7 minutes read

How the Government Hacks You, Final Chapter: IoT Hacks

Chapter 14: IoT Hacks

Will R
6 months ago
Blog
Timer9 minutes read

How the Government Hacks You, Chapter 13: GPS Tracking

Dive into the unsettling world of government-controlled GPS tracking!

Will R
6 months ago
Blog
Timer7 minutes read

How the Government Hacks You, Chapter 12: Garbage Day

Trash Talk: How your garbage can be exploited by hackers, law enforcement, and government agencies

Will R
7 months ago
Blog
Timer8 minutes read

How the Government Hacks You, Chapter 11: Resonance Attacks

It’s time to uncover how government surveillance gets personal.

Will R
7 months ago

Bulletproof privacy in one click

Discover the world's #1 privacy solution

  • Chrome Icon
  • Brave Icon
  • Edge Icon
  • Chromium Icon
  • Coming soon

    Firefox Icon
  • Coming soon

    Safari Icon
  • Coming soon

    Opera Icon

No name, no email, no credit card required

Create Key