Ghostboard pixel Skip to content

This Open-Source Project Proves Chrome Extensions Can Track You

Even with all the privacy extensions and fancy protection features, there are still ways to identify you or track you.

Note that it is not the case for all browsers, here, we focus on Chromium-based browsers and Google Chrome as the prime suspect.

While detecting installed extensions in a Chromium browser was already possible, numerous extensions implemented certain protections to prevent it.

However, a security researcher, also known as “z0ccc”, discovered a new method to detect installed Chrome browser extensions, which can be further used to track you through browser fingerprinting.

In case you did not know: Browser fingerprinting refers to the tracking method where various information about your device/browser gets collected to create a unique fingerprint ID (hash) to identify you across the internet. Information like browser name, version, operating system, extensions installed, screen resolution, and similar technical data.

It sounds like a harmless data collection technique, but you can be tracked online with this tracking method.

Detecting Google Chrome Extensions

The researcher shared an open-source project “Extension Fingerprints” which you can use to test if Chrome extensions installed on your browser are being detected.

The new technique involves a time-difference method where the tool compares the time to fetch resources for the extensions. A protected extension takes more time to fetch compared to other extensions not installed on your browser. So, that helps identify some extensions from the list of over 1000 extensions.

The point is—even with all the advancements and techniques to prevent tracking, extensions from the Google Web Store can be detected.

And, with the installed extensions detected, you can be tracked online using browser fingerprinting.

Surprisingly, even if you have extensions like uBlocker, AdBlocker, or Privacy Badger (some popular privacy-focused extensions), they all get detected using this method.

You can explore all the technical details on its GitHub page. And, if you want to test it yourself, head to its Extension Fingerprints site to check for yourself.

Firefox To The Rescue?

It seems like it, considering I keep coming back to Firefox for various reasons.

The discovered method should work with all the Chromium-based browsers. I tested it with Brave and Google Chrome. The researcher also mentions that the tool does not work with Microsoft Edge using extensions from Microsoft’s store. But, it is possible with the same method of tracking.

Mozilla Firefox is safe from this because the extension IDs for every browser instance are unique, as the researcher suggested.

More from It's FOSS...