• refalo@programming.dev
    link
    fedilink
    arrow-up
    2
    arrow-down
    1
    ·
    4 months ago

    Most firefox addons dont even have the permissions needed to change anything a website could observe.

    Very strong disagree, I have seen and used many very widely used extensions that manipulate the DOM, which IMO satisfies your criteria of “something that can be observed” i.e. by javascript with a fingerprint tracker like creepjs.

    Some examples:

    • ad blockers (uBO/uMatrix/etc.)

    • color/theme management (dark reader/dark theme/Stylish/etc.)

    • custom mouse cursor managers

    • page translators

    • addons serving in-browser ads

    • userscript managers (grease/tamper/violentmonkey etc.)

    • privacy blockers (CanvasBlocker/JShelter/etc.)

    • site-specific UI improvements (RES, SponsorBlock, youtube/SNS tweaks)

    All of these can be detected and included as yet another bit of data that a unique fingerprint can be built from.

    • redjard᠎@lemmy.dbzer0.com
      link
      fedilink
      arrow-up
      3
      ·
      4 months ago

      Yes, those could be detected.
      Ill see how large that portion is on my system in a bit, but I would expect it to come out as the minority.

      Non-detectible ones I can think of rn:

      • Tab muting manager
      • VPN manager
      • link redirect skippers
      • stats printers, like a tab counter
      • dynamic shortcuts, like opening the archived version of the current page on archive.org
      • old reddit redirect
      • cookie managers

      Many more of the ones you listed won’t be detectable on most websites.

      userscript managers (grease/tamper/violentmonkey etc.)

      A userscript manager is by definition detectible only on pages you define or install a userscript for. Even then, modern userscript managers like tampermonkey are running scripts in a separate scope that is completely sandboxed from the actual websites js context, you can’t even pass an object or function to the website and access it there, it will fail.
      Youtube has actively fought some userscripts and failed, which they probably wouldn’t have if those userscripts were detectible.

      User theme managers should be similar, but I can’t comment on them as I don’t use any.

      page translators

      Translators are only detectible when enabled.

      addons serving in-browser ads

      Why would you have an addon that serves ads?

      site-specific UI improvements (RES, SponsorBlock, youtube/SNS tweaks)

      Are site-specific, i.e. not detectible anywhere else

      privacy blockers (CanvasBlocker/JShelter/etc.)

      Please don’t use those anymore, use only uBo. Same for uMatrix.
      uBo is pretty good about not being detected, for obvious reasons.