> The scan probes for thousands of specific extensions by ID, collects the results

Why exactly does Chrome even allow this in the first place!? This is the most surprising takeaway for me here, given browser vendors' focus on hardening against fingerprinting.

▲

spopejoy 5 hours ago | parent | next [-]

Firefox FTW. I was relieved to find this was a Chrome-only problem.

▲

lxgr 3 hours ago | parent | next [-]

Turns out Firefox has a similar issue, despite mitigations :( https://bugzilla.mozilla.org/show_bug.cgi?id=1372288

▲

eipi10_hn 2 hours ago | parent [-]

This only happens if the extension puts their `moz-extension://` links into the DOM. It's different to chrome case where extensions can be detected regardless of being activated on that site or not.

	▲	lxgr an hour ago \| parent [-]
		As I understand it, an extension could also leak its links via its own backend, e.g. to advertisers, who could then detect it even though no user-observable DOM modification is happening. Much better than static global IDs, but still not ideal.

▲

4 hours ago | parent | prev [-]

[deleted]

▲

susupro1 5 hours ago | parent | prev [-]

[dead]