Where can I see that websites can see my browser extensions? en (kopnij.in)

mintycactus, 18 dni temu

Check this z0ccc.github.io/extension-detector/

But there is no easy way to detect all extensions, instead most popular ones. My Kiwi Browser on Android has only 2 extensions and only uBlock Origin was detected. Firefox won’t leak them at all.

Retiring, 18 dni temu

This says it only detects chrome extensions, so I am not surprised it doesn’t detect your Firefox extensions. Why do you say that Firefox won’t leak extensions at all? Do you have a source for that?

mintycactus, 18 dni temu

Not really. But the site says it works only with chrome desktop, not firefox desktop. I have Kiwi installed and Firefox as well to test both, Firefox extensions were not detected.

Atemu, 18 dni temu

The way it’s written doesn’t say whether it simply isn’t made to work for Firefox or whether it couldn’t be made to work for Firefox. Fortunately, the latter appears to be the case.

ReveredOxygen, 17 dni temu

if you click read more, it mentions that it can’t be made to work with firefox

Atemu, 18 dni temu

Detecting extensions using web accessible resources is not possible on Firefox as Firefox extension ID’s are unique for every browser instance. Therefore the URL of the extension resources cannot be known by third parties.

and also for Chrome:

in manifest v3 extensions will be able to enable ‘use_dynamic_url’ option, which will change the resource URL for each session (browser restart). This will render this detection method unusable.

Though it should be noted that this method isn’t the only way to detect extensions.

mintycactus, 18 dni temu

Do you mean this issue is going to be solved only with mv3 implementation? That leaves other chromium browsers staying with both mv2 and mv3 with this issue unresolved…

TCB13, 18 dni temu

But there is no easy way to detect all extensions, instead most popular ones

It doesn’t really matter if its easy or hard, I’m sure Google already has automated processes in-place to detect all extensions published to the store and fingerprint browsers. They might even have the same for Firefox extensions, who knows.

LWD, 17 dni temu

This is actually a good point. It’s not just a proof of concept for one extension, either: it’s a proof of concept for a wide array of handpicked ones, and the script for it could easily be shrunken.

Ironic that Firefox protects your extensions better, considering Chrome Manifest V3 (the adblock killer) is locking down so much functionality.

I guess Google is too busy locking down the functionality that people want, than to lock down the functionality that would make people more secure.

LWD, 18 dni temu

Not really, because AFAIK extension detection needs to be built on a per-extension basis.