Your Google Chrome extensions could be used to secretly track you online

Internet cookies technology graphic with tracking website surfing on screen and cookies on background.

(Image credit: Shutterstock)

Web browser extensions could be used as a means of identifying users and tracking them across the web, new research suggests.

Online tracking has been the bane of the internet from the earliest days, but over the last few years people have become increasingly unwilling to put up with invasions of privacy. While some people claim tracking is necessary to provide personalized ads, and thus keep internet services free, others shiver at the thought of companies keeping tabs on what they do online.

Ever since Google announced it would be killing third-party cookies, stakeholders have been looking for viable alternatives. “Fingerprinting” people based on the various characteristics of the device they use emerged as one of the options. Those characteristics include factors like display resolution, fonts, GPU performance, installed apps and more.

Scanning for extensions

Now, another unique feature can be added to the mix, and that’s the extensions people have installed on their browsers.

As per a BleepingComputer report, a web developer going by the alias ‘z0ccc’ built a fingerprinting site called “Extension Fingerprints” that does just that: fingerprints people based on their Google Chrome extensions.

Some extensions require the use of a secret token to access a web resource as a contingency measure, the researcher says, but there are still methods to learn if an extension is installed on the endpoint or not.

> Google is charging ahead with its plan to replace cookies

> Here's how to avoid unwanted tracking online

> Over half of Americans now worry cybercriminals are tracking them online

"Resources of protected extensions will take longer to fetch than resources of extensions that are not installed. By comparing the timing differences you can accurately determine if the protected extensions are installed," z0ccc wrote.

The website scans the visitor’s browser for the existence of 1,170 most popular extensions available in the Google Chrome Web Store. While the method works on Edge (albeit with a few tweaks), it doesn’t work on Firefox users.

"This is definitely a viable option for fingerprinting users," z0ccc told BleepingComputer. "Especially using the 'fetching web accessible resources' method. If this is combined with other user data (like user agents, timezones etc.) users could be very easily identified."

Via BleepingComputer

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.