Brave extensions and fingerprinting

Are you guys installing extensions on Brave? on any browser for that matter? are you worried about fingerprinting based upon addons/extensions if so?

New to brave, trying it out :slight_smile:
Ty!

1 Like

Also, to mention that I am trying brave because of brave sync feature which I lack in my librewolf. I want E2EE, sync across devices without login and cba to setup servers, webdav, extensions.

It’s easy to get your extension list for websites if you are on Chromium browsers and use MV2 extensions, even if they don’t modify the DOM.

Thus it’s a real threat with low difficulty for fingerprinting. If you only need an extension for some websites (e.g. a password manager) use a different browser profile just for these, otherwise I would recommend to stay away from extensions.

1 Like

It’s best to keep extensions to a minimum. Brave has a nice content blocker built in so it’s a bit easier.

I think the trend these days is isolation and sandboxing. Too much disabled stuff makes you stand out especially as a Linux user, making you easy to fingerprint. The best for anti-fingerprinting is unfortunately Windows+Chrome simply because that is what everyone is using, but not quite private. The next best thing is Brave. Does modifying UserAgent bring any meaningful benefit?

1 Like

Yeah I am a linux user :stuck_out_tongue: but I feel there is more of us no days.

What is a content blocker? I’m assuming it is a prevention from fingerprinting based upon extentions?

I currently only have bitwarden on brave, I wonder how many of us have bitwarden only too. If the scum bags can see the addons in my brave, then having bitwarden only must narrow me down quite a bit.

Can’t ever go back to windows haha :smiley:

A content blocker is like UBlock Origin. I don’t like calling them ad blockers because they do so much more these days.

1 Like

Personally, do you have the additional filter lists activated?

Not all extensions contribute to the fingerprint. Extensions that utilise web accessible resources, or a similar feature can change your fingerprint. There was a website to test this for chromium based browsers , but cannot recall now.

1 Like

If you mean the user agent string, then no. It’s harmful, since the browser, major version and OS usually can get fingerprinted quite reliably, thus making your modified user agent string stand out from other users.

1 Like

On Chromium all MV2 extensions do. On FF it’s different.

Linux users are about 3% of the desktop OS market. So basically nothing. And on most browsers you can even fingerprint the distro family (sometimes even the exact distro), which puts you in an even smaller subset of this 3%.

Some ad blockers block more than ads, for example JS. That’s why they are sometimes called content blockers.

Then simply use a separate browser profile with Bitwarden for your logins.

I don’t think so.

https://z0ccc.github.io/extension-fingerprints/#

1 Like

I don’t see how that link disproves my statement.

Hasn’t the manifest v3 solved this problem?

So why does firefox not suffer from this fingerprinting problem? can they still fingerprint our extensions in other ways on gecko browsers?

Hi guys,

Interesting out of my extensions listed below, was detected only 1Password and Deepl Translate. But most of them are also not listed. I suppose, I should get rid of it. On the other hand, I am using more browsers with different settings for different sites. Brave is for everyday “news” browsing, Chrome is only for Google stuff YT, maps and Bard, Arkenfox, Mullvad and Librewolf for research and testing and clear Safari for stuff which is broken by “privacy” browsers.

1Password
Dark Reader
DeepL Translate
Grammarly
Picture-in-Picture
Readwise Highlighter
uBlock Origin
WebChatGPT

Firefox simply doesn’t make parts of the extensions files web accessible. In my opinion this is an unnecessary flaw in Chromium which should be fixed.

Yes. Every extension which interacts with a website can potentially get fingerprinted.

1 Like

Of course they are not detected, if the website doesn’t search for them

1 Like

I’m confused.
So all this time, the word all over the privacy community has been; “Don’t do anything to single you out, this allows identification.” One of which is having 1 or more extentions.
But this only applied to chromium based browsers and not gecko? so I can have lib redirect, bitwarden, ublock, privacy badger, clear URL’s etc etc and be safe on firefox, arken, librewolf etc?

No, it also applies to FF. But just for extensions which interact with websites in a detectable way. For example ad blockers modify the DOM, which definitely can get fingerprinted. Also blocklists can get probed and detected. Lib redirect and Bitwarden shouldn’t be a problem on FF. uBlock Origin and Piracy badger are detecable. But uBlock Origin is usually worth the trade-off. Privacy Badger is redundant with uBO and not worth using. If you use FF simply use Arkenfox and his recommended extensions and you should be fine.

2 Likes