So I have seen comments that bitwardens extension works and want to check if no script does. Since libre wolf is just configuration I figure most stuff should work but not real sure. I looked to see if there was something like a pinned questions thread which I would normally put a minor question like this. Considering recent news maybe instead a moving from firefox pinned thread for awhile first.
Noob here - How come browser extensions can be used in fingerprinting? Why is the fact that I have an extension shared with servers? Why doesn’t a browser like Libre Wolf refuse to share this? Is it really ingrained in the we browsing process to pass that info back? It seems like it should remain on the client-side. I can see Google sharing it but why can’t LibreWolf decide not to?
It’s not 100% the case that EVERY extension will. A completely local extension that doesn’t ever hit the web or change page layout won’t, but how many of those are there? Anything that changes how you view a page will subtly impact what the server sees in your request, or at least CAN see via javascript, which can be used towards fingerprinting – and because everything is so monopolized, anything making a third party call related to the page is potentially resolvable based on IP and timing because like four companies run everything and share an unknown subset of their data on you. Since your data is the new oil, there’s a robust incentive for ad companies to really break out all the stops trying to fingerprint everything about you. It’s not LibreWolf’s fault, it’s just the incentives that exists out there plus how the web works.
Got it, so it’s not that the browser passes an extension list to the server, but the server could recognize an extensions impact on the page with local JS or something and then send that info home. Could that in theory be blocked?
You could try, but I’ve never heard of a browser that claimed to be able to mitigate fingerprinting with arbitrary extensions. The extension itself could literally be phoning home to Google or anyone else