> The scan probes for thousands of specific extensions by ID, collects the results
Why exactly does Chrome even allow this in the first place!? This is the most surprising takeaway for me here, given browser vendors' focus on hardening against fingerprinting.
This only happens if the extension puts their `moz-extension://` links into the DOM. It's different to chrome case where extensions can be detected regardless of being activated on that site or not.
As I understand it, an extension could also leak its links via its own backend, e.g. to advertisers, who could then detect it even though no user-observable DOM modification is happening.
Much better than static global IDs, but still not ideal.
Yeah, anything happening in backend depends totally on the extensions. Unless I need something, I rarely use extensions that are closed-source or open-source but has some sending data in their features.
Why exactly does Chrome even allow this in the first place!? This is the most surprising takeaway for me here, given browser vendors' focus on hardening against fingerprinting.