It’s no secret that maintaining privacy and anonymity online is becoming increasingly difficult. And it is that, regardless of the website we visit, they almost always know who we are, our tastes and interests, and where we come from and which page we are going to go to next. There are many ways to track users: create fingerprints, follow certain generated hashes or control the characteristics of the equipment (CPU, GPU, programs, etc.) from which you connect to a website, among others. But a researcher has found a new way to track us when we are online: chrome extensions.
It is true that Chrome extensions have become an essential element for most users. And it is that thanks to them we can navigate the web much better and enjoy functions in the browser that are not installed as standard. However, installing extensions without care can bring us more misfortunes than benefits. And it is that, as the developer explains «z0ccc«, the developers of the extensions can make certain resources of these available to the websites we visit. And, using these resources, it is possible to create a unique hash.
How to know what extensions are used to spy on us
This developer has analyzed more than 1,170 popular extensions from the Chrome Store. And, in his work, he has found that there are many extensions, very widespread, that can be identified by websites and used to create the tracking hash. For example, some of the most relevant are LastPass, Adobe Acrobat, Honey, Grammarly, Rakuten and ColorZilla.
We can easily check which of the installed ones are used to track us on the Internet simply by accessing this website created by the developer.
This website acts in a similar way to any other website that can be used to spy on us. In other words, when accessing it, it detects all the extensions that use shared resources, registers them and marks them in green so that we know what they are. Those extensions that do not appear in the list will generally be safe.
This method will work equally well with Microsoft Edgealthough it would be necessary to change their ID to that of the Google store for the web to identify them, or adapt the entire system to recognize the extensions of the Microsoft store. With Firefox it is impossible to use this method, since each downloaded extension has a unique ID, so the ones that share resources cannot be identified.
If we have 3 or more extensions installed that can be tracked, websites will be able to create a unique footprint, and it will be very difficult to regain privacy.
How do I protect my privacy in Chrome?
The only way to prevent this problem from affecting us is simple: do not install any extension in Google Chrome. We will be losing very interesting functions, but it is the price we will have to pay to be able to surf the net anonymously and safely.
A browser without extensions is equivalent to a hash that is shared by about 60% of users, so it is insignificant. If we only have installed Google Docs Offline, we will already have a unique hash that identifies 2% of the users. And just by combining Google Docs Offline with LastPass we will be generating an ID that we share with 0.05% of users. Which means that we can already be easily identified through it.