I don’t see any extension info and I don’t see how there could be any. There isn’t any api for gaining this info in ff at the very least.
There are other issues, but most extensions can in fact not be detected by websites, unless they specifically add something that makes them detectable.
perhaps you should look up how creepjs implements detection for known extensions
I found this is the only thing I found on a quick search.
It would indicate that chrome does disclose addons (so maybe don’t use it for yet another reason).
For Firefox you can only look for changes typically performed by an addon, something like adblock should be detectible but networking layer stuff like an I2P tunnel should definitely not be.
Most firefox addons dont even have the permissions needed to change anything a website could observe.
Most firefox addons dont even have the permissions needed to change anything a website could observe.
Very strong disagree, I have seen and used many very widely used extensions that manipulate the DOM, which IMO satisfies your criteria of “something that can be observed” i.e. by javascript with a fingerprint tracker like creepjs.
Some examples:
-
ad blockers (uBO/uMatrix/etc.)
-
color/theme management (dark reader/dark theme/Stylish/etc.)
-
custom mouse cursor managers
-
page translators
-
addons serving in-browser ads
-
userscript managers (grease/tamper/violentmonkey etc.)
-
privacy blockers (CanvasBlocker/JShelter/etc.)
-
site-specific UI improvements (RES, SponsorBlock, youtube/SNS tweaks)
All of these can be detected and included as yet another bit of data that a unique fingerprint can be built from.