Title. How many extensions would be the average to not be profiled? Obviously not having any or having 23 will make you pretty easy to fingerprint, so how many is the average or safest?
In general, you should use as few as possible.
On FireFox browser, the best privacy extension is uBlock Origin. I wouldn’t use any other extension for ad blocking or privacy unless it is for something specific you need that uBlock Origin cannot do on its own. NoScript is another privacy extension that is sometimes recommended.
There may also be some benefit to using the extension for your password manager, as it may help you identify phishing links and prevent you from filling in your password on fake or scam sites. I strongly recommend Bitwarden as a password manager.
Installing extensions is unlikely to help you defend against fingerprinting. If you are concerned about fingerprinting, then you should enable resist.fingerprint in the about:config on FireFox, or use either Tor or Mullvad Browser (which you should not install any extensions on).
Unless you’re using the TOR Browser or Mullvad Browser, you’re already fingerprintable with a high degree of accuracy for those determined enough. If you’re that worried about fingerprinting, you should probably be using one of those.
There’s no magic number of extensions that would be considered “safest” from a fingerprinting perspective. Any you add will likely adjust your fingerprint in its own way. But as I said, since you’re probably uniquely identifiable anyway you can’t really get “more unique.”
With that said, it’s best to keep your extensions to a minimum for other reasons too. Each extension represents an increased attack surface and you have to trust more developers to not be implementing exploitable code directly into your browser. Generally, I find UBlock Origin to be enough and maybe an extension for your password manager or a few other things. I don’t generally run more than 5.
deleted by creator
deleted by creator
“I use 4 extensions … ublock, etc, etc”
deleted by creator
deleted by creator
can someone explain extension fingerprinting to me? i’ve always heard about it, but to my layman brain it doesn’t make sense that a locally executed modification of css (in the case of dark reader) gives any kind of data to the site host. i guess for ublock it makes more sense since i’m guessing that has to do with blocking specific requests from going out in the first place, or what?
“What is a digital fingerprint? A digital fingerprint is essentially a list of characteristics that are unique to a single user, their browser, and their particular hardware setup. This includes information the browser needs to send to access websites, like the location of the website the user is requesting. But it also includes a host of seemingly insignificant data (like screen resolution and installed fonts) gathered by tracking scripts. Tracking sites can stitch all the small pieces together to form a unique picture, or “fingerprint,” of your device.” - https://coveryourtracks.eff.org/learn
you can also test your browser there to see what information you are exposing
but where do extensions come into the picture? i apologize if i’m missing something obvious here, but the only thing that article says about extensions is that blocking specific trackers counts as fingerprint data. but the VAST majority of my extensions aren’t blocking anything, they just customize the pages
Having more extensions makes your browser fingerprint more unique, making it easier to tell you apart from other users.
i’m comprehending that much, but i don’t understand how extensions “announce” themselves to the websites (except for content blockers). does my browser send a number corresponding to the amount of extensions i have installed? or are they listed out individually by hash or name?
Not necessarily announce their existence. There’s some way for websites to communicate with extension like explained here. IMO, a sufficiently motivated actor can use this to add additional data point for fingerprinting.
Although most of the methods are only applicable if you’re using Chrome or Chromium based browsers and Firefox has disabled the methods commonly used to extract information from the browser.
that is a great relief to hear, thank you :)
deleted by creator
It’s probably an exponential function with a negative curve. I imagine what extensions you are installing might matter more
deleted by creator