top | item 46905200

(no title)

cbsks | 24 days ago

Looks like Firefox is immune.

This works by looking for web accessible resources that are provided by the extensions. For Chrome, these are are available in a webpage via the URL chrome-extension://[PACKAGE ID]/[PATH] https://developer.chrome.com/docs/extensions/reference/manif...

On Firefox, web accessible resources are available at "moz-extension://<extension-UUID>/myfile.png" <extension-UUID> is not your extension's ID. This ID is randomly generated for every browser instance. This prevents websites from fingerprinting a browser by examining the extensions it has installed. https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/Web...

discuss

rchaud|24 days ago

And they said that using a browser with sub-5% market share would cause us to miss out on the latest and greatest in web technology!

userbinator|24 days ago

The latest and greatest is not great for you, but for them.

cranberryturkey|23 days ago

The real friction in browser hopping isn't features — it's keeping your workflow portable. Bookmarks especially. Each browser has its own sync silo (Chrome → Google, Firefox → Mozilla, Safari → iCloud).

For multi-browser setups (Firefox for fingerprint resistance, Chrome for the sites that only work there), cross-browser bookmark sync is weirdly undersolved. Xbrowsersync, marksyncr, and a few others exist but most people don't know about them.

dana321|24 days ago

chrome was made by ex-firefox devs, chrome is still not as good!

LAC-Tech|24 days ago

Anecdotally, I sometimes notice my computer fan spinning ferociously... it's almost always because I have left a firefox tab with linkedin open somewhere.

Are they bit coin mining or are they just incompetent?

kijin|24 days ago

Judging from GP's description of how extension IDs work in Firefox, I wouldn't be surprised if LinkedIn were trying to brute-force those UUIDs!

farhanhubble|24 days ago

If the two are indeed "Linked", I see a case for users-first browsers to show system metrics right along the page.

veyh|23 days ago

I've noticed similar issues with the web version of MS Teams.

You can actually see what tabs are hogging CPU by pressing SHIFT-ESC to open the task manager (about:processes) inside Firefox.

techpression|24 days ago

Considering the app was a battery catastrophe I’m confident in the latter, even if your question could be read as rhetorical.

Bluecobra|23 days ago

It’s probably some feature they sell to recruiters to grab your attention. :)

rob74|23 days ago

Maybe it's trying (and failing) to access your browser extensions? In a loop?

xhcuvuvyc|23 days ago

It's ok, they can fingerprint you for using Firefox.

jonners00|23 days ago

Yeah, but they don't know which specific one of Firefox's last dozen users I am.

nilslindemann|23 days ago

Yes, is it now?

    https://fingerprint.com/
    https://coveryourtracks.eff.org/
    https://abrahamjuliot.github.io/creepjs/

I don't have Firefox or another browser installed right now, but the last time I checked, every browser was detected, especially on the first link.

Further, When I used Tor, a few sites, like Google, showed me Captchas for a while afterward, when using my _normal_ browser.

Further I heard that sites like PayPal are giving me black karma when I try to avoid Fingerprinting by using e.g. Tor.

nilslindemann|23 days ago

I actually don't even care too much if they try to detect, that I am the X from last time.

The issue is them selling the data, or using it in unrelated locations, or trying to detect me as a person. And their programmers are not enforced and rewarded when they report such behavior to law agencies / the public. And the law is not punishing it.

awesome_dude|24 days ago

This is probably a naive question, but...

Doesn't the idea of swapping extension specific IDs to your browser specific extension IDs mean that instead of your browser being identifiable, you become identifiable?

I mean, it goes from "Oh they have X, Y , and Z installed" to "Oh, it's jim bob, only he has that unique set of IDs for extensions"

triceratops|24 days ago

It's not a naive question. This comment says it's not possible to do that: https://news.ycombinator.com/item?id=46905213

mrweasel|23 days ago

Why does the browser even allow a website to query for installed extensions? I really don't see what the point of that would be.

The website should never be able to tell what's running in my browser, or on my computer in general. The browser renders the page, maybe runs a little Javascript, but there's no reason why it should be able to query anything about my environment.

I wonder how much stuff would break if the Chrome sandboxing was extended to preventing access to chrome-extension:// from Javascript loaded of random websites.

b112|24 days ago

Maybe, but how long are the extension ids? And if they are random, how long to scan a trillion random alphanumeric ids, to find matches?

I presume the extension knows when it wants to access resources of its own. But random javascript, doesn't.

unknown|24 days ago

[deleted]

calvinmorrison|24 days ago

yes thats how browser fingerprinting works and it is impossible to defeat because there are just too many variations in monitors (relevant for fonts), simple things like user agent, etc.

OJFord|23 days ago

Though LinkedIn in Firefox with uBlock Origin allowing just enough (not sure if that's relevant, just haven't run it without) does not last long without rocketing CPU & memory usage, fan spinning up, etc. (ime, anyway)

Tade0|23 days ago

In my case LinkedIn consistently crashes Firefox the first time I navigate there on a given day. After I restart FF, all is fine.