Overview
Explore the intricacies of browser-extension fingerprinting in this 29-minute OWASP Foundation talk by Nick Nikiforakis. Delve into various techniques used for fingerprinting browser extensions, including web-accessible resources, DOM modifications, and stylesheet hijacking. Understand how the discovery of a user's installed extensions can reveal sensitive socioeconomic information and create unique fingerprints. Learn about the implications of extension fingerprinting on user privacy, anonymization efforts, and potential side effects. Examine real-world examples, experimental results, and the different types of fingerprinting methods employed. Discover the measures modern browsers are implementing to protect users against this form of tracking. Gain insights into the broader landscape of browser fingerprinting and its impact on online privacy.
Syllabus
Introduction
Browser Extensions
Browser Fingerprinting
App Blocking
Implications
Anonymization
Fingerprinting
Attack
Side Effects
Lastpass
Experiment Results
Unique Changes
Fingerprinting Types
The Middle Way
Example Extension
Injected CSS
Results
Defenses
Conclusion
Taught by
OWASP Foundation