- gokayburuc@lemmy.worldEnglish8 days
And I especially hate Persona. LinkedIn fell out of my favor ever since it started creating shadow profiles with user IDs and information. Persona stores almost all user data within its own infrastructure.
- Eggymatrix@sh.itjust.worksEnglish11 days
All very “secret” and “hidden” in cleartext javascript. These titles need to chill.
- FooBarrington@lemmy.worldEnglish10 days
Ah yes, who doesn’t read through the minified bundles of every page they open. I fucking love reading through megabytes of uglified code!
- Eggymatrix@sh.itjust.worksEnglish10 days
And your point is what exactly? Nobody does, but it still is not a secret. My point is that any assumption that your extensions are not detected is a delusion, if one wants to put in the effort it is not overly complicated to understand what minified js is doing and one can expect any major social media to do such things.
- FooBarrington@lemmy.worldEnglish9 days
It is absolutely a secret! Based on the discussions I’ve seen, many people in the field were quite surprised that this technique works. So just like Meta’s recent-ish WebRTC scandal, this was a secret, even if the code always showed what it does.
My point is that any assumption that your extensions are not detected is a delusion
It is? How are these websites detecting my Firefox extensions?
- Eggymatrix@sh.itjust.worksEnglish9 days
By doing things the extensions are interacting with. You can see if an ad is served and displayed or not, you can detect if an iteraction was originated by an user or automatic, you can see if letters were pasted or input at a speed no human can match.
- FooBarrington@lemmy.worldEnglish8 days
You can see if an ad is served and displayed or not
This doesn’t tell you which specific extensions a user has installed. First, the filter lists are mostly shared between ad blockers, so you can at best tell that some adblock extension is installed, but not which one. Second, the ad might fail to load for a variety of other reasons (e.g. user is offline, firewall blocking URLs/endpoints, network-level DNS adblock, …), so all you can tell is that the user might have an adblock extension installed. That’s far milder than your initial premise: “My point is that any assumption that your extensions are not detected is a delusion[…]”
you can detect if an iteraction was originated by an user or automatic
Sure, and how does this help with detecting the installed extensions? Knowing that the click event wasn’t triggered by the user doesn’t tell you who triggered it.
you can see if letters were pasted or input at a speed no human can match
Again, how does this help with detecting the installed extensions?
- Eggymatrix@sh.itjust.worksEnglish7 days
I mean, I was listing stuff one person can do on their site to detect if visitors have a type of extension or not. If I can do that with a couple hours of work I am not surprised at all whith what a major social network like linkedin can implement. I don’t know what linkedin does and I don’t plan to read their code, I did not even read the article tbh
- FooBarrington@lemmy.worldEnglish7 days
Well, that’s a pretty useless approach for tech discussions, because this kind of attack is explicitly not possible on Firefox.
Also, extrapolating such a broad statement from the simple fact that it’s possible to unreliably detect the presence of a single broad category of extensions is a huge reach.