It turns out Google Chrome ships a default, hidden extension that allows code on `*.google.com` access to private APIs, including your current CPU usage
You can test it out by pasting the following into your Chrome DevTools console on any Google page:
chrome.runtime.sendMessage(
"nkeimhogjdpnpccoofpliimaahmaaome",
{ method: "cpu.getInfo" },
(response) => {
console.log(JSON.stringify(response, null, 2));
},
);
More notes here: https://simonwillison.net/2024/Jul/9/hangout_servicesthunkjs/
I appreciate the list. I’m not saying there aren’t valid concerns, just that in my day to day life it’s one of those items where the steps needed to avoid browser fingerprinting is usually more work than the value I personally get from my perspective.
I’ve looked into this, and I’m not clueless. I’ve developed websites, I’ve done a lot of stuff with Selenium / Puppeteer, and have toyed with Firefox browser extensions.
I understand the tools they use and it’s just very tricky to fully eliminate this type of thing. For example they can even use the browser window size. Are you going to randomly change window size to some novel dimension when you open up a tab?
What about the JS engine you use. For example using Firefox already narrows down your anonymity by like 95% or something because only a small amount of users use the browser. Etc etc
It’s hard to do this correctly, and I feel like VPN + private window usually takes care of the price fixing thing on the list, for example. When I’m searching for flights I usually do this.
I also use JS blockers in order to try and mess up the scripts that Facebook & Google have hidden over the internet to track you. But ironically, doing that again reduces your anonymity. They know that if their scripts don’t work on you, you get narrowed down again to a very small % of users.
It only takes a few of those pieces of data to be reasonably sure that it’s you. Browser fingerprinting is tricky to really avoid. It’s not impossible, of course. Just saying to really do it right it might be more effort than it’s worth.
The depth of fingerprinting really bothers me and I have accepted that the best at it will succeed.
It is tempting to find the world’s most popular default configuration and use that :) But that’s prob be something gross like Windows 10 & Chrome! In fact, that’d be second after Android & Chrome. Wonder how detectable VMing/emulating those configurations would be.
Agree with you and appreciate the detailed response!
I worry about price discrimination
I appreciate the list. I’m not saying there aren’t valid concerns, just that in my day to day life it’s one of those items where the steps needed to avoid browser fingerprinting is usually more work than the value I personally get from my perspective.
I’ve looked into this, and I’m not clueless. I’ve developed websites, I’ve done a lot of stuff with Selenium / Puppeteer, and have toyed with Firefox browser extensions.
I understand the tools they use and it’s just very tricky to fully eliminate this type of thing. For example they can even use the browser window size. Are you going to randomly change window size to some novel dimension when you open up a tab?
What about the JS engine you use. For example using Firefox already narrows down your anonymity by like 95% or something because only a small amount of users use the browser. Etc etc
It’s hard to do this correctly, and I feel like VPN + private window usually takes care of the price fixing thing on the list, for example. When I’m searching for flights I usually do this.
I also use JS blockers in order to try and mess up the scripts that Facebook & Google have hidden over the internet to track you. But ironically, doing that again reduces your anonymity. They know that if their scripts don’t work on you, you get narrowed down again to a very small % of users.
It only takes a few of those pieces of data to be reasonably sure that it’s you. Browser fingerprinting is tricky to really avoid. It’s not impossible, of course. Just saying to really do it right it might be more effort than it’s worth.
The depth of fingerprinting really bothers me and I have accepted that the best at it will succeed.
It is tempting to find the world’s most popular default configuration and use that :) But that’s prob be something gross like Windows 10 & Chrome! In fact, that’d be second after Android & Chrome. Wonder how detectable VMing/emulating those configurations would be.
Agree with you and appreciate the detailed response!