• ReversalHatchery@beehaw.org
      link
      fedilink
      English
      arrow-up
      0
      ·
      2 months ago

      Websites can look at their own structure, and they can see the changes addons make to them, for example of a CSS property was changed or added.

      Maybe there are ways around that, like with the use of a shadow DOM, but I’m not a web developer

      • derek@infosec.pub
        link
        fedilink
        arrow-up
        0
        ·
        edit-2
        2 months ago

        That’s not true for all sites. If the page is static then it’ll have no clue. If it’s dynamic and running a client-side script to report this info back, and if that information is collected, then I can see how that might be a useful supplement for fingerprinting if the server owner is so inclined. At that point though I’m wondering why a security-conscious user is raw dogging the internet and allowing scripts to run in their browser without consent (NoScript saves browsers).

        Even then it’s unclear when/how altering the page to render it differently is commonly communicated back to the server, how much identifying information that talk-back is capable of conveying, and how we might mitigate those collections (wholesale abstinence and/or script control aside). What are the specific mechanisms of action we’re concerned about? This isn’t a faux challenge for the sake of hollow rhetoric. I’m ignorant, find the dialogue interesting, and am asking for help being less dumb. :)

        I found some brief and useful discussion in this Privacy Guides thread. Seems like the concern is valid but minimal for all but the most strict/defensive postures.

        Trying to validate this myself for Dark Reader without breaking out Wireshark and monitoring some big tech site while I toggle color modes (which I might do later if I think of it and find the time) I see Dark Reader is open source, an Open Collective member, and seems to engender little hand-wringing. The only public gripe I can find is this misguided Orion Browser feedback thread.

        Thanks for the interesting diversion!