Closed eGit closed 4 years ago
bsclifton
commented
4 years ago The extension code (ex: content scripts) won't run anymore after uninstalling an extension and the website shouldn't have access to that info.
Can an extension write 3rd party cookies? cc: @pes10k
pes10k
commented
4 years ago @bsclifton yep, there is an extension API for arbitrarily reading / writing cookies. Yuck :(
https://developer.chrome.com/extensions/cookies#method-set
From a quick glance, it doesn't look like this extensions uses that permission (I only glanced though, i didn't look deeply). However, it does request full page access to related domains, and can set cookies on those too.
But, TLDR; if a site stores serverside that you installed an extension in an account managed server side, theres not anything Brave can do (other than try and help you create a new account)
eGit
commented
4 years ago I tried to reproduce the problem extensively again after a reboot and didn't succeed.
Maybe Brave was not shut down properly and I was using the same "browser", so it was able to be fingerprinted? Only explanation I came up with. Sometimes I close a program (Firefox for example) and it still lingers in the background. When I open the program again, it does "show" the same old instance.
bsclifton
commented
4 years ago Interesting - thanks for the info @pes10k and thanks for following up @eGit. I'll close the issue for now
Description
I use Brave-Nightly with very strict Anti-Fingerprinting settings (also everything is deleted after a restart), user-agent randomizer, etc.
Usually this is enough that even aggressive "Fingerprinters" like Aliexpress cannot identify me, so I can use all 3 family accounts from the same PC without typing in verification codes during login.
After I shortly installed Aliexpress Assistant: https://chrome.google.com/webstore/detail/aliexpress-assistant/ekbekfadnaopebomafcngjagkkdfgaaa/related
it seems Aliexpress can identify me. I immediately uninstalled the extension but to now avail. New IP address and with full fingerprinting magic, Aliexpress still sends me through verification hell every time I want to login with a different account.
My question is, can Fingerprinting happen once you installed an extension and even after you removed it? Did Aliexpress find a way to permanently "flag" my PC because I once installed their extension?