Browser Extension and Login-Leak Experiment

When you browse the web, small beacons (trackers) are spying on your online activities. Even though such trackers are invisible, they collect information about you such as which pages you visit, which buttons clicked, and what text you typed. This information is often used to show you targeted advertisements and may require you to pay a higher price during online shopping depending on the collected information.

Did you know websites can track you by your browser extensions and web logins?

Recent studies show that you can be tracked based on your web browser properties. In this experiment, we demonstrate that you can also be tracked by

  • your browser extensions (such as AdBlock, Pinterest, or Ghostery), and
  • the websites you have logged in (such as Facebook, Gmail, or Twitter).

You can learn more here about how these detection techniques work.

In the experiment, we will collect your browser fingerprint, together with the browser extensions installed and a list of websites you have logged in. We only collect anonymous data during the experiment (see our Privacy Policy), we will securely store the data on an Inria server, use it only for research purpose and not share it with anyone outside of Inria. You can also read the frequently asked questions here.

Test which websites I am logged into. Your browser will silently visit these sites.

NEW What is your relation to computers? (we would like to see whether our dataset is biased)

  I agree, test my browser!

Spread the word! Share this experiment with your friends!

The browser extension signature database was last updated on N/A, and the web login check was last maintained on N/A.

  News & Updates

Acknowledgements

We are grateful for the authors of the following publication, who shared their code and signature database for Chrome browser extension detection:

Alexander Sjösten, Steven Van Acker, Andrei Sabelfeld: Discovering Browser Extensions via Web Accessible Resources. ACM Conference on Data and Applications Security and Privacy (CODASPY), March 2017. [PDF]

We are also grateful for Robin Linus, for allowing us to build on his script on social media presence detection.

We acknowledge the use of fingerprintjs2 and Robohash (Robohash PHP). We used some icons from www.flaticon.com, which were made by Freepik and Iconnice, licensed by CC 3.0 BY.

About

This project is a collaboration between the INDES and Privatics teams at Inria. The following people are working on this project: Gábor György Gulyás, Dolière Francis Somé, Nataliia Bielova, Claude Castelluccia.

Contact us at extensions AT inria.fr.

Unsupported browser detected! ×

We've detected that your browser is currently unsupported for our experiment. Our experiment supports the desktop versions of Chrome, Firefox, Opera and Safari browsers.

Unsupported browser detected! ×

We've detected that you are using a mobile browser! These browser are currently unsupported for our experiment, please come back and try with the desktop versions of Chrome, Firefox, Opera and Safari browsers.

Browser Extension and Login-Leak Experiment – © 2018 all rights reserved – Website designed by Gábor Gulyás