I'm going to look more into this, but I don't believe them yet. It should not be possible for some random website you visit to interrogate your computer like this, so their claim that it is happening is either bullshit or proof of a far bigger security vulnerability.
It's not as broad as "installed software" just "installed browser extensions" by fingerprinting against a specific database of extensions, which should still be private but at least makes more sense.
That is more credible. A website extracting information about you from the DOM is a known threat: it's why CSS cannot apply all styles to visited links and why your browser will lie about the styles it can apply, to prevent websites from using JavaScript to determine what webpages you have visited from how the links are displayed. If you're using extensions that modify the DOM, like using an ad blocker to delete ad content, then that ad will still be missing when the website's own JavaScript goes looking for it.
I'm going to look more into this, but I don't believe them yet. It should not be possible for some random website you visit to interrogate your computer like this, so their claim that it is happening is either bullshit or proof of a far bigger security vulnerability.
It's not as broad as "installed software" just "installed browser extensions" by fingerprinting against a specific database of extensions, which should still be private but at least makes more sense.
There's an alleged copy of the LinkedIn fingerprinting script over on github
That is more credible. A website extracting information about you from the DOM is a known threat: it's why CSS cannot apply all styles to visited links and why your browser will lie about the styles it can apply, to prevent websites from using JavaScript to determine what webpages you have visited from how the links are displayed. If you're using extensions that modify the DOM, like using an ad blocker to delete ad content, then that ad will still be missing when the website's own JavaScript goes looking for it.