> "I know not all tracking is based on JS, but the browser provides so many heuristics this way: screen size, cursor location, installed plugins."
Installed plugins? Why would javascript need to know my installed plugins? I'd like my browser to more actively restrict what javascript has access to. I get a popup when it wants access to my location (which I generally deny). Why not do the same with these other features?
"This site wants to view your installed plugins. Allow/deny?" "This site wants to set a non-login cookie" Deny, deny, deny.
I don't think they can see the plugins themselves but any code that the plugins run in the document context will throw exceptions that can be caught by any fingerprinting code. I see a variety of uncaught exceptions with obvious plugin names on my Sentry feeds.
Installed plugins? Why would javascript need to know my installed plugins? I'd like my browser to more actively restrict what javascript has access to. I get a popup when it wants access to my location (which I generally deny). Why not do the same with these other features?
"This site wants to view your installed plugins. Allow/deny?" "This site wants to set a non-login cookie" Deny, deny, deny.