

Is Facebook Fingerprinting Which Chrome Extensions you have installed? - jdavid
http://jdavid.net/2012/09/05/is-facebook-fingerprinting-chrome-extensions/

======
hammem
Hi,

I'm an engineer on Facebook's product security team, fighting malware trying
to infect Facebook users or abuse our products. I'm one of the folks that's
been battling the recent rise in malicious browser extensions and I'm happy to
talk about our fight against them. Many extensions provide users with a way to
augment their web experience. However, there are some built solely to steal a
person's personal information, spam, or inject ads to the webpages they visit.

As part of our response to this threat, we built a Javascript library that
tries to load the manifest file from extensions we've seen exhibit malicious
behavior. Based on the results of those attempts, we can provide the user with
the means to remove the threat, including free anti-virus software to clean
the infection.

We built this feature to fight the recent spate of malicious browser
extensions focused on Facebook. We take the trust Facebook users put in our
product seriously and are always innovating new products and features to
protect their information.

~~~
jdavid
Thank you for the sincere reply. I would love to learn more of your efforts. I
am a chrome extension developer and I have several extensions that I work on.
I would like to know under what terms Facebook would add an app to such a list
and what it sees as acceptable use.

------
evanm
Fucked. Confirmed with an instance of Chrome with no extensions enabled.

