Hacker News new | past | comments | ask | show | jobs | submit login

Correct me if I’m wrong, but is it not still as simple as knowing the “chrome-extension://“ unique id of the extension? I’m aware of the cat and mouse aspect of scraping and that was one of the pitfalls I’ve been wary of as a fingerprinting vector.



I'd be surprised if sites had permission to read a chrome-extension:// URL. That'd be a sizable privacy leak.


I'm not sure about the chrome-extension protocol, but this API still seems to be present: https://developer.chrome.com/extensions/runtime#method-sendM...


I just tested in chrome 77, and I could only do `chrome.runtime.sendMessage("clngdbkpkpeebahjckkjfobafhncgmne", {},{},console.log)` from within the Stylus extension page, not from an external page like hacker news.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: