You are incorrect. It does not bypass adblock on firefox. Yes, the ad shows, but that's because it does not trigger any of firefox's blocking rules (assuming Fanboy's list. I didn't check the others). He triggers chrome's by the element of name="google_ads_try". Firefox does not block elements of that name. Firefox's much more powerful plugin architecture allows Adblock Plus on firefox to actually prevent ads from loading; it doesn't insert css to hide them. As such, javascript to try and prevent css injection does absolutely nothing against adblock plus.

As a proof of concept, visit this site (it's his modified to hit adblock plus's Fanboy's List by adding ?bannerid=100 to the end) http://pastehtml.com/view/bstgyxtln.html . Turn on and off adblock and notice how, even though I left his anti-adblocking code in, it's helpless to stop firefox actually blocking it.

As Sephr notes above, I believe AdBlock Plus fully blocks resource loading in Chrome with the WebRequest API.

http://code.google.com/chrome/extensions/trunk/webRequest.ht...

Does anyone know why it fails here then? It looks like there might be some other issues with the dev version, so maybe the new method of blocking just hasn't moved into the full version of ABP for Chrome yet?

You're right, I was too lazy to even open the firebug, I just saw the element appearing.

I believe that hole was closed quite some time ago, wasn't it? Do you have any specifics on how you could accomplish that today?

Just attempt to load an image from the particular add-on you want to check for.

<img src='chrome://flashblock/skin/flash-on-24.png' onload='usingFlashBlock=true' onerror='usingFlashBlock=false'>

Should work fine, and even a small number of extension checks is useful for browser fingerprinting. There's no need to write cookies to track you if you're the only one running your particular configuration.

> There's no need to write cookies to track you if you're the only one running your particular configuration.

Doesn't this methodology fall over the next (and subsequent) time your addins are updated? I average eight addins in Firefox, and most of them are updated at least once a month, so I'd think my "fingerprint" would change every other week.

Since your fingerprint is going to be primarily based off your user agent, if I was running this in the wild I'd only check for presence of a handful of extensions and I'd ignore their version entirely. I'd just be looking for a couple bits more information to add to standard browser fingerprinting techniques.

For most advertising purposes, you don't need to track a user for that long anyway. Conversion tracking, view-through attribution, frequency capping, retargeting, interest-based behavioral targeting... sure, businesses would ideally prefer that the unique identifier last for thirty days, but 'every other week' would capture the bulk of the benefit.

A truly shady business could rely primarily on cookies, local storage, etc. but use browser fingerprinting only to repopulate user IDs after data deletion. Incorporating extensions into the fingerprinting could make this technique a lot more effective.

I believe this doesn't work for most extensions and only works for those that have explicitly set contentaccessible=true. https://developer.mozilla.org/en/Chrome_Registration#content...

I thought the same, but Panopticlick (panopticlick.eff.org) says otherwise. :-\

(and thanks to dfc for reminding me about Panopticlick)

You can also check the EFF panopticlick webpage.

PS if I add the link can I get down voted more than I did last post for being correct?

Panopticlick will tell you what plug-ins you have. As far as I know, it's not possible to test for what extensions you have.