The first method is also working with Firefox and Adblock Plus.
I remember once Adblock became popular, there were few sites blocking users with Adblock, they calculated some elements height and if the Adblock blocked the ads in that element, the height didn't match. So they disabled the whole page and asked users to turn off Adblock or white-list them.
You are incorrect. It does not bypass adblock on firefox. Yes, the ad shows, but that's because it does not trigger any of firefox's blocking rules (assuming Fanboy's list. I didn't check the others). He triggers chrome's by the element of name="google_ads_try". Firefox does not block elements of that name. Firefox's much more powerful plugin architecture allows Adblock Plus on firefox to actually prevent ads from loading; it doesn't insert css to hide them. As such, javascript to try and prevent css injection does absolutely nothing against adblock plus.
As a proof of concept, visit this site (it's his modified to hit adblock plus's Fanboy's List by adding ?bannerid=100 to the end) http://pastehtml.com/view/bstgyxtln.html . Turn on and off adblock and notice how, even though I left his anti-adblocking code in, it's helpless to stop firefox actually blocking it.
Does anyone know why it fails here then? It looks like there might be some other issues with the dev version, so maybe the new method of blocking just hasn't moved into the full version of ABP for Chrome yet?
Should work fine, and even a small number of extension checks is useful for browser fingerprinting. There's no need to write cookies to track you if you're the only one running your particular configuration.
> There's no need to write cookies to track you if you're the only one running your particular configuration.
Doesn't this methodology fall over the next (and subsequent) time your addins are updated? I average eight addins in Firefox, and most of them are updated at least once a month, so I'd think my "fingerprint" would change every other week.
Since your fingerprint is going to be primarily based off your user agent, if I was running this in the wild I'd only check for presence of a handful of extensions and I'd ignore their version entirely. I'd just be looking for a couple bits more information to add to standard browser fingerprinting techniques.
For most advertising purposes, you don't need to track a user for that long anyway. Conversion tracking, view-through attribution, frequency capping, retargeting, interest-based behavioral targeting... sure, businesses would ideally prefer that the unique identifier last for thirty days, but 'every other week' would capture the bulk of the benefit.
A truly shady business could rely primarily on cookies, local storage, etc. but use browser fingerprinting only to repopulate user IDs after data deletion. Incorporating extensions into the fingerprinting could make this technique a lot more effective.
I remember once Adblock became popular, there were few sites blocking users with Adblock, they calculated some elements height and if the Adblock blocked the ads in that element, the height didn't match. So they disabled the whole page and asked users to turn off Adblock or white-list them.