1. *Checks for Chrome* -> bails if not Chromium.
2. *Probes for extensions* -> keeps a big hard-coded list of extension IDs + file paths, then does `fetch("chrome-extension://<id>/<file>")`. If it resolves, the extension is installed. It also scrapes the DOM for `chrome-extension://...` URLs.
3. *Fingerprints the device* -> WebGL vendor/renderer, precision ranges, supported extensions, fonts, battery, network info, touch support, screen, storage, locale, even Android/iOS build and hardware details.
4. *Compresses + reports* -> bundles everything into a custom base64 LZ-compressed payload and fires tracking events upstream (`"AedEvent"`, `"SpectroscopyEvent"`, etc.).
This isn't just canvas hashes - it's a full environment + extension enumeration toolkit.
*Why it matters*:
* Lets sites detect ad blockers, password managers, automation tools.
* Increases identifiability way beyond cookies.
* In some jurisdictions, extension probing is a privacy red flag.
Letting arbitrary third-party scripts scrape your browser for a list of installed extensions is a terrible idea. Extensions are deeply personal: they can reveal what tools you use (e.g. LastPass, 1Password, uBlock Origin, privacy extensions, devtools) and by extension (pun intended) a lot about your browsing habits, technical sophistication, even threat model. When a script ships with a giant dictionary of known extension IDs, it's effectively de-anonymizing users at scale. That's not analytics anymore - that's surveillance.
The script was found on linkedin.com (which - caused by a bug? - triggered huge CPU spikes on my machine to the point that the tab froze - which lead to this analysis)