Privacy Badger allows tracking via indexedDB

[cowlicks]

indexedDB is a known tracking vector that is used by evercookie.

From my comment here.

indexedDB is a potential vector for tracking. For example if a 3rd party iframe is loaded on a site, that 3rd party can write some unique value to indexedDB. The next time that 3rd party origin is loaded it can check the indexedDB for the value, and use it to uniquely identify the client.

This situation necessitates a way for clients to inspect indexedDB on some origin for its database names so that privacy compromising information can be deleted.

The api for enumerating database names has been removed. This means clients have no way of inspecting indexedDB on an origin without catching the origin accessing it. This can be done with a content script.

[ghostwords]

Potential use of indexedDB in the wild here: #1554 (comment)

[jawz101]

I don't know if this is relevant but sometimes I play with this FFox add-on Privacy Settings and one thing - maybe the only thing- I've noticed is the LastPass add-on won't save autologin credentials with dom.indexedDB.enabled set to false.

[ghostwords]

Opened a crbug re inability to inspect IndexedDB contents in Chrome settings/dev tools: https://bugs.chromium.org/p/chromium/issues/detail?id=930773

[ghostwords]

This is also an omission for yellowlisted domains. From https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Privacy/Storage_access_policy#What_does_the_storage_access_policy_block:

IndexedDB: read and write attempts throw a SecurityError exception.