I was recently debugging some JavaScript on a website and noticed that every tab in my browser had Dark Reader keys in sessionStorage, specifically a __darkreader__wasEnabledForHost boolean. A code search seems to indicate that Dark Reader uses session storage for caching.

The main concern here is fingerprintability: if it can be so easily known that you're using Dark Reader, that's an additional factor in your browser's uniqueness. I'm sure there are ways that sites could infer someone is using Dark Reader, but keeping this information in session storage makes it undoubtable.

I'm not very familiar with WebExtensions development, but is there somewhere more private that Dark Reader could use as a cache so that sites can't directly detect that someone is using Dark Reader - for whatever reasons they might do that? I use several other extensions, and I haven't seen keys from any of the others in session storage.

In my original post in Discussions, it was mentioned that #13084 may be a related issue.

Originally posted by @t-m-w in #14399