❌ Software Removal | Remove CanvasBlocker from Firefox Addon under Browser Fingerprint. #1877

New Issue

2020-05-04T07:50:18Z

cryptocat8 commented

2020-05-04 07:50:18 +00:00

(Migrated from github.com)

Let it be short, I guess Firefox already have Canvas Blocking inbuilt, so why do we need any extension like that?

dngray commented

2020-05-04 11:28:58 +00:00

(Migrated from github.com)

It could be useful for people who want to allow canvases for some sites but not all.

😕 1

ph00lt0 commented

2020-05-04 13:07:56 +00:00

(Migrated from github.com)

i agree with @dngray. Either way I might be good to emphasis that with the right settings this is already been blocked.

cryptocat8 commented

2020-05-04 15:50:16 +00:00

(Migrated from github.com)

I guess, Firefox already give full control that you want to block canvas fingerprinting or not.

ThracianKnight1907 commented

2020-05-04 17:07:38 +00:00

(Migrated from github.com)

CanvasBlocker can do much more than just block canvas fingerprinting, like, for example, spoofing that info. It also supports more APIs than just canvas.

Also, Firefox's fingerprinter protection is a blocklist for tracking domains which are known to use fingerprinting (i think). This is different than CanvasBlocker's approach

CanvasBlocker can do much more than just block canvas fingerprinting, like, for example, spoofing that info. It also supports more APIs than just canvas. Also, Firefox's fingerprinter protection is a blocklist for tracking domains which are known to use fingerprinting (i think). This is different than CanvasBlocker's approach

Thorin-Oakenpants commented

2020-05-05 01:02:51 +00:00

(Migrated from github.com)

Firefox's fingerprinter protection is a blocklist for tracking domains which are known to use fingerprinting (i think)

Just FYI: ETP's "fingerprinters" is a curated list from OpenWMP crawls and some other sources/partners. OpenWMP crawls only gets 3rd party scripts, and the crawls (last time I checked) only checked the landing page (Alexa top 1M or something: but they can change the number). And the detection is somewhat limited. That said, the list is growing and nailing the most common 5-10% of FP scripts probably accounts for 80% of the damage in the wild :)

as @ThracianKnight1907 points out... CanvasBlocker does MOAR stuff

technically, it has solutions that others don't, and @kkapsner is very thorough and knowledgeable, including not leaking the application of the spoof, and covering all the API methods and all sources (all types of workers including from blobs and nested, iframes including nested, etc). Note: sometimes it depends on the web ext apis

screen: I like this one (because I thought it up), and that is to spoof the screen on a sliding scale of the most common resolutions: depending on your inner window. I think it has five or six "buckets". Most scripts only grab screen, and this way it really lowers your entropy, plus it creates instability in the FP (if you maximize for some sites, drag bigger for others: although most users wouldn't change window sizes much). And it works on top of RFP (AFAIK)
canvas: as mentioned, if you fake in CB, but then allow RFP canvas as a site exception, you still won't be FPed
textMetrics - width has been around for ages, but now we have another 11? methods coming. These are all covered
domrect
audio
history api
window api

None of these (except canvas, edit: and screen) is covered by RFP. audio has some RFP but not in the areas CB is spoofing. If anything, this is about the only anti-FPing extension you should be promoting - probably under an "advanced" section: because it can break sites (but you can whitelist per site, per api) - edit: e.g. I would pair it with uMatrix

> Firefox's fingerprinter protection is a blocklist for tracking domains which are known to use fingerprinting (i think) Just FYI: ETP's "fingerprinters" is a curated list from OpenWMP crawls and some other sources/partners. OpenWMP crawls only gets 3rd party scripts, and the crawls (last time I checked) only checked the landing page (Alexa top 1M or something: but they can change the number). And the detection is somewhat limited. That said, the list is growing and nailing the most common 5-10% of FP scripts probably accounts for 80% of the damage in the wild :) --- as @ThracianKnight1907 points out... CanvasBlocker does MOAR stuff technically, it has solutions that others don't, and @kkapsner is very thorough and knowledgeable, including not leaking the application of the spoof, and covering all the API methods and all sources (all types of workers including from blobs and nested, iframes including nested, etc). Note: sometimes it depends on the web ext apis - screen: I like this one (because I thought it up), and that is to spoof the screen on a sliding scale of the most common resolutions: depending on your inner window. I think it has five or six "buckets". Most scripts only grab screen, and this way it really lowers your entropy, plus it creates instability in the FP (if you maximize for some sites, drag bigger for others: although most users wouldn't change window sizes much). And it works on top of RFP (AFAIK) - canvas: as mentioned, if you fake in CB, but then allow RFP canvas as a site exception, you still won't be FPed - textMetrics - `width` has been around for ages, but now we have another 11? methods coming. These are all covered - domrect - audio - history api - window api None of these (except canvas, edit: and screen) is covered by RFP. audio has some RFP but not in the areas CB is spoofing. If anything, this is about the **only** anti-FPing extension you should be promoting - probably under an "advanced" section: because it can break sites (but you can whitelist per site, per api) - edit: e.g. I would pair it with uMatrix

This repo is archived. You cannot comment on issues.