📝 Correction | CanvasBlocker blocked by privacy.resistFingerprinting = true #1905
Labels
No Label
🔍🤖 Search Engines
approved
dependencies
duplicate
feedback wanted
high priority
I2P
iOS
low priority
OS
Self-contained networks
Social media
stale
streaming
todo
Tor
WIP
wontfix
XMPP
[m]
₿ cryptocurrency
ℹ️ help wanted
↔️ file sharing
⚙️ web extensions
✨ enhancement
❌ software removal
💬 discussion
🤖 Android
🐛 bug
💢 conflicting
📝 correction
🆘 critical
📧 email
🔒 file encryption
📁 file storage
🦊 Firefox
💻 hardware
🌐 hosting
🏠 housekeeping
🔐 password managers
🧰 productivity tools
🔎 research required
🌐 Social News Aggregators
🆕 software suggestion
👥 team chat
🔒 VPN
🌐 website issue
🚫 Windows
👁️ browsers
🖊️ digital notebooks
🗄️ DNS
🗨️ instant messaging (im)
🇦🇶 translations
No Milestone
No Assignees
1 Participants
No due date set.
Dependencies
No dependencies set.
Reference: privacyguides/privacytools.io#1905
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Description
Hi ! I've followed all your firefox tweaks, and I have also added CanvasBlocker extension. But while testing my canvas fingerprinting I realized that I had a unique and not changing fingerprint, while CanvasBlocker is supposed to change it every time I reload the page.
I solved the issue by setting
privacy.resistFingerprinting = false. I imagine that this configuration was blocking CanvasBlocker.You could add this as a warning in your firefox tweak about resistFingerprinting
Thanks for your work anyway !
The canvas hash is not unique, it is the one RFP reports, so all RFP users look the same - that's by design.
See the first post at https://github.com/ghacksuserjs/ghacks-user.js/issues/350 and scroll down to the Canvas section - if you need to allow canvas on a site (such as whats app to allow the QR codes, or to upload images) by clicking the canvas icon in the urlbar and setting a site permission, then CB kicks in and fakes a random one. And if a site needs the real canvas, then you can set it as a whitelisted item in CB
However, how RFP handles canvas is going to change to randomized AFAIK
Hi,
I think I did not really understand your answer, but what I meant is that BrowserLeaks always showed me the same fingerprint, when
privacy.resistFingerprinting = trueand CanvasBlocker enabled.So I set it to false, kept CanvasBlocker, and now my fingerprint changes everytime I reload the page, which is what I want
@PEPERSO the idea of
privacy.resistFingerprinting = trueis that everyone gets exactly the same fingerprint. This makes it impossible to track unique users this way because everyone using Firefox with this will return the same value.Alright thanks for the explanation !
I do my own builds of Waterfox, and would submit this upstream to Mozilla but doubt they'd accept it:
https://github.com/MrAlex94/Waterfox/pull/1559
To allow the use of RFP with canvas extensions.
@Thorin-Oakenpants or whoever it was that locked me out of https://github.com/ghacksuserjs/ghacks-user.js/issues/350 - instead of being a feckless and ineffective arse, why not explain from your point of view, what I am incorrect about and provide some kind of resource to improve?
With RFP and no canvasblocker, Panopticlick sees me as unique. With a randomized canvas, my patch, and RFP, it says I am marginally blending in. Is Panopticlick wrong?
Yes
Looking at a lot of your posts the amount of flaming you do is a bigger waste of time than talking facts and working through philosophical and factual problems.
Your argument about entropy assumes that the addon's number of users is the deciding factor when the real entropy comes from the per-domain faked canvas fingerprint. While RFP and faked canvases can be detected and group you into a smaller subset of people with otherwise normal looking browser fingerprints, this doesn't matter if you're visiting from a standard, non VPN IP address or are logged into a given website or two. If you're on a VPN, it makes more sense to roll without any addons or changed settings whatsoever, except for maybe an ad blocker.
The end goal is also a factor - in my case, using a random canvas assists in adding nonexistent users to my mobile and residential IP addresses, where my family is not enough to generate true entropy to try and at the least obfuscate our habits and interests to avoid targeted ads.
For actual stealth, it would be better to use a stock Chrome over a VPN from Ubuntu with a common screen resolution, if one really needed it, because that would make you blend in with every other nobody.
As an aside, If I recall, Firefox will default RFP to on in the near future anyway, so soon everyone's going to start to look the same, except for canvas perhaps, anyway.
I'd suggest adding a warning before enabling these features they made my firefox performance feel very laggish and for some reason it never opened in full window mode always half. Plus I had some issues on website like twitch.tv where it only showed half of the player buttons. After spending much time figuring out is this extension issue or what I managed to narrow it down to these two settings which caused all the problems for me. After putting these back to false the browser started to feel much more smoother while browsing websites etc.
I've personnaly found that
privacy.firstparty.isolatebreak the theme of FF, whether custom or the default (one from the OS), it gets back to the light theme when this feature is turned on. I've also found thatprivacy.resistFingerprintingis breaking the language, and forces FF into English language, which some users don't want.@francoisao
privacy.firstparty.isolatehas nothing to do with Firefox's themeprivacy.resistFingerprintingdoes not FORCE en-US as the preferred web content language. IF you are using a non English, then it ASKS you if you would like to always use en-US, and you have to accept or decline