CanvasBlocker #99
Labels
No Label
🔍🤖 Search Engines
approved
dependencies
duplicate
feedback wanted
high priority
I2P
iOS
low priority
OS
Self-contained networks
Social media
stale
streaming
todo
Tor
WIP
wontfix
XMPP
[m]
₿ cryptocurrency
ℹ️ help wanted
↔️ file sharing
⚙️ web extensions
✨ enhancement
❌ software removal
💬 discussion
🤖 Android
🐛 bug
💢 conflicting
📝 correction
🆘 critical
📧 email
🔒 file encryption
📁 file storage
🦊 Firefox
💻 hardware
🌐 hosting
🏠 housekeeping
🔐 password managers
🧰 productivity tools
🔎 research required
🌐 Social News Aggregators
🆕 software suggestion
👥 team chat
🔒 VPN
🌐 website issue
🚫 Windows
👁️ browsers
🖊️ digital notebooks
🗄️ DNS
🗨️ instant messaging (im)
🇦🇶 translations
No Milestone
No Assignees
1 Participants
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: privacyguides/privacytools.io#99
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
CanvasBlocker is a Firefox addon to prevent canvas fingerprinting.
Does anyone have experience with this addon?
CanvasBlocker generates a new random value whenever a particular function is called which is uncommon, but not unique.
Canvas Defender, on the other hand, lets you change the fingerprint whenever you want.
You probably wouldn't notice canvas fingerprinting, so CanvasBlocker might be a better option.
BUT
"Blending in" - not using a canvas blocker is also a solution (depends on the situation, I'd use CanvasBlocker as a protection against mass surveillance and Canvas Defender if someone would be tracking specifically me). I think it's best to let people decide, as in show them both.
TODO: Write something about CanvasBlocker vs Canvas Defender while recommending CanvasBlocker.
Some info collected by CHEF-KOCH.
@Shifterovich
Do those two addons let one allow websites to extract canvas data (which is necessary in some cases)? If not then that's a huge usability issue, and waiting for this to be merged (it's at the review phase now).https://bugzilla.mozilla.org/show_bug.cgi?id=967895 may be a better idea.
I also have a few remarks concerning the implementation of those addons:
This might not be the right approach, for example consider this scenario: I ran a website and I want to track my users using, among other things, canvas fingerprinting. If I go through my logs I can see that there are about 20 people who visit my site using the Tor Browser since the hash of the canvas fingerprint is that of a a blank image. I also have a list of common hashes of canvas fingerprints. Suddenly, I notice something strange, someone visits my site with a hash that didn't match any of the common values. Maybe my list wasn't exhaustive so I can just ignore that. The next day someone visits with a different hash that doesn't match any of my values. The process repeats, but eventually I can easily conclude with a high probability (and since there are a few of users of my site, and an even rarer percentage who may be randomizing their canvas fingeprint) that those different random hashes belong to the same person. Effectively, randomization has turned him into a more distinguishable target, but this could've been a lot harder if I didn't have a list of common canvas fingerprints (which is not the case here as I had logged hashes of canvas fingerprints of my previous users).
Furthermore, concerning randomizing values the Tor Browser Design document has some nice things to say against it,
Canvas Defender only changes your fingerprint when you tell it to, CanvasBlocker changes it on every canvas use iirc.
I don't see your point, since the next time they visit your site they're going to have the same hash.
In my paragraph I assumed that they changed their hash each time, but my argument holds as well if their hash is uniquely generated, in which case I can easily see that it doesn't match any of the known values.
The point of canvas fingerprinting is that it's a unique fingerprint thus not a known value afaik.
@Shifterovich But since it persists and doesn't match any of the known values then it makes it an even easier vector for tracking.
@Shifterovich
I'm using its block mode, see comment
Firefox has this functionality built in for a while now. Is this still relevant?
If you set RFP to true, you're defeating canvas tracking,
while with Canvas Blocker you get more options.
Added CanvasBlocker here:
https://www.privacytools.io/browsers/#fingerprint