HTML5 Canvas Fingerprinting

Discussion in 'privacy general' started by Sampei Nihira, May 30, 2016.

  1. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,210
    Location:
    Among the gum trees
    Anyone else seeing CanvasBlocker being reset on its own? Not sure if it's something I'm doing, a conflict with another extension, or a bug with CanvasBlocker.
     
  2. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,210
    Location:
    Among the gum trees
    A quick test shows CanvasBlocker is reset each time I close Firefox. Does CanvasBlocker save its settings in a cookie??
     
  3. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    6,065
    Location:
    DC Metro Area
    Canvas Blocker does NOT reset for me in FF.

    I mostly use private browsing and clean cookies frequently so I don't think it's a cookie issue.
     
  4. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,210
    Location:
    Among the gum trees
    Thanks hawki. It must be a conflict with another extension then as it happens on both my Win10 1809 machines + my Linux Mint machine.
     
  5. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,210
    Location:
    Among the gum trees
    OK, something very weird. I haven't made any changes on any machines but for some reason CanvasBlocker isn't being reset after closing Firefox now.
     
  6. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    I had similar problem with uBlock Origin after FF fixed a problem with expired certificate and disabled addons. uBo would reset do defaults every time I reopened FF. If I disabled and reenabled uBo things got to normal. Until I restarted FF again. I "solved" the problem with refreshing FF and reinstalling uBo.
     
  7. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,210
    Location:
    Among the gum trees
    Thanks Minimalist. I'll monitor.

    It seems to me that ScriptSafe doesn't do much for Canvas Fingerprint protection in the latest Chrome - Version 74.0.3729.157 (Official Build) (64-bit). Canvas Defender doesn't seem to work now either.

    Any suggestions?
     
  8. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,210
    Location:
    Among the gum trees
    Last edited: May 17, 2019
  9. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,343
    Location:
    Italy
  10. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,210
    Location:
    Among the gum trees
    I'm not seeing that problem with the version of Trace I have installed in Chrome. Maybe worth another look on your machine.
    The Canvas Fingerprint test at BrowserLeaks. The fingerprint was the same whether ScriptSafe was enabled or not. I never checked the other tests, but with Trace all tests pass.

    Edit: Yes, I had Fingerprint protection among others enabled. Also, Canvas Defender wasn't working either.
     
    Last edited: May 17, 2019
  11. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    2,199
    Good! I had no problem with it.

    Not related but worth mentioning if you're also using uBO and/or uMatrix: Note the hints regarding CSP in the gHacksuser.js wiki and the discussion here. It's preferable to block fonts in uBO with a static filter (which does not use CSP).
     
  12. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,343
    Location:
    Italy
    With Chrome every now and then something doesn't work anymore.
    Now for example I have some problems with:

    --disable-webgl

    so I reinserted the corresponding protection in ScriptSafe.
    ScriptSafe's ClientRects Fingerprint Protection also doesn't work well.
    I don't want to use Trace.
    Thanks anyway.
     
  13. Azure Phoenix

    Azure Phoenix Registered Member

    Joined:
    Nov 22, 2014
    Posts:
    1,556
    If you don't want to use Trace perhaps you can use an alternative chromium-browser like Brave
    https://github.com/brave/browser-laptop/wiki/Fingerprinting-Protection-Mode
     
  14. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,343
    Location:
    Italy
    I personally don't use Chrome.
    But I have to know how to use and configure it.;)
     
  15. guest

    guest Guest

    CanvasBlocker v0.5.9 Released (May 26, 2019)
    https://addons.mozilla.org/firefox/addon/canvasblocker/
    changes:
    - code cleanup
    - made history length threshold url specific
    - made navigator protection url specific
    - uniform themes
    - simplified the "display hidden settings" UI
    new features:
    - added protection for navigator properties
    - added support to import older storage versions
    - protection for data URLs can now be url specific
    - changed input of lists to textarea
    - added option to protect no part of the canvas API
    - apply themes to all extension pages (options, page action, browser action, setting sanitation, setting inspection, navigator settings)
    - theme for automatic detection of dark mode (only works with Firefox >= 67)
    - within the page action the used API can be whitelisted alone
    - added overview page for whitelist
    fixes:
    - search could show hidden settings
    - faking audio did not work with white random generator
    - enabled copying from settings description when they are "hidden"
    - fixed description for "show notifications"
    - improved DOMRect performance
    - improved general performance when stack list is disabled
    - preventing double interception (increased performance and reduced detectability)
    - detection over navigator and DOMRect getters was possible
    - audio cache could break readout
    - improved iFrame protection
    - SOP detection did not work all the time
    known issues:
    - if a data URL is blocked the page action button does not appear
     
  16. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,210
    Location:
    Among the gum trees
    CanvasBlocker v5.9.1 Released
    Version 0.5.9.1
    Released 29 May 2019 - 262.43 kB
    Works with firefox 56.0 and later, android 57.0 and later
    changes:

    - code cleanup
    - made history length threshold url specific
    - made navigator protection url specific
    - uniform themes
    - simplified the "display hidden settings" UI

    new features:

    - added protection for navigator properties
    - added support to import older storage versions
    - protection for data URLs can now be url specific
    - changed input of lists to textarea
    - added option to protect no part of the canvas API
    - apply themes to all extension pages (options, page action, browser action, setting sanitation, setting inspection, navigator settings)
    - theme for automatic detection of dark mode (only works with Firefox >= 67)
    - within the page action the used API can be whitelisted alone
    - added overview page for whitelist

    fixes:

    - search could show hidden settings
    - faking audio did not work with white random generator
    - enabled copying from settings description when they are "hidden"
    - fixed description for "show notifications"
    - improved DOMRect performance
    - improved general performance when stack list is disabled
    - preventing double interception (increased performance and reduced detectability)
    - detection over navigator and DOMRect getters was possible
    - audio cache could break readout
    - improved iFrame protection
    - SOP detection did not work all the time

    known issues:

    - if a data URL is blocked the page action button does not appear
     
  17. guest

    guest Guest

    CanvasBlocker v0.5.10 Released (May 31, 2019)
    https://addons.mozilla.org/firefox/addon/canvasblocker/
    changes:
    - min version is now 57 to remove the amount of warnings on submission
    new features:
    - added date and time to the settings export file
    - persistent rng is no longer shared between containers (different cookieStoreId)
    fixes:
    - setter for innerHTML broke pages
    - protection for document.write and document.writeln broke in Firefox 69
    - not connected iFrame threw error with persistent rng
    - detection over document.write and document.writeln was possible
    - google docs were broken in Waterfox
    - MutationObserver failed in some instances
    - server-site navigator protection did not respect whitelisting
    - confirm messages were broken in Firefox 67
    known issues:
    - if a data URL is blocked the page action button does not appear
     
  18. guest

    guest Guest

    CanvasBlocker v0.5.11 Released (June 23, 2019)
    https://addons.mozilla.org/firefox/addon/canvasblocker/
    new features:
    - added auto update for beta versions
    - options: made sections collapsible
    - clear persistent rng data if a container is deleted
    - added tool to clear persistent rng for a specific container
    fixes:
    - improved protection of (i)frame properties
    - document.write and document.writeln protection broke pages
    - race condition causes persistent rnd separation between containers to leak
    known issues:
    - if a data URL is blocked the page action button does not appear
     
  19. guest

    guest Guest

    CanvasBlocker v0.5.12 Released (July 6, 2019)
    https://addons.mozilla.org/firefox/addon/canvasblocker/
    changes:
    - rearranged some settings
    new features:
    - enabled whitelisting of local files
    - added tabs in options page
    fixes:
    - detect when browser.contextualIdentities.onRemoved is not supported
    known issues:
    - if a data URL is blocked the page action button does not appear
     
  20. guest

    guest Guest

  21. guest

    guest Guest

    CanvasBlocker v0.5.14 Released (September 24, 2019)
    https://addons.mozilla.org/firefox/addon/canvasblocker/
     
  22. guest

    guest Guest

    Emoji rendering differences enough to identify devices and browsers
    December 18, 2019
    https://portswigger.net/daily-swig/...ences-enough-to-identify-devices-and-browsers
     
  23. guest

    guest Guest

    CanvasBlocker v1.0 Released (January 18, 2020)
    https://addons.mozilla.org/firefox/addon/canvasblocker/
    changes:
    - improved storage of protected API features
    - code cleanup
    - added mail.google.com to the convenience preset
    - added reCAPTCHA preset
    - the reCAPTCHA whitelisting entry is changed to "allow window.name in frames"

    new features:
    - added screen protection
    - added default values for mobile

    fixes:
    - background color of the textarea in the settings export was not readable in the dark theme when the value was invalid
    - settings sanitation: added missing APIs
    - navigator.oscpu and navigator.buildID are undefined in non Gecko browsers
    - resetting the settings had undesired side effects
    - added window.open protection
    - cross origin DOM manipulations
    - window.name protection was detectable
    - importing settings file with an older storage version did not work properly
    - fields hosted on braintree not working when window API was protected

    known issues:
    - if a data URL is blocked the page action button does not appear
     
  24. guest

    guest Guest

    CanvasBlocker v1.1 Released (January 28, 2020)
    https://addons.mozilla.org/firefox/addon/canvasblocker/
    new features:
    - added notice for privacy.resistFingerprinting
    - added container specific navigator settings

    fixes:
    - error when exporting function with name "top"
    - tabs opened with window.open broke when the parent tab was reloaded/closed
    - importing settings file with an very old storage version did not work at all

    known issues:
    - if a data URL is blocked the page action button does not appear
     
  25. guest

    guest Guest

    CanvasBlocker v1.2 Released (March 17, 2020)
    https://addons.mozilla.org/firefox/addon/canvasblocker/
    changes:
    - removed unnecessary activeTab permission
    - always open options page in new tab

    new features:
    - added warning if some features of a API are disabled
    - added TextMetrics protection

    known issues:
    - if a data URL is blocked the page action button does not appear
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.