Anyone else seeing CanvasBlocker being reset on its own? Not sure if it's something I'm doing, a conflict with another extension, or a bug with CanvasBlocker.
A quick test shows CanvasBlocker is reset each time I close Firefox. Does CanvasBlocker save its settings in a cookie??
Canvas Blocker does NOT reset for me in FF. I mostly use private browsing and clean cookies frequently so I don't think it's a cookie issue.
Thanks hawki. It must be a conflict with another extension then as it happens on both my Win10 1809 machines + my Linux Mint machine.
OK, something very weird. I haven't made any changes on any machines but for some reason CanvasBlocker isn't being reset after closing Firefox now.
I had similar problem with uBlock Origin after FF fixed a problem with expired certificate and disabled addons. uBo would reset do defaults every time I reopened FF. If I disabled and reenabled uBo things got to normal. Until I restarted FF again. I "solved" the problem with refreshing FF and reinstalling uBo.
Thanks Minimalist. I'll monitor. It seems to me that ScriptSafe doesn't do much for Canvas Fingerprint protection in the latest Chrome - Version 74.0.3729.157 (Official Build) (64-bit). Canvas Defender doesn't seem to work now either. Any suggestions?
Trying Trace in Chrome now. Seems to work fine. I did try this once before but I can't remember why I stopped. At least it has been updated this year. Edit: Dev's website = https://absolutedouble.co.uk/
Check the images: https://www.wilderssecurity.com/threads/html5-canvas-fingerprinting.386179/page-15#post-2808134 With which test do you have problems with ScriptSafe?
I'm not seeing that problem with the version of Trace I have installed in Chrome. Maybe worth another look on your machine. The Canvas Fingerprint test at BrowserLeaks. The fingerprint was the same whether ScriptSafe was enabled or not. I never checked the other tests, but with Trace all tests pass. Edit: Yes, I had Fingerprint protection among others enabled. Also, Canvas Defender wasn't working either.
Good! I had no problem with it. Not related but worth mentioning if you're also using uBO and/or uMatrix: Note the hints regarding CSP in the gHacksuser.js wiki and the discussion here. It's preferable to block fonts in uBO with a static filter (which does not use CSP).
With Chrome every now and then something doesn't work anymore. Now for example I have some problems with: --disable-webgl so I reinserted the corresponding protection in ScriptSafe. ScriptSafe's ClientRects Fingerprint Protection also doesn't work well. I don't want to use Trace. Thanks anyway.
If you don't want to use Trace perhaps you can use an alternative chromium-browser like Brave https://github.com/brave/browser-laptop/wiki/Fingerprinting-Protection-Mode
CanvasBlocker v0.5.9 Released (May 26, 2019) https://addons.mozilla.org/firefox/addon/canvasblocker/ Spoiler: Changes v0.5.9 changes: - code cleanup - made history length threshold url specific - made navigator protection url specific - uniform themes - simplified the "display hidden settings" UI new features: - added protection for navigator properties - added support to import older storage versions - protection for data URLs can now be url specific - changed input of lists to textarea - added option to protect no part of the canvas API - apply themes to all extension pages (options, page action, browser action, setting sanitation, setting inspection, navigator settings) - theme for automatic detection of dark mode (only works with Firefox >= 67) - within the page action the used API can be whitelisted alone - added overview page for whitelist fixes: - search could show hidden settings - faking audio did not work with white random generator - enabled copying from settings description when they are "hidden" - fixed description for "show notifications" - improved DOMRect performance - improved general performance when stack list is disabled - preventing double interception (increased performance and reduced detectability) - detection over navigator and DOMRect getters was possible - audio cache could break readout - improved iFrame protection - SOP detection did not work all the time known issues: - if a data URL is blocked the page action button does not appear
CanvasBlocker v5.9.1 Released Spoiler: v5.9.1 release notes Version 0.5.9.1 Released 29 May 2019 - 262.43 kB Works with firefox 56.0 and later, android 57.0 and later changes: - code cleanup - made history length threshold url specific - made navigator protection url specific - uniform themes - simplified the "display hidden settings" UI new features: - added protection for navigator properties - added support to import older storage versions - protection for data URLs can now be url specific - changed input of lists to textarea - added option to protect no part of the canvas API - apply themes to all extension pages (options, page action, browser action, setting sanitation, setting inspection, navigator settings) - theme for automatic detection of dark mode (only works with Firefox >= 67) - within the page action the used API can be whitelisted alone - added overview page for whitelist fixes: - search could show hidden settings - faking audio did not work with white random generator - enabled copying from settings description when they are "hidden" - fixed description for "show notifications" - improved DOMRect performance - improved general performance when stack list is disabled - preventing double interception (increased performance and reduced detectability) - detection over navigator and DOMRect getters was possible - audio cache could break readout - improved iFrame protection - SOP detection did not work all the time known issues: - if a data URL is blocked the page action button does not appear
CanvasBlocker v0.5.10 Released (May 31, 2019) https://addons.mozilla.org/firefox/addon/canvasblocker/ Spoiler: Changes v0.5.10 changes: - min version is now 57 to remove the amount of warnings on submission new features: - added date and time to the settings export file - persistent rng is no longer shared between containers (different cookieStoreId) fixes: - setter for innerHTML broke pages - protection for document.write and document.writeln broke in Firefox 69 - not connected iFrame threw error with persistent rng - detection over document.write and document.writeln was possible - google docs were broken in Waterfox - MutationObserver failed in some instances - server-site navigator protection did not respect whitelisting - confirm messages were broken in Firefox 67 known issues: - if a data URL is blocked the page action button does not appear
CanvasBlocker v0.5.11 Released (June 23, 2019) https://addons.mozilla.org/firefox/addon/canvasblocker/ Spoiler: Changes v0.5.11 new features: - added auto update for beta versions - options: made sections collapsible - clear persistent rng data if a container is deleted - added tool to clear persistent rng for a specific container fixes: - improved protection of (i)frame properties - document.write and document.writeln protection broke pages - race condition causes persistent rnd separation between containers to leak known issues: - if a data URL is blocked the page action button does not appear
CanvasBlocker v0.5.12 Released (July 6, 2019) https://addons.mozilla.org/firefox/addon/canvasblocker/ Spoiler: Changes v0.5.12 changes: - rearranged some settings new features: - enabled whitelisting of local files - added tabs in options page fixes: - detect when browser.contextualIdentities.onRemoved is not supported known issues: - if a data URL is blocked the page action button does not appear
CanvasBlocker v0.5.13 Released (July 24, 2019) https://addons.mozilla.org/firefox/addon/canvasblocker/
CanvasBlocker v0.5.14 Released (September 24, 2019) https://addons.mozilla.org/firefox/addon/canvasblocker/
Emoji rendering differences enough to identify devices and browsers December 18, 2019 https://portswigger.net/daily-swig/...ences-enough-to-identify-devices-and-browsers
CanvasBlocker v1.0 Released (January 18, 2020) https://addons.mozilla.org/firefox/addon/canvasblocker/ Spoiler: Changes v1.0 changes: - improved storage of protected API features - code cleanup - added mail.google.com to the convenience preset - added reCAPTCHA preset - the reCAPTCHA whitelisting entry is changed to "allow window.name in frames" new features: - added screen protection - added default values for mobile fixes: - background color of the textarea in the settings export was not readable in the dark theme when the value was invalid - settings sanitation: added missing APIs - navigator.oscpu and navigator.buildID are undefined in non Gecko browsers - resetting the settings had undesired side effects - added window.open protection - cross origin DOM manipulations - window.name protection was detectable - importing settings file with an older storage version did not work properly - fields hosted on braintree not working when window API was protected known issues: - if a data URL is blocked the page action button does not appear
CanvasBlocker v1.1 Released (January 28, 2020) https://addons.mozilla.org/firefox/addon/canvasblocker/ Spoiler: Changes v1.1 new features: - added notice for privacy.resistFingerprinting - added container specific navigator settings fixes: - error when exporting function with name "top" - tabs opened with window.open broke when the parent tab was reloaded/closed - importing settings file with an very old storage version did not work at all known issues: - if a data URL is blocked the page action button does not appear
CanvasBlocker v1.2 Released (March 17, 2020) https://addons.mozilla.org/firefox/addon/canvasblocker/ Spoiler: Changes v1.2 changes: - removed unnecessary activeTab permission - always open options page in new tab new features: - added warning if some features of a API are disabled - added TextMetrics protection known issues: - if a data URL is blocked the page action button does not appear