HTML5 Canvas Fingerprinting

Discussion in 'privacy general' started by Sampei Nihira, May 30, 2016.

  1. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,342
    Location:
    Italy
    Test with Mobile Browsers.
    Android Marshmallow:

    Chrome:

    Chrome.png

    Opera Mini:

    Opera Mini.png

    Firefox + CanvasBlocker

    Firefox.png

    Uniqueness:

    Chrome = 1294/176794

    Opera Mini = 4/176794

    Firefox + CanvasBlocker = 0/176794

     
  2. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,342
    Location:
    Italy
  3. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,342
    Location:
    Italy
    Immagine.jpg

    The web site makes use of Canvas Fingerprint + Battery Fingerprint.
    In the specific case,Canvas Fingerprint,is blocked by UBO.
    Not Battery Fingerprint.

    __________________________________

    1.jpg

    ___________________________________

    2.jpg

    Audio Fingerprint.

     
    Last edited: Feb 26, 2017
  4. guest

    guest Guest

    CanvasBlocker 0.3.7 Released (March 3, 2017)
    https://addons.mozilla.org/en-US/firefox/addon/canvasblocker
    Changelog
     
  5. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,342
    Location:
    Italy
    Last edited: Mar 6, 2017
  6. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,342
    Location:
    Italy
    Added to Firefox the new parameter:

    font.system.whitelist.

    and inserted into the string fonts present in the Tor Browser:


    Available for Windows.
     
  7. Abdallah

    Abdallah Registered Member

    Joined:
    Oct 28, 2013
    Posts:
    124
    Location:
    N/A
    Is there any tweak in Sandboxie to avoid such fingerprinting techniques ?
     
  8. guest

    guest Guest

    I don't think so. Sandboxie is only sandboxing applications, it doesn't modify the behavior or is adding "tweaks".
    So visiting a test site for testing fingerprinting (browserleaks,etc.) should give the same result for a sandboxed and unsandboxed browser.
     
  9. Abdallah

    Abdallah Registered Member

    Joined:
    Oct 28, 2013
    Posts:
    124
    Location:
    N/A
    It has some cool features such as restricting file and registry access, so I thought it could be useful in this case
     
  10. guest

    guest Guest

    Of course :)
    In this case Sandboxie is indeed useful. And all changes from the browser are contained within the sandbox. If something happens, just delete the contents of the sandbox and all is gone.
     
  11. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,342
    Location:
    Italy
  12. guest

    guest Guest

    CanvasBlocker 0.3.8 Released (May 23, 2017)
    https://addons.mozilla.org/en-US/firefox/addon/canvasblocker
    Changelog
     
  13. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,342
    Location:
    Italy
  14. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,342
    Location:
    Italy
  15. guest

    guest Guest

    New version:
    Canvas Defender v1.1.0 (July 11, 2017)
    https://chrome.google.com/webstore/detail/canvas-defender/obdbgnebcljmgkoljcdddaopadkifnpm

    There are "interesting" changes:
    • The fingerprint can be changed in a specific interval:
    Canvas Defender_Interval.png
    After clicking on the icon the Scheduled change can be seen (the time interval has been set to "Every 24 hours")
    Canvas Defender_Icon.png
    • Domains can be whitelisted:
    Canvas Defender_Whitelist.png
    • After visiting a website with a possible fingerprint attempt an alert can be seen:
    Canvas Defender_Possible Fingerprint attempt.png
     
  16. Cache

    Cache Registered Member

    Joined:
    May 20, 2016
    Posts:
    445
    Location:
    Mercia
    Any idea when this update is coming to the Firefox extension?
     
  17. guest

    guest Guest

  18. Cache

    Cache Registered Member

    Joined:
    May 20, 2016
    Posts:
    445
    Location:
    Mercia
    Thanks mood. As my FF had not updated from 1.0.9, I assumed that it was not available yet. Lazy on my part, I know! Anyway, up and running with 1.1.0 now. Just wondering what sort of domains might be worth whitelisting. Banking sites perhaps?
     
  19. paulderdash

    paulderdash Registered Member

    Joined:
    Dec 27, 2013
    Posts:
    4,639
    Location:
    Under a bushel ...
    Not asking which is 'better', but can someone give some insights into respective features of Canvas Defender and Canvas Blocker?
     
  20. The Count

    The Count Registered Member

    Joined:
    Jun 13, 2016
    Posts:
    177
    Location:
    France
    Are they developer by the same team?
     
  21. guest

    guest Guest

    If a website is using fingerprint techniques and Canvas Defender cause some issues, then the website should be added to the whitelist.
    If there are no issues then it is not really necessary to add websites to the whitelist :doubt:
    It is not a "complete" overview, maybe i have overlooked some options... :cautious:
     
  22. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    3,342
    Location:
    Italy
  23. The Count

    The Count Registered Member

    Joined:
    Jun 13, 2016
    Posts:
    177
    Location:
    France
    What's the best way to prevent all canvas fingerprinting including battery, audio etc. Does the browser slow down when you block everything?
     
  24. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    10,209
    Location:
    Among the gum trees
    That depends on which browser you use.
     
  25. NiteRanger

    NiteRanger Registered Member

    Joined:
    Nov 15, 2016
    Posts:
    651
    Location:
    Far East
    In Chrome/Chromium-based browsers you can use ScriptSafe + Canvas Defender + CanvasFingerprintBlock

    In Mozilla-based browsers you can use Secret Agent + Canvas Defender + Privacy Settings + Random Agent Spoofer
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.