Has anyone tried this extension lately? It seems to have been updated regularly. https://addons.mozilla.org/en-US/firefox/addon/webapi-manager/versions/
https://www.ghacks.net/2018/04/05/how-to-detect-zero-width-characters-fingerprinting/ https://www.bleepingcomputer.com/news/security/google-chrome-extension-detects-zero-width-character-fingerprinting-attacks/
That is not about browser fingerprinting, but about trapping one who copy & pasted restricted contents and how to detect it.
Privacy-Addon which might be worth a try: Trace Website Chrome: https://chrome.google.com/webstore/detail/trace/njkmjblmcfiobddjgebnoeldkjcplfjb Firefox: https://addons.mozilla.org/en-US/firefox/addon/absolutedouble-trace
I wonder, what are the limitation of the free version? Well, obviously it is 15000 domains vs 3000, but I wonder what are those for? 3 bucks are worth paying for, even if it is just for a support. EDIT: OK, it seems, that is also blocks google ads, that is no good for me.
https://antoinevastel.com/tracking/2018/07/01/eval-canvasdef.html They can 1) detect that it's being used; 2) extract the noise vector; and 3) get the original canvas value. OK, we know that simply blocking doesn't work: https://multiloginapp.com/how-canvas-fingerprint-blockers-make-you-easily-trackable/ So how does one interfere with canvas fingerprinting?
Even if site can get to original canvas value, they probably won't bother with doing it until a lot of visitors start using it. You're a high-hanging fruit so why bother with you if there are 99%+ visitors that are easier to track. Costs of doing it would probably be larger than benefits.
One can hope But I would like a solution that works against all sites. OK, so what happens when you uninstall and reinstall the browser? Do you get the same canvas fingerprint? I could fire up a fresh VM, and test that. Maybe I will. And I'll let y'all know.
Well, it seems that Canvas Blocker is not affected. That said, I think that fingerprinting is overrated. Unless proven otherwise, I still think that fingerprinting is predominantly done by 3rd-party trackers/adservers. If you block them, e.g. with uMatrix, uBlock Origin or a hosts file, this problem is simply irrelevant. There are certainly sites which are doing 1st-party fingerprinting. But this can't be used to track you across the internet, and the known countermeasures - like setting privacy.resistFingerprinting=true or a combination of, say, User-Agent Switcher and Canvas Blocker - should be sufficient.
I liked this from reply on GitHub: Against privacy defeatism: why browsers can still stop fingerprinting.
Good to know. But the post was about Canvas Defender. So anyway, it seems that blocking canvas detection is secure. But that makes one rather unique, unless most browsers do that. However, Mozilla and Apple reportedly plan to block canvas detection, so it will become a lot more common.
I`m now wondering if the use of a canvas blocking addon is strictly necessary, after having used CanvasBlocker since it first appeared. If appropriate filter lists and cookie management is used, would it matter so much even if they got the 'real' canvas fingerprint rather than a spoofed one ? If it`s main purpose is to serve targeted ads and ad blocking is already in place - doesn`t that nullify the effect without even taking specific canvas blocking measures ?
It depends what you're after. Fingerprints enable identification. So if you don't want that, you don't want to be fingerprinted. Just as with meatspace fingerprints
CanvasBlocker v0.5.1.1b Released (July 21, 2018) Spoiler: v0.5.0 - New Features, Fixes Version 0.5.0: changes: - Changes in the random supply API - Added grouping to API white list - Show page action when API is blocked new features: - Can protect Audio API - Settings can be hidden fixes: - make function replacements not detectable - "protect" data URL pages by blocking all requests from them removed fixes: - display of about:blank broken in Waterfox reason: it should help protect data URL pages in the future known issues: - if a data URL request is blocked the page action button appears but shown no content Spoiler: v0.5.1 - New Features, Fixes Version 0.5.1: changes: - instead of blocking requests from data URLs they are blocked themselfes new features: - new setting: session white list that is cleared on addon load (= browser start) fixes: - Changes made in the page action were not saved in all Firefox versions - Blocking requests data URLs blocked too much known issues: - if a data URL is blocked the page action button does not appear
So, does this mean that without JavaScript enabled, most fingerprinting techniques don't workare ineffective -- or just that JavaScript needs to be enabled in order to run this fingerprinting test?
I think that means that unless you allow JavaScript they can't fingerprint you, but I stand to be corrected.
CanvasBlocker v0.5.3 Released (September 02, 2018) Spoiler: v0.5.3 - New Features, Fixes Version 0.5.3: changes: - removed active support for Firefox < 60 - maximal 250 notifications per domain and type will be rendered new features: - display version in options page - added link to open options page in separate tab - added option "Don't show again on update." for options page - added option to highlight page action icon - added option to control browser action icon on notifications - added theme for browser and page action popup - added badge - added option to ignore APIs - added protection for history length - added protection for window name and opener fixes: - CSP did not work properly for worker-src - detection if the options page was displayed in a separate tab did not work reliably - popup text not readable in some dark themes - display conditions for notification settings - page action not useable with a lot of notifications - blocking of blob-worker broke some pages known issues: - if a data URL is blocked the page action button does not appear