HTML5 Canvas Fingerprinting

Discussion in 'privacy general' started by Sampei Nihira, May 30, 2016.

  1. Emetic

    Emetic Registered Member

    Joined:
    Oct 4, 2011
    Posts:
    73

    Thank you Krusty. Much appreciated. I'll figure it out now.

    It explains a lot. Cheers for the knowledge.
     
  2. NiteRanger

    NiteRanger Registered Member

    Joined:
    Nov 15, 2016
    Posts:
    560
    Location:
    Far East
  3. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,422
    Location:
    Italy
    The best for Webgl is:


    a) Webgl tracking block (Scriptsafe) - Advantage of seeing Websites that use tracking:


    Immagine.jpg


    b) --disable-webgl (Peter Beverloo List)
     
  4. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    6,277
    Location:
    Among the gum trees
    Agree. :thumb:
     
  5. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    10,545
    CanvasBlocker v0.4.3a Released (Decemer 15, 2017)
    Download (AMO)
    (There is a known issue which may break some web pages)
    known issues:
    - due to API blocking some web pages may break. Use 0.4.3b instead.

    changes:
    - hide white, black and ignore list as they can be done with the url specific settings. They are still present and working in the background.
    - if settings are not loaded fast enough the loading is not force but all APIs are blocked

    new features:
    - reset settings
    - new white random generator - creates output similar to Tor browser
    - blockMode and showNotifications can now be chosen url specific
    - new setting to ignore canvas with only few colors

    fixes:
    - page action was not always showing
    - waiting for settings created error messages in browser console
    - do not show notifications when canvas faking was aborted
     
  6. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    10,545
    Edit: v0.4.3c
    CanvasBlocker v0.4.3c Released (Decemer 16, 2017)
    (See known issues)

     
    Last edited: Dec 16, 2017
  7. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,918
    Last edited: Dec 16, 2017
  8. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,422
    Location:
    Italy
    Please do this test:

    https://browserleaks.com/proxy

    reload the page at least 3 times.

    What is the number of your Subscriptions?

    Firefox ESR + CanvasBlocker



    2.JPG

    A short time ago they were at zero.
     
  9. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,918
    @ Sampei Nihira

    Hi, hera ya go !

    browserleaks.png
     
  10. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,422
    Location:
    Italy
    How many active lists do you have?
     
  11. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    6,277
    Location:
    Among the gum trees
    Mine shows 12 but I have many more filter lists enabled.
     
  12. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,918
    @ Sampei Nihira

    Just easy list.

    But my point is, why does my FF version show whilst doing the test via Startpages PROXY ?
     
  13. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    6,277
    Location:
    Among the gum trees
    CanvasBlocker Version 0.4.4b released.

    Version 0.4.4b:
    known issues:
    - force setting loadings may result in non working plugins or not opening direct image links. Use 0.4.4a instead or wait for Firefox 59 which provides the required API to solve this issue once and for all

    changes:
    - if settings are not loaded fast enough the loading is forced

    Version 0.4.4a:
    known issues:
    - due to API blocking some web pages may break. Use 0.4.4 instead.

    changes:
    - if settings are not loaded fast enough the loading is not forced but all APIs are blocked

    Version 0.4.4:
    known issues:
    - force setting loadings may result in non working plugins or not opening direct image links. Use 0.4.3a instead or wait for Firefox 59 which provides the required API to solve this issue once and for all

    changes:
    - show white, black and ignore list again, but only in expert mode

    fixes:
    - Firefox consumed 100% CPU and could not be closed
    - Unknown setting breaks Firefox completely
     
  14. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,422
    Location:
    Italy
    I do not know.
    I have 28 active lists.
     
  15. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,422
    Location:
    Italy
    https://www.wilderssecurity.com/threads/html5-canvas-fingerprinting.386179/page-11#post-2718929


    The developer corrected the bug I brought to the attention.
    But partially.
     
    Last edited: Dec 20, 2017
  16. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    10,545
    Btw.: the next version of Canvas Blocker will have an italian translation ;)
    Create italian messages.json #172 (Added italian translation)
     
  17. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    10,545
    A similar site as "Panopticlick":

    https://browserprint.info
     
  18. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    10,545
    WebAPI Manager - An interesting extension to block content (for example: WebRTC, Battery Status API, Canvas, WebGL, ... and a lot more) on a general basis or only for specific domains.
    Logging can be enabled to see what API has been blocked, Passive Logging is available too (nothing is actually blocked, only logged)
    The extension is available for Firefox and Chrome.
    Edit: There are some website breakages even if only one option was selected in the settings (for example on websites where "disqus" is embedded)
    After a click on "Clear Settings" and all is fine.
    Edit 2: And on Wilders. Report: https://www.wilderssecurity.com/threads/i-can-reply-to-a-thread.400244/
    WebAPI Manager v0.9.21 (January 9, 2018)
    Website (Github)
    Download (AMO)
    Download (Chrome Web Store)

    WebAPI Manager: limit website access to Web APIs
    January 30, 2018
    https://www.ghacks.net/2018/01/30/webapi-manager-limit-website-access-to-web-apis/
    Excerpt (a lot more options are available)
    WebAPI_Manager_block_1.png WebAPI_Manager_block_2.png WebAPI_Manager_block_3.png WebAPI_Manager_block_log.png
     
    Last edited: Jan 30, 2018
  19. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    6,277
    Location:
    Among the gum trees
    Thanks @mood . It looks kind of complicated and the "Info" links are not helpful to me.
     
  20. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    6,277
    Location:
    Among the gum trees
    Block Cloudflare MiTM Attack
     
  21. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    10,545
    A history of Fingerprinting protection in Firefox
    March 01, 2018
    https://www.ghacks.net/2018/03/01/a-history-of-fingerprinting-protection-in-firefox/
     
  22. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    8,460
  23. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    6,277
    Location:
    Among the gum trees
    I don't know whether to change that or not. CanvasBlocker fakes the fingerprint. Not having any fingerprint is a fingerprint in itself isn't it?
     
  24. mirimir

    mirimir Registered Member

    Joined:
    Oct 1, 2011
    Posts:
    8,460
    Yeah, I just use CanvasBlocker.
     
  25. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    10,777
    Location:
    .
    Yep, same here. I also prefer fake fingerprint over no fingerprint at all.
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.