HTML5 Canvas Fingerprinting

Discussion in 'privacy general' started by Sampei Nihira, May 30, 2016.

  1. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,422
    Location:
    Italy
    Sorry but are we talking about the local IP hidden in the WEBRTC test or something else?
    And this with Chrome.
     
  2. NiteRanger

    NiteRanger Registered Member

    Joined:
    Nov 15, 2016
    Posts:
    560
    Location:
    Far East
    I meant readout from browserleaks.com is all either n/a or False. If you use FF you'll get similar readout
     
  3. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,422
    Location:
    Italy
    No extension is required with Firefox.
    Trace is sufficient with Chrome.
     
  4. __Nikopol

    __Nikopol Registered Member

    Joined:
    Aug 13, 2008
    Posts:
    588
    Location:
    Germany
    If you enable some switches, like privacy.resistFingerprinting = true, but not out os the box. (Except you use a special "brand" maybe)
     
  5. NiteRanger

    NiteRanger Registered Member

    Joined:
    Nov 15, 2016
    Posts:
    560
    Location:
    Far East
    Not only my private and public IP addresses were revealed. Trace also revealed my RTCPeerConnection despite disabling it
     
  6. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,422
    Location:
    Italy
    :D

    But we are not paranoid..............
    It is negative to install too many extensions in browsers.
     
  7. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,422
    Location:
    Italy
    WebRTC Test.
    My New Moon:


    200.JPG

    Firefox 52 ESR:

    201.JPG

    Etc.......etc.......
     
    Last edited: Nov 5, 2018
  8. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    10,545
    CanvasBlocker v0.5.6 Released (January 26, 2019)
    https://addons.mozilla.org/firefox/addon/canvasblocker/
    Version 0.5.6:
    changes:
    - removed *Readout and *Input block modes (use protectedCanvasPart instead)

    new features:
    - options gui improvements
    - url specific values can be added by hitting enter in the input
    - highlight "hide" icon when "tabbing" to it
    - made url specific values manageable with "tabbing"​
    - added setting "protected canvas part" to decouple block mode from part
    - added "share persistent randomness between domains"

    fixes:
    - constant rng did not work properly when protecting input
    - some display inconsistencies
    - optional parameter on isPointInPath and isPointInStroke were broken

    known issues:
    - if a data URL is blocked the page action button does not appear
     
  9. NiteRanger

    NiteRanger Registered Member

    Joined:
    Nov 15, 2016
    Posts:
    560
    Location:
    Far East
    I have a problem with CB since the v0. 5.5 and with v0.5.6 too on my FF 64.0.2 on my android phone

    When I enabled it I cannot open any link inside wilderssecurity's posts. When I disabled it I can open the links. I have wilderssecurity whitelisted but to no avail.

    No such issue with other forums like malwaretips, HardwareZone Forums etc

    Any help? Thanks
     
    Last edited: Jan 26, 2019
  10. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,422
    Location:
    Italy
    Hi to all.
    New protection settings in Chrome:

    1) Trace - Only the functions described below are enabled:

    a) Audio Fingerprint Protection - (Partial to prevent the breaking of some websites.)
    b) Battery API Protection.
    c) getClientRects Protection.

    2) BP Privacy Block All Font and Glyph Detection.
     
  11. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    10,545
    CanvasBlocker v0.5.7 Released (February 4, 2019)
    https://addons.mozilla.org/firefox/addon/canvasblocker/
     
  12. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    10,545
    CanvasBlocker v0.5.8 Released (February 10, 2019)
    https://addons.mozilla.org/firefox/addon/canvasblocker/
    changes:
    - audio faking will not alter buffers with only zero values
    new features:
    - added combined cache for getChannelData and copyFromChannel:
    - better performance
    - prevent double faking => prevent detection​
    fixes:
    - after reset the hidden settings and expanded views were not reset
    - audio cache did not work properly
    known issues:
    - if a data URL is blocked the page action button does not appear
     
  13. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,422
    Location:
    Italy
    *** For Chrome ***


    The "Canvas Fingerprint Protection" not works with "Trace" extension.
    When the page is reloaded, the signature does not change.

    The "Audio Fingerprint Protection" is also limited.

    Another important problem is the control of some privacy features in the browser settings.
    Advanced - Privacy and Security:

    No Trace

    10.jpg

    With Trace:

    11.jpg
    I switched to "WebAPI Manager".

    Functionality enabled:

    1) HTML: Canvas Element ( There is compatibility with Ublock Origin counter)
    2) Battery Status API
    3) Web Audio API
    4) Geolocation API

    I do not see the "ClientRects Fingerprint" protection.

    Unfortunately there is an incompatibility with the Webgl protection......arghhhhh !!!

    It is a Mission Impossible !!! :(

     
    Last edited: Feb 11, 2019
  14. NiteRanger

    NiteRanger Registered Member

    Joined:
    Nov 15, 2016
    Posts:
    560
    Location:
    Far East
    I'm using FF 65.0

    If you want to pass the ClientRects fingerprint protection you need both Trace and CanvasBlocker. For Canvas fingerprint protection disable the feature in Trace and let CanvasBlocker do its job

    Test it at browserleaks.com and https://audiofingerprint.openwpm.com/
     
    Last edited: Feb 11, 2019
  15. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,422
    Location:
    Italy
    Hi.
    My post above refers to Chrome.

    :)
     
  16. NiteRanger

    NiteRanger Registered Member

    Joined:
    Nov 15, 2016
    Posts:
    560
    Location:
    Far East
    For Chrome I'm not using Trace. You need WebRTC Control to pass the ClientRects fingerprint protection at the mentioned test sites.

    In Chrome you can block/fake/obfuscate/randomized canvas fingerprint but non of the extension can prevent its own fingerprint from being exposed. Only CanvasBlocker in FF can block/fake/obfuscate/randomized canvas fingerprint and at the same time prevent its own fingerprint from being exposed
     
    Last edited: Feb 11, 2019
  17. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,422
    Location:
    Italy
    I do not use Trace for Firefox.
    Using Trace for Chrome is dangerous for your privacy.
    See the images I added to the post above.
    ;)
     
  18. NiteRanger

    NiteRanger Registered Member

    Joined:
    Nov 15, 2016
    Posts:
    560
    Location:
    Far East
    Don't understand the language used in the images in post #363
     
  19. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,422
    Location:
    Italy
    In the dark rectangle it is written that the setting is applied by the Trace extension.
    3 settings set to ON

    The translation of the settings is easy if you compare those of your Chrome.
     
  20. Sampei Nihira

    Sampei Nihira Registered Member

    Joined:
    Apr 7, 2013
    Posts:
    1,422
    Location:
    Italy
    I ran the Panopticlick (17.46) and Browserprint (15.91) tests and strangely all my browsers* have the same result.
    Can someone verify?
    TH.


    * = FF 52.9.1 ESR and New Moon on W.XP + Chrome x64 on W.10
     
Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.