-
Notifications
You must be signed in to change notification settings - Fork 87
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CanvasBlocker doesn't work if privacy.resistFingerprinting = true #158
Comments
Did you allow the canvas readout when Firefox asked you? CB will only do something if you allow it. Otherwise a generic white will be used. |
@Thorin-Oakenpants: you are right. |
@kkapsner Hi sorry for the late reply - i just tested again and indeed it works when i allow the readout. Thanks for taking the time to explain :) |
No problem - you're welcome. Thanks for rechecking. |
The link kind of makes sense - I just do not get why they prompt for isPointInPath but neither getImageData nor readPixels... offscreen canvas should not be too common for usual applications. But for example the fingerprinting on https://www.browserleaks.com/canvas is offscreen. PS: With the next version you will have even more options than a white listing. You can then specify the block mode specific for one site. |
Hey all, I'm a Mozilla person working on this. Despite Bug 1422890, we believe all those APIs are correctly spoofed (they provide fake data) unless the permission is granted. We do prompt for getImageData. I'm investigating readPixels - I think in Tor Browser WebGL is click to play and that's why it's not addressed in our solution so in FF this may be a problem... OffscreenCanvas is not enabled in Firefox yet; if you turn it on by flipping a pref we do not apply fingerprinting resistance to it. I appreciate the investigation, if you have any other comments/concerns about this type of stuff in Firefox, feel free to reach out to me! https://ritter.vg/contact.html |
I am here because I accidentally doubled up on canvas fingerprint detection... double negative it seems. So if anyone else is here because pyllyukko/user.js#468 crippled CanvasBlocker... here's your fix. |
I'm not sure what you mean by "paralyzed". If I enable RFP everything works as expected. Is there anything to fix? |
Fyi, it seems that in Firefox 58.0b5 if i set "privacy.resistFingerprinting = true" in about:config the canvas value is nolonger random - so the CanvasBlocker extension doesn't seem to work anymore. Tested at https://panopticlick.eff.org/
If i set it back to the default value "privacy.resistFingerprinting = false" CanvasBlocker works again.
https://developer.mozilla.org/en-US/Add-ons/WebExtensions/API/privacy/websites#Properties
The text was updated successfully, but these errors were encountered: