(Current) Privacy: Add privacy.resistFingerprinting.delegateCanvasProtection #1559
Conversation
ilikenwf
changed the title
|
And I'd submit this upstream to Firefox but they seem opposed to any separation here, from what I've read...makes little sense to me since canvasblocker brings the identifiers down quite a bit even compared to stock RFP. |
|
Obligatory fingerprinting results with this enabled and canvasblocker randomizing...note this includes a bunch of addons and a custom user.js:
|
…wer users to delegate fingerprinting protection for canvas to extensions; without a properly configured extension, this disables RFP for the canvas entirely. Signed-off-by: Matt Parnell <mparnell@gmail.com>
ilikenwf
force-pushed
the
upstream-current-canvas
branch
from
9a63681 to
1caf710
Compare
|
Sorry I haven’t looked at this yet; it’s on the list of things I’ll get round to review before the next release! |
|
Appreciate the patch! |
Hey thanks! The schools of thought vary on whether this is helping or not, because of sample bias with the fingerprint test sites, if we ever add documentation for this setting it may be wise to consider Thorin's wise discussion here: arkenfox/user.js#942 |
Currently Waterfox and Firefox both break CanvasBlocker and other addons that seek to make canvas fingerprinting harder. While people debate over what is best for these situations, recent changes to RFP caused these extensions to no longer fulfill their primary purpose of randomizing the canvas fingerprint hashes.
This tweak adds a default false option of
privacy.resistFingerprinting.delegateCanvasProtectionwhich when enabled, stops checks of canvas permissions just before Waterfox would normally show or autodecline the request to read the canvas API.
This way, the other prior checks are still enforced, but should the end user, a privacy centric or power user, should desire, they can either disable the rest of the handling of canvas protection entirely (if no addon is configured) or more ideally, use CanvasBlocker to block, randomize, black/whitelist, or display prompts for canvas data extraction where necessary, all while retaining the other benefits that come from using RFP.
If this or something like it were added to Waterfox, I feel many many more users would switch to Waterfox, especially the ghacks user.js crowd and the various privacy communities that are around.