New Update Detecting Privacy Badger’s Canvas FP detection

  • Thread starter ForgottenSeer 85179
  • Start date
F

ForgottenSeer 85179

Thread author
Vulnerabilities in Privacy Badger canvas fingerprinting detection
  • Observability of the canvas API hooking
  • Bypassability of the APIs hooking

This show again that addon updates are necessary and that even famous addons aren't so good as they should.

Edit:

Also from the GrapheneOS dev:
This is yet another example of why client-side checks are a bad approach for security. People should not be trying to implement privacy and security by injecting code into the adversary's code and hooking various APIs in a way that can be bypassed or detected. In general, browser extensions are not a good place to attempt implementing privacy and security features. APIs for browser extensions are not designed to provide robust or secure ways of doing these things, so extensions implement half-baked solutions or complete hacks involving injecting code and pretend they have working / robust approaches when they do not. Privacy and security features need to be built into browsers to work properly, whether it's by building in the feature completely or providing a robust API for it.
 
Last edited by a moderator:

Lenny_Fox

Level 22
Verified
Top Poster
Well-known
Oct 1, 2019
1,120
DanielMcKay on Reddit said:
In Firefox, extensions are unintentionally constrained by the page's Content-Security-Policy and sandbox attributes. This is an implementation bug with no solution in sight. This causes many extensions to be broken on sites using these features. Extensions can work around this Firefox bug by disabling these security features or poking holes in the policies to allow their code to work.
Constraining extensions with the limitations of a webpage's CSP (content-security-policy) and Sandbox sounds like a good plan to me. It would be a security feature when extension writers could not poke holes in these limitations When they can circumvent it, some extension writers would probably ask for to many privileges, making this limitation counter productive. I don't use Firefox so maybe members with better knowledge of Firefox can comment on this.
 

Digmor Crusher

Level 23
Verified
Top Poster
Well-known
Jan 27, 2018
1,237
Many on here and elsewhere, are simplifying their protection setup, using features built in to the OS configured by programs such as Configure Defender and Syshardener. They are trying to avoid 3rd party programs installing drivers, hooking into a million different files etc. Maybe its time to start simplifying our browser setups now, stop installing an over-abundance of extensions, many which break web pages and are more trouble than they are worth. I'm done obsessing about privacy on the internet, bigger fish to fry here.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top