This show again that addon updates are necessary and that even famous addons aren't so good as they should.Vulnerabilities in Privacy Badger canvas fingerprinting detection
- Observability of the canvas API hooking
- Bypassability of the APIs hooking
Also from the GrapheneOS dev:
https://www.reddit.com/r/GrapheneOS/comments/fqgeh9/_/flqbyqlThis is yet another example of why client-side checks are a bad approach for security. People should not be trying to implement privacy and security by injecting code into the adversary's code and hooking various APIs in a way that can be bypassed or detected. In general, browser extensions are not a good place to attempt implementing privacy and security features. APIs for browser extensions are not designed to provide robust or secure ways of doing these things, so extensions implement half-baked solutions or complete hacks involving injecting code and pretend they have working / robust approaches when they do not. Privacy and security features need to be built into browsers to work properly, whether it's by building in the feature completely or providing a robust API for it.