Firefox to Block Canvas-based Browser Fingerprinting

Status
Not open for further replies.
silversurfer

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,176
Firefox will soon provide users with increased privacy by blocking browser fingerprinting performed through the HTML5 canvas element.

With the release of Firefox 58, users will have the option to block websites’ requests to retrieve information through canvas, which is currently used as a cookie-less method of tracking users on the web. Websites using this technique extract data from HTML <canvas> elements silently.

As soon as the change will be in effect, Firefox will behave similarly with the Tor Browser, which is based on Firefox ESR (Extended Support Release). Tor implemented the feature about four years ago.

According to discussion on the Mozilla bug tracker, Firefox 58 should display a popup when accessing a website that attempts to use an HTML < canvas > element to extract information, just like Tor does in such situations. Users will have the option to block the site’s request.

As Sophos notes, many companies are using browser fingerprinting as means to track users online without providing them with a choice. The technique involves tracking the browser itself rather than cookies or other beacons, which can be blocked or deleted.

The fingerprinting operation usually involves passively gathering information such as browser version number, operating system details, screen resolution, language, installed plugins and fonts, and the like. The more elements are used for fingerprinting, the easier it is to single out one’s browser from another user’s, the security firm points out.

“In canvas fingerprinting your browser is given instructions to render something (perhaps a combination of words and pictures) on a hidden canvas element. The resulting image is extracted from the canvas and passed through a hashing function, producing an ID,” Sophos explains.

By providing complex instructions, one can produce enough variation between visitors to ensure canvas fingerprinting is highly efficient. The information gathered this way can be shared among advertising partners and used for the profiling of users based on the affiliated websites they visit.

While Firefox will become the first major browser to take a stance against canvas-based fingerprinting, add-ons that allow users to block this activity already exist, such as Electronic Frontier Foundation’s Privacy Badger.
Click to expand...
Firefox to Block Canvas-based Browser Fingerprinting | SecurityWeek.Com
 
  • Like
Reactions: Handsome Recluse, frogboy, XhenEd and 11 others
brambedkar59

brambedkar59

Level 29
Verified
Top Poster
Well-known
Apr 16, 2017
1,878
You can see if your browser can be fingerprinted or not here.
upload_2017-10-31_22-28-4.png



Ohh boy not good :(
 
Last edited:
  • Like
Reactions: frogboy, lowdetection, XhenEd and 4 others
oneeye

oneeye

Level 4
Verified
Jul 14, 2014
174
Hi all,

I can confirm that Firefox 58 Nightly on Android is definitely working. How effective, I'm unable to gauge. I also have Canvas Defender, which, the parent website, https://Multilogin.com has several fantastic articles on fingerprinting. And why blocking is not necessarily the best way to deal with this issue. Also, there are tons of new ways to fingerprint browser's, and Cross Browser fingerprinting is coming, if not already being done. New research from earlier this year, tells of the scary implications. Here is an article explaining this, and I'll give the link to the study PDF last.
How Canvas Fingerprint Blockers Make You Easily Trackable | Multiloginapp

Now sites can fingerprint you online even when you use multiple browsers

http://yinzhicao.org/TrackingFree/crossbrowsertracking_NDSS17.pdf
Also I have read that uBlock Origin is blocking fingerprinting too. So, I have to imagine that Firefox preempts the extensions? Since I have seen the pop- up notices of fingerprinting attempts on my Android Firefox Nightly build.
 
Last edited:
  • Like
Reactions: Deletedmessiah and lowdetection
A

Arequire

Level 29
Verified
Top Poster
Content Creator
Feb 10, 2017
1,823
This is good but it'd need to be turned on by default to make any significant difference. The majority of users don't change their browser's settings so while the amount of people blocking their canvas fingerprint may increase somewhat, those who do will still stick out like a sore thumb to publishers, advertisers, analytics services, etc.
 
Last edited:
  • Like
Reactions: Deletedmessiah, Handsome Recluse and frogboy
Status
Not open for further replies.

Similar threads

Ink
    • Like
New Update Mozilla partners with Fastly (OHTTP) and Divvi Up (DAP) for Firefox browser
Replies
0
Views
480
Firefox
Ink
Ink
CyberTech
    • Like
New Update Why we’re renaming ‘Firefox accounts’ to ‘Mozilla accounts’
Replies
1
Views
506
Firefox
sartic
sartic
Brownie2019
On Sale! Avast AntiTrack 2023 [1-PC] 10,00€
Replies
2
Views
349
Discounts and Deals
TairikuOkami
TairikuOkami

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top