Looking at this page I linked before Test
and playing with my extensions, I am never able to get rid of my true fingerprint under "iFrame Test 3 - violating SOP
My "true fingerprint" is the one I always see when I look at the page without extensions on.
Not even with all three extensions (ScriptSafe, Canvas Defender and WebAPI Manager) configured to stop or modify canvas fingerprints can I get rid of this one!
I am certain we should test our Canvas fingerprint with this page Test
and the "old one" Test
- to pass this test you must not have more than one fingerprint, meaning the page should show you four fingerprints that are identical, but they should also be different from your true one.
- Also the fingerprint should change after a certain time or because of a certain event. (Making it hard to track you)
- You should not see any attempts blocked. (Like you, hiding under a blanket in a group of people)
- If you have two or more different fingerprints you'll stand out. (Like hiding under a blanket, but it has your favourite color)
- If it never changes you'll always have the same fingerprint. (figures) That is just as good as your true one. (You're just hiding under a blanket with a unique QR-code on it, and you cut holes in it so you never have to take it off.)
Together with the old one we can see that even when all four are identical, you can still be seen as someone who blocks fingerprinting, because the created PNG might not be correct or whatever
Extensions for Chrome that say to hide your fingerprint and/or fake it:
Every canvas fingerprint blocking setting has it's own problem: Random readout does create such random prints that there is no consistency at all between the four trials, and they're not even correct - meaning they don't produce the right-looking PNG. Blank readout does what it sounds like, but because the fourth fingerprint is always your true one, this doesn't work either. Block readout also blocks only the first three.
Can only change the first fingerprint. All other three times one is created it fails and shows your true one.
Does have a setting for it, but it does not work in this case. (Maybe any)
Canvas Fingerprint Defender:
Does only change the first two, and they are different from each other.
Does change all four! Yay! However it has bad reviews for breaking pages and it also does not appear to change it's faked fingerprint at anytime. Still the best so far! BUT: It fails the old test, showing as "context API blocked".
Does not change any at all.
Don't FingerPrint Me:
Does not change any at all. AFAIK only shows you the fingerprinting attempts in chromes developer menu thing.
Chameleon: (Not in Chrome webstore!) ghostwords/chameleonhttps://github.com/ghostwords/chameleon
Does not yet protect from fingerprinting.
Winner so far: CanvasFingerprintBlock! For actually blocking all four fingerprint attempts. Yet, it is not perfect.