- May 4, 2018
- 2,261
It did work on it yep! Atm I have it disabled when using it for online banking.
~LDogg
How to to stop browser fingerprinting and tracking?
- Thread starter jetman
- Start date
It did work on it yep! Atm I have it disabled when using it for online banking.
~LDogg
- Jun 7, 2018
- 221
Oh, now it is green for me too!
But I only changed one thing: WebAPI Manager. But the Manager has nothing to do with it, I can deactivate it and it's stil green. Then ... Oh I also have Nano-defender now. But that is also not the culprit.I'm at al loss why it's working, but its fine
You need to press a couple of times to see it turn RED if you randomize your fingerprint
- May 4, 2018
- 2,261
Yes it is very expensive, but remember that old adage "Nothing in life that is worth having is free."
However that other one I mentioned Multilogin is free.
- May 29, 2018
- 2,728
Canvasblocker passed link tests + browserleak
Im firefox user from this day
Im firefox user from this day
- Jun 7, 2018
- 221
Oh, you're right.
Damn. OK, I give up and let the fingerprint be consistent, yet somehow faked and not connected to "me". I don't know how that works. This means: Deactivating CanvasDefender = forever green. (I tested it. Even more proof that nano Defender has something to do with it being green all of a sudden)
CanvasDefender was more of a hassle anyway: It's whitelisting function is under too many steps and it broke many websites without signifying it.
... I think I should test why it is suddenly green:
Ok, I ruled out CanvasDefender, ScriptSafe, uBlock Origin, Random User Agent, all other extensions, ... nano defender ... Oh come on!
I deactivate every extension and it is green? What is this web site testing? That I have a consistent fingerprint?
Great, I don't think this is what we want at all.
Code:
context API not blocked
fingerprint consistent (f....) -> good!
Last edited:
- Jun 7, 2018
- 221
Ok... so how does that page work?
First it creates one fingerprint: Tue Jul 17 2018 23:41:30 GMT+0200 (Central European Summer Time) "starting first fingerprint"
And "one second" later it creates another one: Tue Jul 17 2018 23:41:31 GMT+0200 (Central European Summer Time) "starting second fingerprint"
This is the function it uses to make fingerprints:
That gives a string such as this "data:image/png;base64,[6,029 random chars]" and you can see the picture that this huge string represents here: Test (Because it's a PNG)
The first fingerprint is created:
Then "window.setTimeout()" calls a function after 500ms. This one, explained below:
That happens: document.body.appendChild(document.createElement("br")) (I assume this creates an element, a brake-line, and appends it to the body of the HTML, after the text that has been written to it in the header.)
Then the second fingerprint is created: var secondFingerprint = fingerPrint(); (After the 500ms)
Some if-statements check if the two fingerprints are equal or not. In both cases, those huge fingerprint-strings are hashed with Sha256 to make them smaller:
Then the results of the if statements are added to the body of the HTML and the background color is changed accordingly.
After this step you see that page.
So... why is the second fingerprint different? I have not the slightest idea.
The fingerprint-function is called two times, both calls are identical. The only difference is the time since page-load, with the second fingerprint being 500ms late.
Then how can it be that sometimes the fingerprints are different and sometimes not? I can only assume that after the first fingerprint, that is done in the header, some extensions add their own scripts to change the sites behavior, and this changes the second fingerprint, that is done in the body.
Can someone confirm? I'm not a programmer. I could be wrong.
First it creates one fingerprint: Tue Jul 17 2018 23:41:30 GMT+0200 (Central European Summer Time) "starting first fingerprint"
And "one second" later it creates another one: Tue Jul 17 2018 23:41:31 GMT+0200 (Central European Summer Time) "starting second fingerprint"
This is the function it uses to make fingerprints:
JavaScript:
function fingerPrint(){
"use strict";var canvas = document.createElement("canvas");
canvas.setAttribute("width", 220);
canvas.setAttribute("height", 30);
var fp_text = "BrowserLeaks,com <canvas> 10";
var ctx = canvas.getContext("2d");
ctx.textBaseline = "top";
ctx.font = "14px 'Arial'";
ctx.textBaseline = "alphabetic";
ctx.fillStyle = "#f60";
ctx.fillRect(125, 1, 62, 20);
ctx.fillStyle = "#069";
ctx.fillText(fp_text, 2, 15);
ctx.fillStyle = "rgba(102, 204, 0, 07)";
ctx.fillText(fp_text, 4, 17);
return canvas.toDataURL();
}The first fingerprint is created:
JavaScript:
try {
var firstFingerprint = fingerPrint();
}
JavaScript:
window.setTimeout(function(){
console.log(new Date(), "starting second fingerprint");
document.body.appendChild(document.createElement("br"));
var secondFingerprint = fingerPrint();
if (firstFingerprint === secondFingerprint){
hash(firstFingerprint).then(function(hash){
document.body.appendChild(document.createTextNode("fingerprint consistent (" + hash + ") -> good!"));
document.body.style.backgroundColor = "green";
});
}
else {
Promise.all([hash(firstFingerprint), hash(secondFingerprint)]).then(function(hashes){
document.body.appendChild(document.createTextNode("fingerprint not consistent (" + hashes[0] + " != " + hashes[1] + ") -> very bad! (potential fingerprint leak)"));
document.body.style.backgroundColor = "red";
});
}
}, 500);Then the second fingerprint is created: var secondFingerprint = fingerPrint(); (After the 500ms)
Some if-statements check if the two fingerprints are equal or not. In both cases, those huge fingerprint-strings are hashed with Sha256 to make them smaller:
JavaScript:
function hash(url){
var buffer = new TextEncoder("utf-8").encode(url);
return crypto.subtle.digest("SHA-256", buffer).then(function(hash){
var chunks = [];
(new Uint32Array(hash)).forEach(function(num){
chunks.push(num.toString(16));
});
return chunks.map(function(chunk){
return "0".repeat(8 - chunk.length) + chunk;
}).join("");
});
}After this step you see that page.
So... why is the second fingerprint different? I have not the slightest idea.
The fingerprint-function is called two times, both calls are identical. The only difference is the time since page-load, with the second fingerprint being 500ms late.
Then how can it be that sometimes the fingerprints are different and sometimes not? I can only assume that after the first fingerprint, that is done in the header, some extensions add their own scripts to change the sites behavior, and this changes the second fingerprint, that is done in the body.
Can someone confirm? I'm not a programmer. I could be wrong.
Last edited:
- Jun 7, 2018
- 221
Looking at this page I linked before Test and playing with my extensions, I am never able to get rid of my true fingerprint under "iFrame Test 3 - violating SOP".
My "true fingerprint" is the one I always see when I look at the page without extensions on.
Not even with all three extensions (ScriptSafe, Canvas Defender and WebAPI Manager) configured to stop or modify canvas fingerprints can I get rid of this one!
I am certain we should test our Canvas fingerprint with this page Test and the "old one" Test
Because,
- to pass this test you must not have more than one fingerprint, meaning the page should show you four fingerprints that are identical, but they should also be different from your true one.
- Also the fingerprint should change after a certain time or because of a certain event. (Making it hard to track you)
- You should not see any attempts blocked. (Like you, hiding under a blanket in a group of people)
- If you have two or more different fingerprints you'll stand out. (Like hiding under a blanket, but it has your favourite color)
- If it never changes you'll always have the same fingerprint. (figures) That is just as good as your true one. (You're just hiding under a blanket with a unique QR-code on it, and you cut holes in it so you never have to take it off.)
Together with the old one we can see that even when all four are identical, you can still be seen as someone who blocks fingerprinting, because the created PNG might not be correct or whatever
Extensions for Chrome that say to hide your fingerprint and/or fake it:
ScriptSafe:
Every canvas fingerprint blocking setting has it's own problem: Random readout does create such random prints that there is no consistency at all between the four trials, and they're not even correct - meaning they don't produce the right-looking PNG. Blank readout does what it sounds like, but because the fourth fingerprint is always your true one, this doesn't work either. Block readout also blocks only the first three.
Canvas Defender:
Can only change the first fingerprint. All other three times one is created it fails and shows your true one.
WebAPI Manager:
Does have a setting for it, but it does not work in this case. (Maybe any)
Canvas Fingerprint Defender:
Does only change the first two, and they are different from each other.
CanvasFingerprintBlock:
Does change all four! Yay! However it has bad reviews for breaking pages and it also does not appear to change it's faked fingerprint at anytime. Still the best so far! BUT: It fails the old test, showing as "context API blocked".
StopFingerprinting:
Does not change any at all.
Don't FingerPrint Me:
Does not change any at all. AFAIK only shows you the fingerprinting attempts in chromes developer menu thing.
Chameleon: (Not in Chrome webstore!) ghostwords/chameleonhttps://github.com/ghostwords/chameleon
Does not yet protect from fingerprinting.
Winner so far: CanvasFingerprintBlock! For actually blocking all four fingerprint attempts. Yet, it is not perfect.
CanvasFingerprintBlock
My "true fingerprint" is the one I always see when I look at the page without extensions on.
Not even with all three extensions (ScriptSafe, Canvas Defender and WebAPI Manager) configured to stop or modify canvas fingerprints can I get rid of this one!
I am certain we should test our Canvas fingerprint with this page Test and the "old one" Test
Because,
- to pass this test you must not have more than one fingerprint, meaning the page should show you four fingerprints that are identical, but they should also be different from your true one.
- Also the fingerprint should change after a certain time or because of a certain event. (Making it hard to track you)
- You should not see any attempts blocked. (Like you, hiding under a blanket in a group of people)
- If you have two or more different fingerprints you'll stand out. (Like hiding under a blanket, but it has your favourite color)
- If it never changes you'll always have the same fingerprint. (figures) That is just as good as your true one. (You're just hiding under a blanket with a unique QR-code on it, and you cut holes in it so you never have to take it off.)
Together with the old one we can see that even when all four are identical, you can still be seen as someone who blocks fingerprinting, because the created PNG might not be correct or whatever
Extensions for Chrome that say to hide your fingerprint and/or fake it:
ScriptSafe:
Every canvas fingerprint blocking setting has it's own problem: Random readout does create such random prints that there is no consistency at all between the four trials, and they're not even correct - meaning they don't produce the right-looking PNG. Blank readout does what it sounds like, but because the fourth fingerprint is always your true one, this doesn't work either. Block readout also blocks only the first three.
Canvas Defender:
Can only change the first fingerprint. All other three times one is created it fails and shows your true one.
WebAPI Manager:
Does have a setting for it, but it does not work in this case. (Maybe any)
Canvas Fingerprint Defender:
Does only change the first two, and they are different from each other.
CanvasFingerprintBlock:
Does change all four! Yay! However it has bad reviews for breaking pages and it also does not appear to change it's faked fingerprint at anytime. Still the best so far! BUT: It fails the old test, showing as "context API blocked".
StopFingerprinting:
Does not change any at all.
Don't FingerPrint Me:
Does not change any at all. AFAIK only shows you the fingerprinting attempts in chromes developer menu thing.
Chameleon: (Not in Chrome webstore!) ghostwords/chameleonhttps://github.com/ghostwords/chameleon
Does not yet protect from fingerprinting.
Winner so far: CanvasFingerprintBlock! For actually blocking all four fingerprint attempts. Yet, it is not perfect.
CanvasFingerprintBlock
Last edited:
@Yellowing
Like I mentioned only CanvasBlocker (FF) pass the test. All other extensions from FF/Chrome failed. The purpose of the test is to see whether the original fingerprint can be extracted.
Like I mentioned only CanvasBlocker (FF) pass the test. All other extensions from FF/Chrome failed. The purpose of the test is to see whether the original fingerprint can be extracted.
- Jun 7, 2018
- 221
Yes, but this extension is not available for Chrome.
Still: If you pass the test you did, the "old one", it could very well be any fingerprint. It only checks if both fingerprints are identical, nothing else. It could still be your true one. Infact you pass it with stock-chrome.
Please make the test with the four fingerprints. They are all done using different methods. It should show you four identical fingerprints and four pictures. Yet, if you visit the page without Canvas Blocker, you should see four different fingerprints with pictures.
Also your Canvas Blocker-fingerprint should change at some time or else it is useless..
Yes, but this extension is not available for Chrome.
Still: If you pass the test you did, the "old one", it could very well be any fingerprint. It only checks if both fingerprints are identical, nothing else. It could still be your true one. Infact you pass it with stock-chrome.
Please make the test with the four fingerprints. They are all done using different methods. It should show you four identical fingerprints and four pictures. Yet, if you visit the page without Canvas Blocker, you should see four different fingerprints with pictures.
Also your Canvas Blocker-fingerprint should change at some time or else it is useless..
Yes, but this extension is not available for Chrome.
Still: If you pass the test you did, the "old one", it could very well be any fingerprint. It only checks if both fingerprints are identical, nothing else. It could still be your true one. Infact you pass it with stock-chrome.
Please make the test with the four fingerprints. They are all done using different methods. It should show you four identical fingerprints and four pictures. Yet, if you visit the page without Canvas Blocker, you should see four different fingerprints with pictures.
Also your Canvas Blocker-fingerprint should change at some time or else it is useless..
FYI, if you run the old test the hash changes with each test. This means it's not the same as your original fingerprint
Ok, so I disabled the canvas fingerprint feature in CanvasBlocker, Trace and ScriptSafe and ran the new test Test and my original fingerprint is
Hash: 6a3ba41271e380061312702a1e72e4ed6fe84944ec984d9005b8db60860184a3
The test shows TRUE for the 4 tests with the same original fingerprint
Then I enabled CanvaBlocker and re-ran the new test. The result with the same fingerprint is
Hash: a8af02e8c5f67eb9a37fbda9ab673dcbaea11dc07ca82992ad4ea8880d75151f
which is different from my original as expected since CanvasBlocker fakes a consistent readout. However, the last test iFrame Test 3 - violating SOP shows a False. At any rate when I carried out the test a few times the True and False for the 4 tests changes but the Hash remains consistently (same) for the 4 tests but different with each test
BTW, what picture are you referring to?
Here's one more test to detect the presence of your canvas blocker
Detection test
Last edited:
- Jun 7, 2018
- 221
These pictures, the PNGs your browser creates in the canvas test:
EDIT: Actually I am not using this extension. (CanvasFingerprintBlock) It breaks too much and it has no whitelist feature, making it too hard to use. Unfortunately that makes it: Zero useful extensions for Chrome.
EDIT: Actually I am not using this extension. (CanvasFingerprintBlock) It breaks too much and it has no whitelist feature, making it too hard to use. Unfortunately that makes it: Zero useful extensions for Chrome.
Last edited:
Yes, currently there's no Chrome/FF extension or canvas feature in an extension that can perform as well as CanvasBlocker for FF
As for Chrome just use any canvas fingerprint extension or feature in an extension will do.....for the moment
Sorry, I'm just an user not a programmerI see you are a Content Creator
- Apr 1, 2017
- 1,782
Similar threads
