Rated 4.6 out of 5
4.6 Stars out of 5
- by Harry Haller, 4 months agoRated 2 out of 5Unfortunately, after installing CanvasBlocker in FF 74.0 (64-Bit), Twitter doesn't work any more. Maybe, there would be a setting to prevent this, but sorry, this should be set by default, since Twitter is a very common network. Also other common sites like translate.google.com don't work any more.
Developer responseposted 4 months agoBoth sites work fine for me with default settings. Please open an issue at https://github.com/kkapsner/CanvasBlocker/issues with all your details so we can sort this problem out.
There we can communication better and you can track the progress of your problem.
- by Dewnan, 5 months agoRated 4 out of 5I have a conflict between Privacy Badger and CanvasBlocker when starting FF or restarting with my restart_firefox.uc.js script, it stops at loading ex: google.com (home page), I press F5 then it loads.
Disabling Privacy Badger on google solves it... anyone else have this problem?This kind of behaviour was already seen but could not be reproduced in FF 73. Please add your system information at https://github.com/kkapsner/CanvasBlocker/issues/388. This issue is currently closed but can be reopened.
- by surrealisme, 5 months agoRated 5 out of 5Hello, interested in the check mark "Share persistent randomness between domains", if you remove it, I realized that each domain will have different data, if you turn it on, a warning that there will be a leak, the question arose, what can domain x request from domain y? and what result will it get if this checkbox is disabled and the request is receivedYou can read the background of this flag in https://github.com/kkapsner/CanvasBlocker/issues/290
To be short: this flag makes you 100% unique and trackable across all domains. The use case for this was not to prevent fingerprinting but to disguise. Not quite the main focus of CanvasBlocker but it seemed useful for some folks.
In general I highly discourage you to from using this flag unless you clearly understand it and it suits your need. If you use it you have to reset your persistent random number generator quite frequently.
PS: domain x cannot request any additional data from domain y but the faking will add the same "randomness" to the API readouts and this information can be used to be tracked.
- by Thomas, 5 months agoRated 5 out of 5Das Plugin ist sehr gut und tut, was es vorgibt.
Wenn ich die beschriebenen Fehler anschaue, würde ich anregen in den Einstellungen den Default-Blockiermodus auf "vortäuschen" zu setzen. Das Problem: Sehr viele Seiten setzen heute auf Canvas unterschiedlichen Arten. Mit der Default-Einstellung werden die Seiten stillschweigend nicht geladen. Im Fragemodus wird man permanent belästigt: Selbst WordPress-Seiten setzen auf Canvas.
Ev. wäre eine Testseite hilfreich, wo man die Einstellung testen kann. Im Paranoiden Modus ist "amiunique" nicht mehr aussagekräftig bzw. lädt nicht mehr sauber. Im Modus "vortäuschen" auch nicht mehr wirklich, da die Testapp das Gefühl hat, sie kriege echte Daten. Eine Konfig, dass man grad noch arbeiten kann aber genügend blockiert wird, ist nicht ganze einfach.Danke für die Vorschläge. Der Standardblockiermodus ist schon "vortäuschen" und unter https://canvasblocker.kkapsner.de/test/ gibt es Testseiten für die einzelnen APIs. Wenn Sie noch weitere Vorschläge oder Verbesserungen haben, können Sie diese gerne unter https://github.com/kkapsner/CanvasBlocker/issues hinterlegen.
- by Firefox user 13579870, 6 months agoRated 2 out of 5leider kaum nutzbar! Der Hesteller bietet eine Whitelist an, aber die bringt absolut nichts, das Kästchen kann man Internet Seiten füllen wie man will, aber sie werden trotzdem Gnadenlos geblockt, es funktioniert dann absolut nichts, gerade die SUchmaschinenseite: swisscows.ch. Daher wieder deinstalliert, den mit so etwas kann man nicht arbeiten!Ich kann Ihr Problem mit swisscows.ch leider nicht reproduzieren. Bitte öffnen Sie ein Ticket bei https://github.com/kkapsner/CanvasBlocker/issues, damit wir das Problem eingrenzen und lösen können. Die Kommunikationsmöglichkeit hier ist einfach zu stark eingeschränkt.
In meinen Tests funktioniert auch die Whitelist mit dem Eintrag "swisscows.ch". Wobei in so einem Fall besser ein Seiten-spezifischer Blockiermodus eingestellt wird.
PS: Die Bezeichnung "Hersteller" ist etwas falsch. Ich bin eine Person, die dieses Addon in der Freizeit entwickelt.
- by Fraaggle, 6 months agoRated 3 out of 5Nice addon, but why it needs reading and changing privacy settings? This is new after the last update. Why you need that now?As discussed in https://github.com/kkapsner/CanvasBlocker/issues/438:
The access to the privacy setting is needed to display the notice for privacy.resistFingerprinting. So it's not that important but unfortunately I cannot make it optional.
CB only reads that and does not write any privacy settings: https://github.com/kkapsner/CanvasBlocker/search?q=%22browser.privacy%22&unscoped_q=%22browser.privacy%22
- by Joey, 7 months agoRated 5 out of 5Hi. I've been using this add-on for a while now. Is it still relevant with the new Firefox update which includes anti-fingerprinting? thanks
- by ezekielk, 7 months agoRated 1 out of 5After installing this add-on, Panopticlick's test shows I have zilch protection from fingerprinting. The author claims that the unique fingerprint is different each time you test it, but that's just not true...almost everything remains unchanged. Most alarming: also true for both hash numbers.
Edit: Responding to your comment: I have tested via Panopticlick many times, reloading the page, or opening a new page and testing again. I get no difference from one test to another, including the two hash numbers, which always remain the same. Shuffling people off to Github's CanvasBlocker issues is not the answer! I've tried another fingerprint hider that is also highly rated (Antifingerprint), and likewise it doesn't work. According to EFF, there is no solution yet...and is why they don't recommend any anti-fingerprint add-on, nor have made their own. And they're pretty much the last word re. online security. See:
People are just fooling themselves if they think any anti-fingerprint add-on really works.
Edit 2: I'm not interested in reporting to Github, I doubt anything will be done about it, as I am not the only person who gets failed protection with CanvasBlocker. Opening a ticket with Github would be like plunking a message down a bottomless, black pit. Panopticlick may be 10 years old, but it still maintains accurate results...what is there to update? I have privacy.resistFingerprinting set to "false," BTW...though I did have it on "true" for awhile. Doesn't seem to make any difference with Panopticlick. As for "persistent random number generator enabled," there is no such option in about:config. My point is this: if your add-on actually worked, Mozilla would've made you rich by purchasing the rights to embed it in their browser.
Developer responseposted 7 months agoThe hashes change for me if I hit "Re-test your browser". Depending on the CB settings the hashes may stay the same (Random number generator). Please open an issue at https://github.com/kkapsner/CanvasBlocker/issues with your settings. Then we investigate the problem further.
Edit in response to your edit: if the hash does not change for you with CanvasBlocker it might be a bug and I want to investigate it further. But this review page is a very bad communication channel for such things (e.g. I did not get any notification that you edited your review and you have no way to actually respond). That's why you should create an issue at Github. It's not about "shuffling people off". It's about better communication and actually solving the problem and/or getting better insight.
The EFF investigation is 10 years old (CB is "only" 5 years old) and I think some improvements were made in the meantime. I can only repeat myself: on https://panopticlick.eff.org/ I get different hashes when I click "Re-test your browser".
I have two ideas why you get the same hash:
1. you have privacy.resistFingerprinting enabled which also protects canvas (see https://github.com/kkapsner/CanvasBlocker/issues/158 and https://github.com/ghacksuserjs/ghacks-user.js/issues/767 for further information)
2. you have the persistent random number generator enabled (stealth preset)
In response to your edit2: it's OK if you do not want to report a Github. At the moment I have no issue open at Github were the protection is not working - I try to solve them as quick as possible. Sometimes it's a CB bug and sometimes it's a misconfiguration or misunderstanding. If you know of other persons with failed protection maybe they want to help me to solve this issue. Without the complete details of the system and some sort of reproduction scenario I have no way of knowing what is going wrong.
I do not know which bad experiences you had with Github but it's simply a development platform and the kind of responses/interaction can vary very much between repositories. It all depends on people.
I had several issue with exactly the same symptom (hash not changing - like https://github.com/kkapsner/CanvasBlocker/issues/199 with Panopticlick or the most recent one being https://github.com/kkapsner/CanvasBlocker/issues/425). All of them were resolved or I had do close them because I did not get an answer for my following up questions that I have to prompt to solve the issue.
I do not say that Panopticlick does not maintain accurate results. I simply say that some people try to solve the problem in the last 10 years and made progress (the most know is the TOR Browser and the Firefox uplift privacy.resistFingerprinting). I know that CanvasBlocker is not perfect and there will be other fingerprinting techniques and attack vectors in the future that CB does not cover at the moment. But at the moment (and especially with the Canvas hashes on Panopticlick) it's working fine.
The "random number generator" is a setting withing the CanvasBlocker settings - I could show you a screenshot of where to find it if we were on Github...
It is set to "persistent" if you selected the "stealth" preset upon installation.
I do not see a point why Mozilla would want to buy my add-on. If they would want to incorporate it into their browser they simply could to it as it's open source and the licence allows the usage for non commercial usage (and they do charge money for Firefox). There are loads of good add-ons that work and that are not integrated into Firefox. That's the idea and beauty of Firefox: you can customize it.