221 reviews
  • I tested this addon with the Panopticlick test from the EFF, and when I check the 'full results' it shows that the hash values are changed every time I have the addon enabled. So I guess it's basically ruining it for people who use these values to track you.
    Exactly this is the idea behind the fake mode.
  • This extension doesn't work.


    Go see for yourself.
    It's fine to have a unique fingerprint as long it changes every time. If you re-test your browser you will see different canvas and webGL hashes.

    See the following issue for reference: https://github.com/kkapsner/CanvasBlocker/issues/154
  • It is great, but it'd be much better if the Mozilla Add-ons link embedded in it was language-agnostic. Currently, it is to the German version of the site.
    This issue will be fixed in the next version: https://github.com/kkapsner/CanvasBlocker/issues/219
  • Great, but seems to be blocking protonmail . . . tried whitelisting without success . . .

    Update: unchecked "Block data-URL pages" as suggested, and now works. Thanks!
    Please try the solutions mentioned on https://github.com/kkapsner/CanvasBlocker/issues/223
  • Funktioniert einwandfrei.
    Das Symbol wurde von Benutzern angefragt: https://github.com/kkapsner/CanvasBlocker/issues/217

    Man kann es ohne Probleme deaktivieren: darauf rechts klicken -> aus Symbolleiste entfernen
  • You are very hard working person :)
  • Excellent add-on! Thanks for your hard work!
  • Very nice works.
    But it may not pass detective on test page try times test, it may enter an endless loop and Let the browser stop working.
    This page doen't even work when no addon at all is installed... but to discuss this further please open an issue at https://github.com/kkapsner/CanvasBlocker/issues
    Communication is much easier there.
  • Here is a French translation file for your extension.
    Thank you for your work.

    Thankyou very much for the translation: https://github.com/kkapsner/CanvasBlocker/commit/fb25077f12faf68ea62b862c6ba7eccd6a295b6e
  • Nice works.
    Please note I test the audio fingerprint at https://audiofingerprint.openwpm.com/ and it causes browser slowdown.
    I know - this page is not written in a peformant way. You can test the audio fingerprint at http://kkapsner.github.io/CanvasBlocker/test/audioTest.html as well.
  • Nice works.
    Please note it does not detect (and block) the code embedded in a url through the
    "data:text/html" directive.
    I don't know if this method it's exploitable in a web page

    example: paste the following code on your navigation bar
    (It's a dots wave single pixel plotter, so it uses getImageData and it works even if you block the readout API):

    edit: sample code moved to pastebin (sorry, pasting the code here does not works):
    Good point. I will see if this is exploitable. But please open an issue at https://github.com/kkapsner/CanvasBlocker/issues where we can discuss the implications and findings. Also communication is much easier there.
  • Where can i test the success of CanvasBlocker?

    Does it make problems with twitter header image upload?
    i got probs
    You can go to http://kkapsner.github.io/CanvasBlocker/test/test.html and check if the displayed hash changes on every reload.

    I know of no problems with twitter. But if you think that it is CB related please open an issue at https://github.com/kkapsner/CanvasBlocker/issues - there we can communicate much better.
  • Doesn't make my canvas fingerprint less unique. amiunique.org still tells me that my similarity ratio is below 0.1% which means I have a very unique canvas fingerprint.
    In the default settings the canvas fingerprint is changed on every page reload (you can test that on http://kkapsner.github.io/CanvasBlocker/test/test.html). Yes - this makes the fingerprint unique but since it is not constant you cannot be tracked.

    If you want further information/discussion please open an issue on https://github.com/kkapsner/CanvasBlocker/issues where we can communicate nmuch easier.

    PS: similar issue on github: https://github.com/kkapsner/CanvasBlocker/issues/154
  • Thank you for this extension (and for keeping it opensource). Nowadays it's getting harder and harder to get a sense of real privacy. CanvasBlocker + AdGuard for Windows + Privacy Badger + HTTPS Everywhere + custom user.js helps me feel safer on a growing data collection frenzy.
    You're welcome.
  • Please provide a reason why you gave one star. Maybe I can fix the issue or improve CB with your input.
  • Does not work according to fingerprint test at https://panopticlick.eff.org/
    What do you mean with "does not work"? Please open an issue at https://github.com/kkapsner/CanvasBlocker/issues where we can communicate better and therefore I can help better.
  • 100% unique mean that is not really natural, canvas should not be unique but changed in order to be natural.
    Unique canvas fingerprints will do much worse.
    Is like you said you have a device that never exist.

    To better understand how this work :
    Google already have a full database with all kind of canvas signatures from all worldwide devices (iphone, android, computers, etc...), and if your canvas signature will not match on them database then you fail, it is a prove that your canvas is fake. If you try to spoof the signature then image pixel parameters will not match and again you fail so is almoust imposible to pass canvas.

    On default settings may make it pass the google test.

    For example google will not ask for SMS confirmation when a new gmail account is created because he trust the device you use.

    Most of people must understand why unique signatures is bad practice and all softwares that spoof parameters will make traking services to detect the device much easy
    Please open an issue at https://github.com/kkapsner/CanvasBlocker/issues where we can discuss this. AMOs rating comments are too limited to have a good conversation.

    One small comment on unique signatures: they are not bad by itself as long as they are not persistend (i.e. the timestamp you connect to the server is very likely to be a unique signature but it's not persistent). This is the case in the CB default settings.