You can look at the code (either at https://github.com/kkapsner/CanvasBlocker/ of you can download the xpi-file, change the extension to zip and look at the content). It does not store any private information or sends anything to a server.

UPDATE: I just realized I did not answer the question. The addon does not need access to login information (and does not use it). But there is no techical difference between the information the addon needs access to (the canvas and JS that are used for fingerprinting) and other information. I would gladly only take the permission to access the information that I only need - it's just not possible.

Thanks for your finding. The faking is working fine - just the display of the icon is confused by this site. This will be fixed in the next release (see https://github.com/kkapsner/CanvasBlocker/issues/149 for reference - btw it's much easier for us to communicate on github via issues than AMO)

Since this is a minor issue there will not be a release for this alone.

Please recheck your Firefox version and try to add it again. Version 0.4.2 should also run with Firefox 52.4.1

The former versions faked the transparency always. But since this channel is treated differently by the browsers I think it is saver to not fake it. It does not affect the security.

Regarding the missing options: only these options are displayed that are useful with the other selected options. The mentioned "ignore the most frequent colors" is only displayed in expert mode and when faking the read API.

For the default random number generator I ask you to open an issue at github. This has to be discussed in more depth. I myself are not sure what the default should be.

You're welcome.

I'm aware of that. You could switch to "fake input"-mode which should not be detected. But this mode is less secure - fingerprinting over WebGL is possible with that. I know no good way to prevent this detection and keep the same level of privacy.