À propos de cette extension

This add-on allows users to prevent websites from using some Javascript APIs to fingerprint them. Users can choose to block the APIs entirely on some or all websites (which may break some websites) or fake its fingerprinting-friendly readout API.

IMPORTANT: you should only have ONE addon/setting set that protects an API. Otherwise you could face massive performance issues. (E.g. EclipsedMoon for Palemoon has 'canvas.poison' which is known to cause issues: https://github.com/kkapsner/CanvasBlocker/issues/253#issuecomment-459499290)
But setting privacy.resistFingerprinting to true is fine.

More information on fingerprinting can be found at:

<canvas>: http://www.browserleaks.com/canvas
audio:
- https://audiofingerprint.openwpm.com/ (very poorly written = slow)
- https://webtransparency.cs.princeton.edu/webcensus/#audio-fp
DOMRect:
- http://jcarlosnorte.com/security/2016/03/06/advanced-tor-browser-fingerprinting.html
- https://browserleaks.com/rects

The different block modes are:

fake: Canvas Blocker's default setting, and my favorite! All websites not on the white list or black list can use the protected APIs. But values obtained by the APIs are altered so that a consistent fingerprinting is not possible
ask for permission: If a website is not listed on the white list or black list, the user will be asked if the website should be allowed to use the protected APIs each time they are called.
block everything: Ignore all lists and block the protected APIs on all websites.
allow only white list: Only websites in the white list are allowed to use the protected APIs.
block only black list: Block the protected APIs only for websites on the black list.
allow everything: Ignore all lists and allow the protected APIs on all websites.

Protected "fingerprinting" APIs:

canvas 2d
webGL
audio
history
window (disabled by default)
DOMRect
navigator (disabled by default)

Please report issues and feature requests at https://github.com/kkapsner/CanvasBlocker/issues

Évaluez votre expérience

Signaler ce module

Si vous pensez que ce module va à l’encontre de la Politique de Mozilla sur les modules complémentaires, ou si vous pensez que ce module peut poser des problèmes de sécurité ou porter atteinte à la vie privée, merci de signaler ces problèmes à Mozilla en utilisant ce formulaire.

Merci de ne pas utiliser ce formulaire pour signaler des problèmes ou pour demander l’ajout de fonctionnalités à ce module. Ce formulaire est envoyé à Mozilla et non au développeur du module.

Notes de version pour la version 0.5.9

changes:

- code cleanup
- made history length threshold url specific
- made navigator protection url specific
- uniform themes
- simplified the "display hidden settings" UI

new features:

- added protection for navigator properties
- added support to import older storage versions
- protection for data URLs can now be url specific
- changed input of lists to textarea
- added option to protect no part of the canvas API
- apply themes to all extension pages (options, page action, browser action, setting sanitation, setting inspection, navigator settings)
- theme for automatic detection of dark mode (only works with Firefox >= 67)
- within the page action the used API can be whitelisted alone
- added overview page for whitelist

fixes:

- search could show hidden settings
- faking audio did not work with white random generator
- enabled copying from settings description when they are "hidden"
- fixed description for "show notifications"
- improved DOMRect performance
- improved general performance when stack list is disabled
- preventing double interception (increased performance and reduced detectability)
- detection over navigator and DOMRect getters was possible
- audio cache could break readout
- improved iFrame protection
- SOP detection did not work all the time

known issues:

- if a data URL is blocked the page action button does not appear

Utilisé par

Signaler ce module