Post Reply 
Block CANVAS fingerprinting tracking
May. 17, 2016, 12:07 PM
Post: #1
Block CANVAS fingerprinting tracking
Hello,
I'm worrying about Canvas fingerprint tracking. Canvas fingerprinting works by exploiting the HTML5 canvas element.

Ref: https://en.wikipedia.org/wiki/Canvas_fingerprinting
Demonstration: https://panopticlick.eff.org/

I'd like to have a simple filter to remove <canvas> ... </canvas> elements.
How would it look like ?
Thanks for help.
Add Thank You Quote this message in a reply
May. 17, 2016, 02:00 PM
Post: #2
RE: Block CANVAS fingerprinting tracking
(May. 17, 2016 12:07 PM)fpout Wrote:  I'd like to have a simple filter to remove <canvas> ... </canvas> elements.
How would it look like ?

Code:
[Patterns]
Name = "Remove <canvas>*</canvas>"
Active = TRUE
Bounds = "<canvas*</canvas>"
Limit = 256
Match = "*"
Add Thank You Quote this message in a reply
May. 17, 2016, 10:11 PM
Post: #3
RE: Block CANVAS fingerprinting tracking
Thanks. I use Firefox 12 & Proxo advanced mode. I tried this filter:
Code:
[Patterns]
Name = "Remove Canvas tracking 16.05.17 (jj)"
Active = TRUE
Multi = TRUE
Bounds = "<canvas*</canvas>"
Limit = 256
Match = "*"
and went to https://panopticlick.eff.org/.
I need to Allow everything in ProxoMenu to work. I tried a dozen times, filter ON & off, sometimes the test completes, sometimes not.
It goes through many redirs (Fox asks for at least 4) and result is different almost each time. Now it constantly returns "no javascript".
So I can't figure out wether this filter is sufficient or not.
Using Chrome 14 + Proxo, I get the same result (same canvas fingerprint) with filter ON & off and raising limit to 1024 still produces the same hash canvas fingerprint.
Add Thank You Quote this message in a reply
May. 18, 2016, 05:36 AM
Post: #4
RE: Block CANVAS fingerprinting tracking
(May. 17, 2016 10:11 PM)fpout Wrote:  So I can't figure out whether this filter is sufficient or not.

It isn't.
Panopticlick is using javascript to add the <canvas> object, see https://panopticlick.eff.org/bower/finge...=1.0.0-rc3 .
I think, canvas.toDataURL() does the fingerprinting. So to start

Code:
[Patterns]
Name = "Block Canvas fingerprinting getImageData toDataURL"
Active = TRUE
Limit = 256
Match = "canvas.(getImageData|toDataURL)\1\("
Replace = "canvas.no\1("

Of course, blocking these might make you more unique...

The simple filter is to disable javascript, which... well how many people disable js.


BTW, "Multi = TRUE", allows the filter's output to be filtered, is probably not needed.
Add Thank You Quote this message in a reply
May. 18, 2016, 06:18 PM
Post: #5
RE: Block CANVAS fingerprinting tracking
Thank you, JJoe. I have added the latter filter to my default.cfg.

Haven't tried Panopticlick yet.

I suppose I have a good protection against tracking, using mostly Firefox 12 + Proxo with NoScript + AdBlock Plus & most available lists + Ghostery + Disconnect.
If I cannot display a site correctly, I simply open page in another browser in a specific Sandbox (Sandboxie) which is frequently deleted.
The Fox addon "Playlink" is handy for that, just right-click and the page opens in the wanted sandboxed browser. Playlink allows 5 different destination browsers, like Chrome, IE, Opera, QTweb. This allows me not to spend too long trying to figure out what blocks Prox without risk. The downside is that QTweb displays all ads ...
Besides, I have a recent version of Firefox (currently 44 as they introduced new annoyances from 45) in a specific sandbox for sites who only work with very recent browsers like my personal bank.
But display is much better in old version 12 of Firefox, firefox 44 is ugly and much more confusing, numerous interesting addons have been removed since, many regressions appeared. It looks like most browsers and sites are designed for smartphones displays. Very ugly and rude on PCs.
Site designers are getting mad, multiplying scripts & trackers. Some simple looking pages heve more than 100 scripts ...
Add Thank You Quote this message in a reply
May. 20, 2016, 01:40 PM
Post: #6
RE: Block CANVAS fingerprinting tracking
(May. 18, 2016 05:36 AM)JJoe Wrote:  The simple filter is to disable javascript, which... well how many people disable js.

ooh, ooh... ME... ME... Smile! Big Teeth
been doing that for YEARS *instead* of running "anti-virus" bloatware - been incident-free all those years... Big Teeth
Add Thank You Quote this message in a reply
Post Reply 


Forum Jump: