Skip to content
This repository has been archived by the owner on Dec 11, 2019. It is now read-only.

Block (most) canvas and webgl fingerprinting by default #1354

Merged
merged 3 commits into from
Apr 17, 2016
Merged

Block (most) canvas and webgl fingerprinting by default #1354

merged 3 commits into from
Apr 17, 2016

Conversation

diracdeltas
Copy link
Member

This blocks the most common methods of webgl/canvas fingerprinting that rely on scripts like https://github.com/Valve/fingerprintjs2/blob/49e2c11cf08c13e12bf38185cec9ae159025e526/fingerprint2.js. The detection method is adapted from https://github.com/EFForg/privacybadgerchrome.

TODOs:

  • Doesn't seem to work 100% of the time, perhaps due to a race condition where the page accesses canvas/gl properties before the content script is loaded.
  • This should have a corresponding pref. Probably set to default-off until we have a prompt that lets the user whitelist canvas/gl fingerprinting on a per-site basis.

Test case: see the results on https://panopticlick.eff.org/results?#fingerprintTable for fingerprint and webgl before and after this change.

Fix #694

@diracdeltas
Block high-entropy canvas writes and all canvas reads
1d365ba 
Using the method from Privacy Badger. This fails on sites whose CSP
forbids inline script, like github.
@diracdeltas
Add more canvas/webgl read detection
478ad8b
@diracdeltas diracdeltas mentioned this pull request Apr 14, 2016
Closed
bbondy
bbondy reviewed Apr 17, 2016
View reviewed changes
app/extensions/brave/locales/en-US/preferences.l20n
@@ -38,6 +38,7 @@
<bookmarks "Bookmarks">
<openedTabs "Open tabs">
<doNotTrack "Send a 'Do Not Track' header with browsing requests (requires browser restart)">
<blockCanvasFingerprinting "Block HTML canvas and WebGL fingerprinting">
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

might be good to add a warning here that it could break some pages.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

will do

@bbondy
Copy link
Member

bbondy commented Apr 17, 2016

Sorry for the delay, looks good adn thanks.

@bbondy bbondy merged commit 1dd2048 into master Apr 17, 2016
@diracdeltas diracdeltas deleted the fix/canvas-fingerprint branch September 22, 2016 23:36
@luixxiul luixxiul added this to the 0.9.2dev milestone Oct 6, 2016
@jonathansampson jonathansampson mentioned this pull request Dec 2, 2016
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
feature/shields misc/fingerprinting
Projects
None yet
Milestone
0.9.2dev
Development

Successfully merging this pull request may close these issues.
4 participants
@diracdeltas @bbondy @garvankeeley @luixxiul