Sign in / up

back to article Tor blimey, guv'nor: Firefox to try on privacy tool's Canvas gloves to leave fewer fingerprints

Mozilla has incorporated a privacy protection option pioneered by The Tor Project into Firefox's code, but plans to make the feature available only through the browser's nightly builds. For the past four years, Mozilla developers have been mulling how the Tor browser, which is based on Firefox ESR, prevents the use of the …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Anonymous Coward
    Childcatcher

    Sailing not surfing

    If you mess with <canvas> too much you will break the internet *sigh* as far as many users are concerned.

    I can't see a decent way out of this tracking nonsense without a complete rewrite of how a browser uses a webserver. At the moment there is no direct analogy for websites and with the way eyeballs work. Eyeballs passively receive photons of light -> *stuff* -> image in head. Browsers don't do that, they connect, spew loads of details about themselves with each connect and run (nearly all) whatever code is sent back.

    1 3 Reply
    1. Paul Crawford Silver badge
      Reply Icon

      Re: Sailing not surfing

      AFIK canvas fingerprinting uses small differences in GPU, compiler optimisation, etc, to show up as a different hash for the same nominal drawing.

      So why not add a 0.25 pixel random dither to the drawing? Not enough to change the rendered image to the human eye, but enough to swamp the machine-dependent differences and every drawing on the same machine is then different.

      5 0 Reply
    2. Adam 52 Silver badge
      Reply Icon

      Re: Sailing not surfing

      As someone who uses Tor Browser fairly regularly I can say that I've never noticed any ill effects at all from disabling the canvas element. No broken Internet here.

      0 0 Reply
  2. Anonymous Coward
    Anonymous Coward

    Canvas-Fingerprinting vs. Add-ons vs. 'Javascript Website Exceptions'

    Its nice Mozilla is thinking about this especially as only last month they were talking about adding more pervasive telemetry iirc. Anyway, doesn't canvas fingerprinting require JavaScript?

    If so, why not instead add Javascript 'Website Exceptions' to Firefox.... We have this for Cookies. Why not extend that to Include JavaScript and Image 'Website Exception Lists' too (like Chrome offers)...???

    Yes you can block it using Add-ons, but not if your work machine is locked-down, or there's many devices at home you're responsible for. Plus, Add-ons can come with toxic baggage too, especially if the hosting site / distrib mechanism gets hacked etc. (ccleaner etc)

    2 0 Reply
  3. Paul Crawford Silver badge

    Real question here

    Why do we need browsers to reveal so much?

    I mean I can see that time-zone is useful, and maybe a general browser identifier for handling the stupidity of IE6, etc. But why should you report any more than the "essential" fonts, if at all? Why, oh, why, report what plug-ins you are running?

    It seems a lot of this privacy issue would go away if browsers had a Sparticus mode that just reported the basic build and time-zone so anyone with a vaguely current system would have something like 4 OS choices, maybe 4 browsers, and a timezone, so less than 1k permutations for everyone in the world.

    Not quite perfect, but knowing you are a Firefox/Windows/UK-time-zone users only narrows you down to a few million (ignoring the obvious issue of IP address by assuming you care to use a VPN).

    6 0 Reply
    1. DropBear
      Reply Icon

      Re: Real question here

      "Why do we need browsers to reveal so much?"

      We really don't - but it's the way it is probably due to browsers, much like the rest of the internet, having been initially conceived to work collaboratively in some naive threat-free utopia. Most internet protocols are far beyond that phase but browsers seem still stuck at the "half-hearted token gestures" level - better than nothing but utterly ineffective in the end. Unfortunately, as long as the mindset remains "invite the server to the table the user sits at" instead of "state your business through this here crenel and feel free to try peeking in as long as you enjoy staring straight into a one watt laser" this is not likely to change.

      4 0 Reply
  4. Aodhhan

    Back to 1994

    Blocking information such as OS, client side scripting info (i.e. version of Java, flash, VBScript, Silverlight, etc.), cookies (session or otherwise), monitor resolution, encoding, etc. will likely take away all the fancy artwork and client side applications used by websites for rendering the web page.

    This means, web sites will begin to look like they did back in the mid 1990s.

    Let's hope they provide us with options to configure exactly what we want blocked and what we wish to allow, instead of an all or nothing configuration.

    1 1 Reply
    1. Cynic_999
      Reply Icon

      Re: Back to 1994

      "

      This means, web sites will begin to look like they did back in the mid 1990s.

      "

      Which would be a step in the right direction AFAIAC. Few if any long delays while pop-up adverts are fetched, no automatic video, page load times of a few seconds even at 14400Bd, no freezes due to "long running scripts" etc. And generally sleeker and less cluttered pages.

      5 0 Reply
    2. PhillW
      Reply Icon

      Re: Back to 1994

      To be honest, with the amount of crap flashing around the periphery of most web pages these days........ I'd almost look forward to 1994 style webpages, at least I'd get to read what I want without having to wait or scroll around all the time!

      2 0 Reply
    3. True Thug
      Reply Icon

      Re: Back to 1994

      Because if you only block certain things you are creating a finger ptint.

      1 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like