this post was submitted on 07 Feb 2024
59 points (98.4% liked)
Firefox
17301 readers
50 users here now
A place to discuss the news and latest developments on the open-source browser Firefox
founded 4 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
I can't answer your question. But I'd like to know what these funny words mean. Can someone explain to me what is html5 canvas data and all the 3 letter words are?
https://coveryourtracks.eff.org/learn https://fingerprint.com/
RFP = I'm assuming he's referring to the about:config setting in Firefox called privacy.resistFingerprinting. This blocks fingerprinting or at least does its best.
OPP = Assuming he's referring to the other about:config setting privacy.resistFingerprinting.autoDeclineNoUserInput... It should work in coordination with the previous setting, overriding the previous restriction if you allow it.
Websites want to keep track of you without relying on cookies so they create an image with text in a canvas element, take the hash value of that and assign that as your unique id that will follow you every where you go on the internet.
the more you know, thanks.
Thanks for explainaing!
Why bother creating an image though? Cant they just generate a random hash or id?
I think the point is to get a consistent unique ID that follows you around. Whatever combination of text and images they are hashing will supposedly be unique to you, based on your hardware and software configuration.
https://webbrowsertools.com/canvas-fingerprint/ has got everything you need to know about html5 canvas.
I've only worked with canvas but not the security stuff, so I can only answer you partially.
Canvas is an element that you can create with HTML5, and the HTML5 canvas data just means what has been drawn on the canvas.
Now for the FPP, RFP stuff, I'm guessing they are some ways to encrypt the canvas. If the receiving end doesn't decrypt it, the canvas is gonna be random noise.
(This part I'm really unsure about) Due to each client having a different key to encrypt and decrypt, this essentially allows others to track a certain user.