this post was submitted on 07 Feb 2024
59 points (98.4% liked)

Firefox

17301 readers
50 users here now

A place to discuss the news and latest developments on the open-source browser Firefox

founded 4 years ago
MODERATORS
 

Since version 118+, Firefox introduced FPP (Finger Printing Protection) which is in short water downed version of RFP (Resist Finger Printing).

FPP is enabled by default from version 119 onwards if you enable ETP (Enhanced Tracking Protection).

FPP randomizes canvas data subtly than RFP, which is why RFP breaks some sites. So, my question is, if we allow canvas data extraction for a broken site will it fallback to FPP's subtle canvas randomization, or allowing it will expose canvas data completely if we have ETP enabled?

Relevant link: https://support.mozilla.org/en-US/kb/firefox-protection-against-fingerprinting

Edit: More info about HTML5 canvas fingerprinting https://webbrowsertools.com/canvas-fingerprint/

you are viewing a single comment's thread
view the rest of the comments
[–] NorthWestWind 0 points 9 months ago

I've only worked with canvas but not the security stuff, so I can only answer you partially.

Canvas is an element that you can create with HTML5, and the HTML5 canvas data just means what has been drawn on the canvas.

Now for the FPP, RFP stuff, I'm guessing they are some ways to encrypt the canvas. If the receiving end doesn't decrypt it, the canvas is gonna be random noise.

(This part I'm really unsure about) Due to each client having a different key to encrypt and decrypt, this essentially allows others to track a certain user.