this post was submitted on 07 Feb 2024
59 points (98.4% liked)

Firefox

17301 readers
50 users here now

A place to discuss the news and latest developments on the open-source browser Firefox

founded 4 years ago
MODERATORS
 

Since version 118+, Firefox introduced FPP (Finger Printing Protection) which is in short water downed version of RFP (Resist Finger Printing).

FPP is enabled by default from version 119 onwards if you enable ETP (Enhanced Tracking Protection).

FPP randomizes canvas data subtly than RFP, which is why RFP breaks some sites. So, my question is, if we allow canvas data extraction for a broken site will it fallback to FPP's subtle canvas randomization, or allowing it will expose canvas data completely if we have ETP enabled?

Relevant link: https://support.mozilla.org/en-US/kb/firefox-protection-against-fingerprinting

Edit: More info about HTML5 canvas fingerprinting https://webbrowsertools.com/canvas-fingerprint/

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 7 points 9 months ago* (last edited 9 months ago) (2 children)

https://coveryourtracks.eff.org/learn https://fingerprint.com/

RFP = I'm assuming he's referring to the about:config setting in Firefox called privacy.resistFingerprinting. This blocks fingerprinting or at least does its best.

OPP = Assuming he's referring to the other about:config setting privacy.resistFingerprinting.autoDeclineNoUserInput... It should work in coordination with the previous setting, overriding the previous restriction if you allow it.

Websites want to keep track of you without relying on cookies so they create an image with text in a canvas element, take the hash value of that and assign that as your unique id that will follow you every where you go on the internet.

[–] [email protected] 1 points 9 months ago

the more you know, thanks.

[–] [email protected] 1 points 9 months ago (1 children)

Thanks for explainaing!

Why bother creating an image though? Cant they just generate a random hash or id?

[–] [email protected] 1 points 9 months ago

I think the point is to get a consistent unique ID that follows you around. Whatever combination of text and images they are hashing will supposedly be unique to you, based on your hardware and software configuration.