Canvas Defender, uBlock Origin: General page protection.
-
With a changing fingerprint with this extension is a fake fingerprint and useless for the webpage
>Laptop ACER, AMD Ryzen, GPU AMD RadeonΒ RAM 16GB, SSD 512GB -Win11 Home 64 v24H2| Vivaldi last stable|
π Vivaldi linksπ My Themes
-
@steffie
I was wrong in my earlier post, Webgl/canvas fingerprinting use different APIs.And what I meant to say was that a website could deduce that http connections with rapidly changing fingerprints from the same IP address and similar fingerprint - same http user agent string, TZ, plugins, installed fonts, OS, lang, etc could all be the same person/browser. Theres still alot of things that javascript can grab beyond the canvas API.
I just read that cross-browser fingerprinting is now viable and using different browsers is not going to offer 100% protection. The associated fingerprint testing site: http://uniquemachine.org .I found that simply shifting the browser window just a hair will give unique browser fingerprints.
-
@aviv said in Canvas Defender, uBlock Origin: General page protection.:
still alot of things that javascript can grab
I have to hope that my recent tinkerings with uO dynamic filtering per parallel thread, might offset this somewhat. Otherwise it's down to the supermarket to buy 100 rolls of tinfoil.
-
@aviv said in Canvas Defender, uBlock Origin: General page protection.:
Theres still alot of things that javascript can grab beyond the canvas API.
Which just keeps me going on talking about how to disable javascript as much as possible....
-
@steffie said in Canvas Defender, uBlock Origin: General page protection.:
I could not even make this Reply, til i re-enabled it for this site. Sigh.
One of my pet peeves with this forum software too - but you can whitelist JS for vivaldi.com and vivaldi.net , just add:
[*.]vivaldi.net [*.]vivaldi.comto chrome://settings/content/javascript (both are needed because cross site auth) and you can still have everything else blocked for other sites.
bug logging monkey
How to write good bug reports -
@catweazle
One problem: All people are fingerprinted but one. Who sticks out like a sore thumb?bug logging monkey
How to write good bug reports -
@morg42 said in Canvas Defender, uBlock Origin: General page protection.:
but what does it help them if they have 30 unique IDs from you for 1/2 hour of surfing? (and new unique IDs the next time you visit the site).
Correlating data by IP alone can easily circumvent that.
Facebook, Google and Amazon are everywhere and IP matching can be done on the fly.bug logging monkey
How to write good bug reports -
@quhno Generally, you're right. THough this is a different problem from fingerprinting.
And not everyone has individual or "own" IPs. Many provider don't assign public IPs but something like NAT IPs which are not visible to the outside. You could use VPNs and proxies which also aggregate many connections into a single IP.
It's like securing your home - just buying a strong front door doesn't help if your terrace door isn't locked...
-
@quhno said in Canvas Defender, uBlock Origin: General page protection.:
@catweazle
One problem: All people are fingerprinted but one. Who sticks out like a sore thumb?This happens with other Fingerprint blocker, where everyone has a fingerprint minus one, with Canvas defender all have a fingerprint, although one is not the original.
-
@quhno Thanks but that problem is obsolete now, due to me re-enabling JS in Settings, but greatly finessing my uO settings.
-
@quhno Maybe, but that's no justification to give up & do nothing. Each individual mitigation is still useful, even if not universal all by itself. It just means we need to be systematic in mitigating each different exploit. Eg, re IP address tracking, i use a VPN all the time.
Furthermore, i proactively exercise cautious choices... "Facebook, Google and Amazon" --> i never use these, by choice.
β π¦πΊ
-
@purgatori said in Canvas Defender, uBlock Origin: General page protection.:
I'd like to use a VPN all the time as well, but Netflix makes that difficult
Yeah nah. I do understand why you say that, given the annoying push NF made a year'ish ago to block VPNs. When i still used AirVPN, they managed to evade NF's efforts for months after many others fell down, but once they were cornered they gave up the fight completely. i was so pissed off with them i abandoned them. Though they're pricey, ****VPN have done me a great job since i changed to them, & that's why i continue to stream NF each night on VPN. Sadly several months ago all their London servers succumbed, so with a brief hiatus of a few nights a few months ago, i've lost the UK library. However the majority [ie, not totality] of the other servers around the globe that i've tried, when tracking down some NF show i want, have got me in under the radar.
-
@purgatori said in Canvas Defender, uBlock Origin: General page protection.:
Netflix have been very aggressive when it comes to mass banning known-VPN IP's.
That's why i censored myself. I don't want my gloating here to get picked up by some NF-bot & them then say "ah yeah, we forgot about that one, but now we've squashed it too".
Gotta go now... dinner & NF, teehee.
-
@steffie said in Canvas Defender, uBlock Origin: General page protection.:
@quhno Maybe, but that's no justification to give up & do nothing. Each individual mitigation is still useful, even if not universal all by itself. It just means we need to be systematic in mitigating each different exploit. Eg, re IP address tracking, i use a VPN all the time.
Furthermore, i proactively exercise cautious choices... "Facebook, Google and Amazon" --> i never use these, by choice.
Life is too difficult without facebook, google, amazon etc since these big entities are like public services.
I would prefer some mitigation in the form of fake throwaway facebook accounts, using startpage instead of google, creating secondary amazon accounts with prepaid credit cards or going through a forwarder.Recently google blocked adnauseam which makes me think that it could actually work if it got google worried. Instead of trying so hard to avoid picking up internet lint, going all out to trawl for cookies would be a good disguise which is what using a vpn does in principle anyway.
https://www.theregister.co.uk/2017/01/05/adnauseam_expelled_from_chrome_web_store/
https://www.wired.com/2015/11/clive-thompson-10/ -
@aviv said in Canvas Defender, uBlock Origin: General page protection.:
Life is too difficult without facebook, google, amazon etc
Hahahahahahaha. Oh c'mon.
-
@steffie
Anyone can do without them but it means not being able to keep up with friends/family, not being able to take advantage of sales and convenience of having products shipped to your doorstep. -
@aviv said in Canvas Defender, uBlock Origin: General page protection.:
Anyone can do without them...
...if they value privacy, security, not having one's personal data commodified & commercialised for profit by others, not having one's home burgled when out shopping / holidaying & stating such publicly, not succumbing to fallacious RWNJ "news" fantasies, et al.
-
@steffie said in Canvas Defender, uBlock Origin: General page protection.:
Furthermore, i proactively exercise cautious choices... "Facebook, Google and Amazon" --> i never use these, by choice.
No need to use them, they follow you unless you block them and some can't even be blocked because they don't show up directly on the page but are kind of "masked" behind the server you connect to (too complex to explain here, but you can imagine the server as a kind of proxy)
Besides the obvious trackers and analytic scripts many pages use services provided by Facebook, or Google (a plethora of Google hosted APIs, Webfonts etc. pp,) and Amazon, especially AWS and content distribution.
Depending on the specific implementation even the "masked" services can be fully aware of who of us connects to them.
Just to make it clear:
I am not saying that anyone should throw up the hands and give in, only that there is no 100% working way to protect against all kinds of fingerprinting - but we can make life a little bit harder for them. In the end they are companies who need to earn money and don't want to spend too much money to get their data.Having said all of that:
The usual company like Google, Facebook, Amazon etc is not really interested in anyone of us individually, but only in us as members of one or more groups in a lump of aggregated data, simply because it is extremely hard to predict the action of individuals, but it becomes much easier for larger groups.
They want to put us in a drawer with a label on it and from the accumulated behavior of the individuals in that drawer predict our next steps because that seems to be the only way to sell us more stuff (meaning real goods). Google is not interested in giving us search results, they only use them as a medium to bind users to that service who in return see or even click on advertisements. About the same is true for any other company which offers "free" services, they only differ marginally in their methods:
They try to do their best to convince us that those are the things we want, because with everything we buy they earn money, either directly (some percentage share) or indirectly (more advertising money). The same goes for Facebook and for Amazon (interestingly in a lesser way - too long story why). -
@steffie said in Canvas Defender, uBlock Origin: General page protection.:
...............if they value privacy, security, not having one's personal data commodified & commercialised for profit by others, not having one's home burgled when out shopping / holidaying & stating such publicly, not succumbing to fallacious RWNJ "news" fantasies, et al.
You're using an extreme example to state your argument. Obviously I didn't mean to use those internet services in a way that would reveal personal lives of people like an open book.
Not sure what you mean by your remark about RWNJ fantasies, sounds quite random or unbalanced. -
Today i have found a website that refuses to load when Canvas Defender is enabled; https://general-insurance.coles.com.au/motor/get-quote?ctype=COMP
The page is happy with each & all of Ghostery, HTTPS Everywhere, & uO [including with my enhanced dynamic filtering rules], but each time i re-enable CD the page breaks. Tested in V [latest] SS & Stable, & in Chromium 64.0.3282.140. Whitelisting this site makes it work again, but that's sub-optimal IMO.
To my recollection this is the first site i've used that seems completely incompatible with this extension. Anyone have any ideas why that might be so pls?
-
Ppafflick moved this topic from Security & Privacy on
