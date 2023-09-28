We will be updating the Forum on Wednesday, 18th of October between 12:30 and 14:30 (UTC) (see the time in your time zone). During this time you may experience some downtime. Thanks in advance for your patience. 🙂
HTML5 Canvas Fingerprinting Blocking/Spoofing Extensions are now NFG in Vivaldi. 😱
without any of my usual ironic deliberately OTT histrionics, today i've been genuinely shocked by an accidental discovery in my snappie [
Vivaldi 6.3.3134.3 / Chrome 116.0.5845.195]. i used to do this test frequently, but stopped bothering with it some years ago [as the extension was always doing its intended spoofing, 100% of my tests], hence now have no idea just how long [weeks, months, years?] my snappie's
html5 canvas fingerprinthas been freely available to the interwebz, unspoofed by my now-broken extension of numerous years. bloody hell.
after finding the problem in my
defaultprofile, i then retested in a
virginprofile, but in both cases... nfg ... snappie's real fingerprint remains available. i then tested in
chromium, in which i'd also installed this extension many years ago for the same reason, & found that there it continues to work correctly. not terribly relevant, but just for background info, it also continues to work fine in
firefox nightly. Ie, this extension breakage is unique to vivaldi. sigh.
- test site: https://browserleaks.com/canvas
- original extension, now broken in v: https://chrome.google.com/webstore/detail/canvas-blocker-fingerprin/nomnklagbgmgghhjidfhnoelnjfndfpd
- additional extensions subsequently tested, one at a time, in virgin profile [all also nfg]:
does anyone
who reads thishave any clever insights pls?
i feel another retreat from v is firming in my bones, unless someone knows some remediating magic, coz knowingly browsing the interwebz with my
html5 canvas fingerprintunspoofed, is entirely anathema for me.
stilgarwolf
@ybjrepnfr I'm using JShelter.
I used Trace before, but it is no loger updated.
@stilgarwolf thank you, but ...
JShelterafaict seems aimed at trying to do vastly more than i want here [but also, not doing the actual thing i want]. i already use
uBOin
hard modefor comprehensive js protection, so i have no need nor desire for any duplicated functionality in that area. as for my actual need [following today's shock revelation], finding a putative replacement
html5 canvas fingerprintspoofer, i simply find the settings & so-called "help" info of this extension utterly incomprehensible & impenetrable. all i know is that after installing it in my virgin profile & doing multiple reloads of the https://browserleaks.com/canvas tab, the same unique
html5 canvas fingerprintas before continually appears, denoting that this extension is just as useless for me as all the others i tested & mentioned above.
this is really quite dreadful. since returning to snappie from nightly this latest time, v has been pretty good to use [other than ofc its inferior tab stacking ], but this discovery today, & the apparent inability to work around it, now makes ongoing v use unviable. i'm pretty sad about this, but now of necessity, it's back to nightly yet again.
stilgarwolf
@ybjrepnfr Exiting and restarting Vivaldi make JShelter to change the fingerprint, method which I prefer. Chaging the fingerprint on refresh means "random", which means "unique" if only the canvas is randomized. That's why I prefer JShelter and Trace which randomize much more parameters.
Vivaldi 6.4.3149.7 / Chrome 118.0.5993.33still fails at https://browserleaks.com/canvas [ie, extension
Canvas Blocker - Fingerprint Protectstill fails to generate a random
Canvas Fingerprint Signature, despite still working fine in
chromium&
firefox(& despite historically also working fine in
vivaldi)].
ergo, still, of unfortunate necessity...
@stilgarwolf, that is the point, there are methods to block or spoof fingerprinds, but this can break some pages, better to give a random fake fingerprint, which may be unique, but it won't work for an ID, Trace use this method, JShelter use a new Fingerprint on every domain, method which also is valid, because avoid cross tracking with third parties. Trace is maybe better, but it's sadly been abandoned for several years. It still works, but FOSS without maintenance or updates can be a security risk and without guarantees nor support.
@ybjrepnfr Good job -sucks though that Vivaldi can be that unreliable-. Reported as
VB-100410
Streptococcus
Pale Moon has a setting called canvas poisoning, which gives a different random ID number every time the page is reloaded. Neither Trace nor JShelter seems to do that.
-
@Streptococcus yes, that function you described is what https://chrome.google.com/webstore/detail/canvas-blocker-fingerprin/nomnklagbgmgghhjidfhnoelnjfndfpd used to do in
snappies, & still does in
chromium&
firefox.
@npro said in HTML5 Canvas Fingerprinting Blocking/Spoofing Extensions are now NFG in Vivaldi. :
Reported as VB-100410
oh wow, you created a vb for it? thanks heaps . i didn't bother, as i simply fatalistically assumed that the devs will not be interested in this at all & will never bother trying to fix it. ah, the
yearsum monthserm weeks here have wearied & soured me...
after each snappie update from now on, i shall fire up v & recheck, but until/unless they do fix it, my days with v are over. i remain simply shocked at this chance discovery.
-
@ybjrepnfr i've looked at some of my vm's that i've not updated for a while, trying to find older v's that still worked with this extension. so far, it's looking like this breakage, ergo fixed Canvas Fingerprint Signature instead of random every reload, happened pretty long ago, which now shocks me even more [& fwiw, personally annoys me that i lazily took my eyes off this ball years ago]. Eg:
- vivaldi stable
6.1.3035.257 / Chrome 114.0.5735.321= already broken!
- vivaldi stable
@ybjrepnfr That's nothing... I checked it yesterday and last working version was
5.5of last year... looking very bad.
-
@npro oh wow, great work, well done... but tbh really shitty news!
a wee bit ranty [gasp!]
i'm just so mad at myself about this. back in
Ye Olden Dayesof v, i ran that check frequently, over a long period, but eventually after several years with 100% success rates, i told myself i was just being an idiot & to stop bothering... so, i stopped bothering. when i discovered this t'other day, it was, as i said, genuinely accidental, whilst i was looking to do something else, & clicked the wrong link at the browserleaks site.
all the damn time i've wasted with my frequent jumps back & forth from snappie to nightly to snappie to nightly to... had i still been doing those tests, i would have saved myself all that later time & effort... d'oh.
so, atop other historic grumbles i've had about v's chromium base wrt privacy, vs v's public-facing boasts of being user-privacy-centric, this now frankly stinks. for v users to have, atm, afaict, no way to protect themselves against sites collecting their unique
HTML5 Canvas Fingerprint Signature, when that same extension still works fine in chromium & firefox to randomise their print, is just really bad.
all my moaning & whining & pleading & joking about v needing
tstjust falls by the wayside now. if the next snappie suddenly had a sensational implementation of
tst, i'd still not return to it, now that i know of this bad privacy problem.
sigh.
-
@ybjrepnfr this isn't your fault ofc, I didn't check it either as I was never expecting that. It certainly leaves a very bad taste in the mouth. Re extensions the only one that seem to be doing something is @stilgarwolf 's JShelter indeed.