The Un-Official Proxomitron Forum
Block CANVAS fingerprinting tracking - Printable Version

+- The Un-Official Proxomitron Forum (https://www.prxbx.com/forums)
+-- Forum: Proxomitron Config Sets (/forumdisplay.php?fid=43)
+--- Forum: Sidki (/forumdisplay.php?fid=44)
+--- Thread: Block CANVAS fingerprinting tracking (/showthread.php?tid=2267)



Block CANVAS fingerprinting tracking - fpout - May. 17, 2016 12:07 PM

Hello,
I'm worrying about Canvas fingerprint tracking. Canvas fingerprinting works by exploiting the HTML5 canvas element.

Ref: https://en.wikipedia.org/wiki/Canvas_fingerprinting
Demonstration: https://panopticlick.eff.org/

I'd like to have a simple filter to remove <canvas> ... </canvas> elements.
How would it look like ?
Thanks for help.


RE: Block CANVAS fingerprinting tracking - JJoe - May. 17, 2016 02:00 PM

(May. 17, 2016 12:07 PM)fpout Wrote:  I'd like to have a simple filter to remove <canvas> ... </canvas> elements.
How would it look like ?

Code:
[Patterns]
Name = "Remove <canvas>*</canvas>"
Active = TRUE
Bounds = "<canvas*</canvas>"
Limit = 256
Match = "*"



RE: Block CANVAS fingerprinting tracking - fpout - May. 17, 2016 10:11 PM

Thanks. I use Firefox 12 & Proxo advanced mode. I tried this filter:
Code:
[Patterns]
Name = "Remove Canvas tracking 16.05.17 (jj)"
Active = TRUE
Multi = TRUE
Bounds = "<canvas*</canvas>"
Limit = 256
Match = "*"
and went to https://panopticlick.eff.org/.
I need to Allow everything in ProxoMenu to work. I tried a dozen times, filter ON & off, sometimes the test completes, sometimes not.
It goes through many redirs (Fox asks for at least 4) and result is different almost each time. Now it constantly returns "no javascript".
So I can't figure out wether this filter is sufficient or not.
Using Chrome 14 + Proxo, I get the same result (same canvas fingerprint) with filter ON & off and raising limit to 1024 still produces the same hash canvas fingerprint.


RE: Block CANVAS fingerprinting tracking - JJoe - May. 18, 2016 05:36 AM

(May. 17, 2016 10:11 PM)fpout Wrote:  So I can't figure out whether this filter is sufficient or not.

It isn't.
Panopticlick is using javascript to add the <canvas> object, see https://panopticlick.eff.org/bower/fingerprintjs2/fingerprint2.js?version=1.0.0-rc3 .
I think, canvas.toDataURL() does the fingerprinting. So to start

Code:
[Patterns]
Name = "Block Canvas fingerprinting getImageData toDataURL"
Active = TRUE
Limit = 256
Match = "canvas.(getImageData|toDataURL)\1\("
Replace = "canvas.no\1("

Of course, blocking these might make you more unique...

The simple filter is to disable javascript, which... well how many people disable js.


BTW, "Multi = TRUE", allows the filter's output to be filtered, is probably not needed.


RE: Block CANVAS fingerprinting tracking - fpout - May. 18, 2016 06:18 PM

Thank you, JJoe. I have added the latter filter to my default.cfg.

Haven't tried Panopticlick yet.

I suppose I have a good protection against tracking, using mostly Firefox 12 + Proxo with NoScript + AdBlock Plus & most available lists + Ghostery + Disconnect.
If I cannot display a site correctly, I simply open page in another browser in a specific Sandbox (Sandboxie) which is frequently deleted.
The Fox addon "Playlink" is handy for that, just right-click and the page opens in the wanted sandboxed browser. Playlink allows 5 different destination browsers, like Chrome, IE, Opera, QTweb. This allows me not to spend too long trying to figure out what blocks Prox without risk. The downside is that QTweb displays all ads ...
Besides, I have a recent version of Firefox (currently 44 as they introduced new annoyances from 45) in a specific sandbox for sites who only work with very recent browsers like my personal bank.
But display is much better in old version 12 of Firefox, firefox 44 is ugly and much more confusing, numerous interesting addons have been removed since, many regressions appeared. It looks like most browsers and sites are designed for smartphones displays. Very ugly and rude on PCs.
Site designers are getting mad, multiplying scripts & trackers. Some simple looking pages heve more than 100 scripts ...


RE: Block CANVAS fingerprinting tracking - ProxRocks - May. 20, 2016 01:40 PM

(May. 18, 2016 05:36 AM)JJoe Wrote:  The simple filter is to disable javascript, which... well how many people disable js.

ooh, ooh... ME... ME... Smile! Big Teeth
been doing that for YEARS *instead* of running "anti-virus" bloatware - been incident-free all those years... Big Teeth