this post was submitted on 07 Feb 2024
59 points (98.4% liked)

Firefox

20340 readers
106 users here now

/c/firefox

A place to discuss the news and latest developments on the open-source browser Firefox.

Rules

1. Adhere to the instance rules

2. Be kind to one another

3. Communicate in a civil manner

Reporting

If you would like to bring an issue to the moderators attention, please use the "Create Report" feature on the offending comment or post and it will be reviewed as time allows.

founded 5 years ago
MODERATORS
k_o_t@lemmy.ml
golden_zealot@lemmy.ml
59
Will allowing HTML5 Canvas data in RFP fallback to FPP? (lemmy.ml)
submitted 1 year ago* (last edited 1 year ago) by puffy@lemmy.ml to c/firefox@lemmy.ml
13 comments fedilink hide all child comments
 

Since version 118+, Firefox introduced FPP (Finger Printing Protection) which is in short water downed version of RFP (Resist Finger Printing).

FPP is enabled by default from version 119 onwards if you enable ETP (Enhanced Tracking Protection).

FPP randomizes canvas data subtly than RFP, which is why RFP breaks some sites. So, my question is, if we allow canvas data extraction for a broken site will it fallback to FPP's subtle canvas randomization, or allowing it will expose canvas data completely if we have ETP enabled?

Relevant link: https://support.mozilla.org/en-US/kb/firefox-protection-against-fingerprinting

Edit: More info about HTML5 canvas fingerprinting https://webbrowsertools.com/canvas-fingerprint/

you are viewing a single comment's thread
view the rest of the comments
[–] ezchili@iusearchlinux.fyi 3 points 1 year ago* (last edited 1 year ago)

That's a big one, generating thumbnails client-side rather than running an imagemagick instance on the server to re-size pictures on upload

I used it to generate hashes of the pictures as well, once.

Adding watermarks too. There are virtuous watermarks as well, I remember having to code up a transparents watermark over people's IDs to make sure that when they submitted their renters dossier (it was a real estate renting service), it couldn't be used to commit identity theft by the homeowner later down the line or re-used for something else.