Reviews for CanvasBlocker
CanvasBlocker by kkapsner
Review by ezekielk
Rated 1 out of 5
by ezekielk, 6 years agoAfter installing this add-on, Panopticlick's test shows I have zilch protection from fingerprinting. The author claims that the unique fingerprint is different each time you test it, but that's just not true...almost everything remains unchanged. Most alarming: also true for both hash numbers.
Edit: Responding to your comment: I have tested via Panopticlick many times, reloading the page, or opening a new page and testing again. I get no difference from one test to another, including the two hash numbers, which always remain the same. Shuffling people off to Github's CanvasBlocker issues is not the answer! I've tried another fingerprint hider that is also highly rated (Antifingerprint), and likewise it doesn't work. According to EFF, there is no solution yet...and is why they don't recommend any anti-fingerprint add-on, nor have made their own. And they're pretty much the last word re. online security. See:
https://www.eff.org/press/mentions/2010/11/30-0
People are just fooling themselves if they think any anti-fingerprint add-on really works.
Edit 2: I'm not interested in reporting to Github, I doubt anything will be done about it, as I am not the only person who gets failed protection with CanvasBlocker. Opening a ticket with Github would be like plunking a message down a bottomless, black pit. Panopticlick may be 10 years old, but it still maintains accurate results...what is there to update? I have privacy.resistFingerprinting set to "false," BTW...though I did have it on "true" for awhile. Doesn't seem to make any difference with Panopticlick. As for "persistent random number generator enabled," there is no such option in about:config. My point is this: if your add-on actually worked, Mozilla would've made you rich by purchasing the rights to embed it in their browser.
Edit: Responding to your comment: I have tested via Panopticlick many times, reloading the page, or opening a new page and testing again. I get no difference from one test to another, including the two hash numbers, which always remain the same. Shuffling people off to Github's CanvasBlocker issues is not the answer! I've tried another fingerprint hider that is also highly rated (Antifingerprint), and likewise it doesn't work. According to EFF, there is no solution yet...and is why they don't recommend any anti-fingerprint add-on, nor have made their own. And they're pretty much the last word re. online security. See:
https://www.eff.org/press/mentions/2010/11/30-0
People are just fooling themselves if they think any anti-fingerprint add-on really works.
Edit 2: I'm not interested in reporting to Github, I doubt anything will be done about it, as I am not the only person who gets failed protection with CanvasBlocker. Opening a ticket with Github would be like plunking a message down a bottomless, black pit. Panopticlick may be 10 years old, but it still maintains accurate results...what is there to update? I have privacy.resistFingerprinting set to "false," BTW...though I did have it on "true" for awhile. Doesn't seem to make any difference with Panopticlick. As for "persistent random number generator enabled," there is no such option in about:config. My point is this: if your add-on actually worked, Mozilla would've made you rich by purchasing the rights to embed it in their browser.
Developer response
posted 6 years agoThe hashes change for me if I hit "Re-test your browser". Depending on the CB settings the hashes may stay the same (Random number generator). Please open an issue at https://github.com/kkapsner/CanvasBlocker/issues with your settings. Then we investigate the problem further.
Edit in response to your edit: if the hash does not change for you with CanvasBlocker it might be a bug and I want to investigate it further. But this review page is a very bad communication channel for such things (e.g. I did not get any notification that you edited your review and you have no way to actually respond). That's why you should create an issue at Github. It's not about "shuffling people off". It's about better communication and actually solving the problem and/or getting better insight.
The EFF investigation is 10 years old (CB is "only" 5 years old) and I think some improvements were made in the meantime. I can only repeat myself: on https://panopticlick.eff.org/ I get different hashes when I click "Re-test your browser".
I have two ideas why you get the same hash:
1. you have privacy.resistFingerprinting enabled which also protects canvas (see https://github.com/kkapsner/CanvasBlocker/issues/158 and https://github.com/ghacksuserjs/ghacks-user.js/issues/767 for further information)
2. you have the persistent random number generator enabled (stealth preset)
In response to your edit2: it's OK if you do not want to report a Github. At the moment I have no issue open at Github were the protection is not working - I try to solve them as quick as possible. Sometimes it's a CB bug and sometimes it's a misconfiguration or misunderstanding. If you know of other persons with failed protection maybe they want to help me to solve this issue. Without the complete details of the system and some sort of reproduction scenario I have no way of knowing what is going wrong.
I do not know which bad experiences you had with Github but it's simply a development platform and the kind of responses/interaction can vary very much between repositories. It all depends on people.
I had several issue with exactly the same symptom (hash not changing - like https://github.com/kkapsner/CanvasBlocker/issues/199 with Panopticlick or the most recent one being https://github.com/kkapsner/CanvasBlocker/issues/425). All of them were resolved or I had do close them because I did not get an answer for my following up questions that I have to prompt to solve the issue.
I do not say that Panopticlick does not maintain accurate results. I simply say that some people try to solve the problem in the last 10 years and made progress (the most know is the TOR Browser and the Firefox uplift privacy.resistFingerprinting). I know that CanvasBlocker is not perfect and there will be other fingerprinting techniques and attack vectors in the future that CB does not cover at the moment. But at the moment (and especially with the Canvas hashes on Panopticlick) it's working fine.
The "random number generator" is a setting withing the CanvasBlocker settings - I could show you a screenshot of where to find it if we were on Github...
It is set to "persistent" if you selected the "stealth" preset upon installation.
I do not see a point why Mozilla would want to buy my add-on. If they would want to incorporate it into their browser they simply could to it as it's open source and the licence allows the usage for non commercial usage (and they do charge money for Firefox). There are loads of good add-ons that work and that are not integrated into Firefox. That's the idea and beauty of Firefox: you can customize it.
Edit in response to your edit: if the hash does not change for you with CanvasBlocker it might be a bug and I want to investigate it further. But this review page is a very bad communication channel for such things (e.g. I did not get any notification that you edited your review and you have no way to actually respond). That's why you should create an issue at Github. It's not about "shuffling people off". It's about better communication and actually solving the problem and/or getting better insight.
The EFF investigation is 10 years old (CB is "only" 5 years old) and I think some improvements were made in the meantime. I can only repeat myself: on https://panopticlick.eff.org/ I get different hashes when I click "Re-test your browser".
I have two ideas why you get the same hash:
1. you have privacy.resistFingerprinting enabled which also protects canvas (see https://github.com/kkapsner/CanvasBlocker/issues/158 and https://github.com/ghacksuserjs/ghacks-user.js/issues/767 for further information)
2. you have the persistent random number generator enabled (stealth preset)
In response to your edit2: it's OK if you do not want to report a Github. At the moment I have no issue open at Github were the protection is not working - I try to solve them as quick as possible. Sometimes it's a CB bug and sometimes it's a misconfiguration or misunderstanding. If you know of other persons with failed protection maybe they want to help me to solve this issue. Without the complete details of the system and some sort of reproduction scenario I have no way of knowing what is going wrong.
I do not know which bad experiences you had with Github but it's simply a development platform and the kind of responses/interaction can vary very much between repositories. It all depends on people.
I had several issue with exactly the same symptom (hash not changing - like https://github.com/kkapsner/CanvasBlocker/issues/199 with Panopticlick or the most recent one being https://github.com/kkapsner/CanvasBlocker/issues/425). All of them were resolved or I had do close them because I did not get an answer for my following up questions that I have to prompt to solve the issue.
I do not say that Panopticlick does not maintain accurate results. I simply say that some people try to solve the problem in the last 10 years and made progress (the most know is the TOR Browser and the Firefox uplift privacy.resistFingerprinting). I know that CanvasBlocker is not perfect and there will be other fingerprinting techniques and attack vectors in the future that CB does not cover at the moment. But at the moment (and especially with the Canvas hashes on Panopticlick) it's working fine.
The "random number generator" is a setting withing the CanvasBlocker settings - I could show you a screenshot of where to find it if we were on Github...
It is set to "persistent" if you selected the "stealth" preset upon installation.
I do not see a point why Mozilla would want to buy my add-on. If they would want to incorporate it into their browser they simply could to it as it's open source and the licence allows the usage for non commercial usage (and they do charge money for Firefox). There are loads of good add-ons that work and that are not integrated into Firefox. That's the idea and beauty of Firefox: you can customize it.
450 reviews
- Rated 1 out of 5by NameOfDisplay, 9 days agoI like the concept of the addon but this is basically useless until the developer explains literally anywhere how to add sites to the whitelist and the settings page doesn't absolutely suck.
Only really useful if you are the developer and understand all of the obtuse menu options. - Rated 4 out of 5by Mikaela, 16 days ago
- Rated 5 out of 5by BrunoFontes.Net, 23 days ago
- Rated 3 out of 5by Firefox user 19062474, 23 days agoNo instructions on how to use it. Not intuitive to use. I have not a clue if it is doing anything because of this. I will leave it on incase it is working. It would be better as an app to work all the time my device is on rather than just inside my browser.
- Rated 5 out of 5by thevoid, a month ago
- Rated 5 out of 5by Сырное, a month ago
- Rated 4 out of 5by Firefox user 12814982, a month agoAn sich ein wirklich klasse AddOn, was Webseiten definitiv zu schaffen macht.
Leider bremmst es den Browser je nach Seite extrem aus.
Gerade Karten-Webseiten wie z.B. Google Maps sind teilweise unbenutzbar, wenn der CanvasBlocker zuschlägt.
Der Blocker von Firefox selbst, ist hier etwas harmloser, dafür aber auch von der Block-Qualität schlechter. - Rated 5 out of 5by Rinshun, a month ago
- Rated 5 out of 5by Firefox user 18642424, 2 months ago
- Rated 1 out of 5by Firefox user 14186837, 2 months agoMade my rating on EFF's CoverYourTrack tool worse!
- Rated 5 out of 5by Sonya, 2 months ago
- Rated 5 out of 5by Firefox user 17288647, 2 months agoThis is a game changer. This security add-on compliments your VPN and enhances the security of your web surfing experience. You should include this as one part of your layered strategy security plan.
- Rated 5 out of 5by josh L., 2 months ago
- Rated 5 out of 5by t3 ur u4 to c3, 2 months agoits good but it would be great if right-clicking on the extension also had an option to temporarily disable it for testing purposes
- Rated 5 out of 5by Firefox user 18973328, 2 months ago
- Rated 4 out of 5by B00T987, 2 months agoI love this extension! However its a bit hard to use, because you have to uninstall, and reinstall the extension to open up the easy to use settings picker. If you change your settings as often as I do, if not then this is an easy 5/5 extension.
- Rated 1 out of 5by HedgehogInTheCPP, 2 months ago
- Rated 4 out of 5by AnoniM0US3, 3 months agothe addon prevents "youtube comment search" addon from working
is there a way to fix this, without having to turn canvasblocker off each time?
or even better: can i block or unblock each element separately, until i find the culprit? (the way "NoScript" addon visualized this is very beginner userfriendly)
thank you - Rated 5 out of 5by Firefox user 18369793, 3 months ago
- Rated 4 out of 5by Sembler, 3 months ago
- Rated 5 out of 5by Firefox user 15514956, 3 months ago
- Rated 5 out of 5by woam, 3 months ago
- Rated 2 out of 5by Firefox user 18936765, 3 months agoI don't know why I use this as every fingerprint test website tells me I'm unique...out of millions of users.....
- Rated 1 out of 5by Pedro Henrique, 3 months agoThis trash simply breaks any website Captha. Even reducing the preset don't work.