security-and-privacy/CanvasBlocker
security-and-privacy
/
CanvasBlocker
mirror of https://github.com/kkapsner/CanvasBlocker
1
0
Fork 0
Code Releases Activity
566 Commits 81 Branches 113 Tags 12 MiB
JavaScript 87.4%
HTML 6%
CSS 4.1%
PHP 2.5%
Go to file
kkapsner 08192b1cce Changes for release submission 2018-10-13 12:35:40 +02:00
.documentation Updated documentation. 2018-09-05 16:42:57 +02:00
.github Improved issue template 2017-12-17 12:00:09 +01:00
.tools Removed unused messages 2018-09-23 12:56:16 +02:00
.vscode Added task to open git UI 2018-10-13 12:30:49 +02:00
_locales Merge pull request #284 from micrococo/master 2018-10-12 18:33:55 +02:00
browserAction Search in browser action did not work every time. 2018-10-09 20:44:13 +02:00
icons Merge branch 'whitelistedIndicator' 2018-09-16 14:08:00 +02:00
lib Added search field to browser page popup 2018-10-09 12:59:53 +02:00
options Typos 2018-10-10 00:24:15 +02:00
pageAction Separated setting containers 2018-09-16 01:22:40 +02:00
test Added description of how to use the detection test 2018-10-09 13:11:38 +02:00
.eslintrc.json Centralized settings management 2017-11-07 00:36:44 +01:00
.gitattributes 💥🐫 Added .gitattributes 2014-07-31 03:04:18 +02:00
.gitignore Updated gitignore 2017-12-19 23:56:07 +01:00
LICENSE.txt Added MPL 2015-01-16 13:05:40 +01:00
README.md Added thank for the Spanish translation 2018-09-13 23:02:17 +02:00
canvasblocker.xpi Changes for release submission 2018-10-13 12:35:40 +02:00
manifest.json Version 0.5.5 2018-09-23 13:18:15 +02:00
releaseNotes.txt Added search field to browser page popup 2018-10-09 12:59:53 +02:00

README.md

This add-on allows users to prevent websites from using the Javascript <canvas> API to fingerprint them. Users can choose to block the <canvas> API entirely on some or all websites (which may break some websites) or just block or fake its fingerprinting-friendly readout API. More information on <canvas> fingerprinting can be found at http://www.browserleaks.com/canvas.

The different block modes are:

  • block readout API: All websites not on the white list or black list can use the <canvas> API to display something on the page, but the readout API is not allowed to return values to the website.
  • fake readout API: Canvas Blocker's default setting, and my favorite! All websites not on the white list or black list can use the <canvas> API to display something on the page, but the readout API is forced to return a new random value each time it is called.
  • fake at input: on display of text the drawn pixels get modified slightly. This makes the detection of the add-on harder but is less secure. On WebGL-canvas the behaviour is identical to "fake readout API".
  • ask for readout API permission: All websites not on the white list or black list can use the <canvas> API to display something on the page, but the user will be asked if the website should be allowed to use the readout API each time it is called.
  • block everything: Ignore all lists and block the <canvas> API on all websites.
  • allow only white list: Only websites in the white list are allowed to use the <canvas> API.
  • ask for permission: If a website is not listed on the white list or black list, the user will be asked if the website should be allowed to use the <canvas> API each time it is called.
  • block only black list: Block the <canvas> API only for websites on the black list.
  • allow everything: Ignore all lists and allow the <canvas> API on all websites.

Protected "fingerprinting" APIs:

  • canvas 2d
  • webGL
  • audio
  • history
  • window (disabled by default)
  • DOMRect

Special thanks to:

  • spodermenpls for finding all the typos
  • Thorin-Oakenpants for the icon idea
  • anthologist for the Italian translation
  • Maleficient for the French translation
  • yfdyh000 for the Chinese translation
  • micrococo for the Spanish translation

If you want to support this addon you can donate to the following bitcoin address: 159Y9BLcfHyrp6wj6f3syEuk92xkRVTiie