1
0
mirror of https://github.com/kkapsner/CanvasBlocker synced 2025-01-21 19:08:39 +01:00
2015-05-07 00:37:34 +02:00

2.3 KiB

This add-on allows users to prevent websites from using the Javascript <canvas> API to fingerprint them. Users can choose to block the <canvas> API entirely on some or all websites (which may break some websites) or just block or fake its fingerprinting-friendly readout API. More information on <canvas> fingerprinting can be found at http://www.browserleaks.com/canvas.

The different block modes are:

  • block readout API: All websites not on the white list or black list can use the <canvas> API to display something on the page, but the readout API is not allowed to return values to the website.
  • fake readout API: Canvas Blocker's default setting, and my favorite! All websites not on the white list or black list can use the <canvas> API to display something on the page, but the readout API is forced to return a new random value each time it is called.
  • ask for readout API permission: All websites not on the white list or black list can use the <canvas> API to display something on the page, but the user will be asked if the website should be allowed to use the readout API each time it is called.
  • block everything: Ignore all lists and block the <canvas> API on all websites.
  • allow only white list: Only websites in the white list are allowed to use the <canvas> API.
  • ask for permission: If a website is not listed on the white list or black list, the user will be asked if the website should be allowed to use the <canvas> API each time it is called.
  • block only black list: Block the <canvas> API only for websites on the black list.
  • allow everything: Ignore all lists and allow the <canvas> API on all websites.

Firefox's native PDF reader uses the <canvas> API to display PDF content, so blocking it for MIME-content type of "*/pdf" will prevent the PDF reader from working. Therefore, the <canvas> API is enabled for PDFs by default, but it can be disabled without affecting the block mode setting.

At present, only my domain (kkapsner.de) is whitelisted by default.

Please report issues and feature requests at https://github.com/kkapsner/CanvasBlocker/issues

A highly experimental version for Android is available at https://github.com/kkapsner/CanvasBlocker/tree/android