1
0
mirror of https://github.com/kkapsner/CanvasBlocker synced 2024-10-31 18:38:45 +01:00
Go to file
2017-12-19 23:15:31 +01:00
_locales Changed pre-intercept to block 2017-12-11 20:59:56 +01:00
.documentation Updated settings screenshot 2017-12-15 09:12:07 +01:00
.github Improved issue template 2017-12-17 12:00:09 +01:00
.vscode Added vscode task for run in ESR 2017-11-07 19:51:25 +01:00
icons Improved design of the page action display. 2017-10-14 12:24:53 +02:00
lib Do not struggle on unknown settings. 2017-12-19 23:04:03 +01:00
options Re-added white, black and ignore list 2017-12-18 23:17:18 +01:00
pageAction Hide lists 2017-12-03 23:58:54 +01:00
test Added timing to settings loading test 2017-12-18 23:17:55 +01:00
.eslintrc.json Centralized settings management 2017-11-07 00:36:44 +01:00
.gitattributes 💥🐫 Added .gitattributes 2014-07-31 03:04:18 +02:00
.gitignore Changed printed icon to right size. 2017-09-17 01:23:55 +02:00
LICENSE.txt Added MPL 2015-01-16 13:05:40 +01:00
manifest.json Switch to using beta channel 2017-12-19 00:28:42 +01:00
README.md Updated release notes and readme. 2017-09-24 00:06:03 +02:00
releaseNotes.txt Updated release notes. 2017-12-19 23:15:31 +01:00

This add-on allows users to prevent websites from using the Javascript <canvas> API to fingerprint them. Users can choose to block the <canvas> API entirely on some or all websites (which may break some websites) or just block or fake its fingerprinting-friendly readout API. More information on <canvas> fingerprinting can be found at http://www.browserleaks.com/canvas.

The different block modes are:

  • block readout API: All websites not on the white list or black list can use the <canvas> API to display something on the page, but the readout API is not allowed to return values to the website.
  • fake readout API: Canvas Blocker's default setting, and my favorite! All websites not on the white list or black list can use the <canvas> API to display something on the page, but the readout API is forced to return a new random value each time it is called.
  • fake at input: on display of text the drawn pixels get modified slightly. This makes the detection of the add-on harder but is less secure. On WebGL-canvas the behaviour is identical to "fake readout API".
  • ask for readout API permission: All websites not on the white list or black list can use the <canvas> API to display something on the page, but the user will be asked if the website should be allowed to use the readout API each time it is called.
  • block everything: Ignore all lists and block the <canvas> API on all websites.
  • allow only white list: Only websites in the white list are allowed to use the <canvas> API.
  • ask for permission: If a website is not listed on the white list or black list, the user will be asked if the website should be allowed to use the <canvas> API each time it is called.
  • block only black list: Block the <canvas> API only for websites on the black list.
  • allow everything: Ignore all lists and allow the <canvas> API on all websites.

Special thanks to:

  • spodermenpls for finding all the typos
  • Thorin-Oakenpants for the icon idea