While I once hoped 2017 would be the year of privacy, 2024 closes on a troubling note, a likely decrease in privacy standards across the web. I was surprised by the recent Information Commissioner’s Office post, which criticized Google’s decision to introduce device fingerprinting for advertising purposes from February 2025. According to ICO, this change risks undermining user control and transparency in how personal data is collected and used.
Who’s going to get rich making the app that actively trashes this data before it can be read by fingerprinting-ware? Because shut up and take my money.
https://addons.mozilla.org/en-US/firefox/addon/canvasblocker/
I dropped it after years of use because apparently it’s redundant to native mechanisms now while causing more issues.
Not an exhaustive solution which results in easier unique fingerprinting. Plus Firefox already randomizes Canvas noise with both FPP or RFP modes (FPP is default).
There are online tests for it to determine whether you become more or less unique. The defaults in the extension are carefully set to minimize uniqueness, based on my research and per the docs. You’ll note it ones or fakes more than just the canvas API.
I was using this before ff added it’s own noise system or of necessity.
Online tests of uniqueness are skewed by the population who uses them, aka privacy-conscious aren’t the typical user even if a dataset overrepresents.
My point was introducing Canvas noise isnt going to make you less fingerprintable, actually quite the opposite. Firefox’s RFP is much better at normalizing fingerprintable metrics and is native. Canvas is one of many many other fingerprinting vectors.
If you go the route of trying to protect against fingerprinting through randomization, use the extension JShelter which seems to do much more noise than Canvas blocker does. I am still very skeptical of it (and other anti-fingerprinting extensions) because of how complex fingerprinting is.
So I’ve heard and read. Fwiw, I was reading into the state of the art many years ago when fingerprinting was more nascent, I expect it’s matured and gotten yet more advanced in the time since (unfortunately).
Guess I gotta pause working on interesting, net-positive work for a little bit to see where things are, and how to properly combat it, lest I give out poor advice again.
Fingerprinting is a complex beast and nearly impossible protect against. RFP (created and upstreamed by Tor Browser) protects and normalizes most fingerprintable metrics (timezone, display viewport dimensions, user agent, audio devices, installed system languages/fonts, etc) to a stable value for each Firefox version. Canvas is the only metric which is randomized. The purpose of this is to create a shared stable browser fingerprint for all RFP users, creating a crowd for people to blend in with each other.
While RFP is strong, its anti-fingerprinting strategy was created for Tor Browser, which users are not supposed to customize. The same can not be expected of all other Firefox users, resulting in most users being much easier to distinguish from each other. RFP also can cause some site breakage and doesnt offer a granular way to toggle specific features per website (eg. Canvas protections breaks your webcam in conference calls).
There is no good solution. Best options are use Firefox (or a fork like Librewolf) for casual use, and Mullvad/Tor Browser for more critical situations. Always use uBlock Origin (except with Tor).
On the Chromium-side, Cromite and Brave randomize some fingerprintable metrics, but they aren’t as exhaustive and aren’t upstreamed to Chromium (for obvious reasons).