I’ve used this. The only annoyance is that all the on-screen timestamps remain in UTC because JS has no idea what timesone you’re in.
I get that TZ provides a piece of the fingerprint puzzle, but damn it feels excessive.
Comment on Digital Fingerprinting: Google launched a new era of tracking worse than cookie banners | Tuta
Bogasse@lemmy.ml 3 days ago
So I guess for Firefox users it’s time to enable the resist fingerprinting option ? support.mozilla.org/…/resist-fingerprinting
pHr34kY@lemmy.world 3 days ago
treadful@lemmy.zip 3 days ago
And automatic darkmode isn’t respected, and a lot of other little annoyances. That’s why this is so difficult. These are all incredibly useful features we would have to sacrifice for privacy.
Slax@sh.itjust.works 3 days ago
Wait is that why my Firefox giving me errors when I try to log into websites with 2FA?
sem@lemmy.blahaj.zone 3 days ago
Why does it do this?
- Math operations in JavaScript may report slightly different values than regular.
PS grateful for this option!
grinde@programming.dev 3 days ago
Some math functions have slightly different results depending on architecture and OS, so they fuzz the results a little. Here’s a tor issue discussing the problem: gitlab.torproject.org/legacy/trac/-/issues/13018
Bogasse@lemmy.ml 3 days ago
But one question I’ve been asking myself is : then, wouldn’t I be fingerprinted as one of the few nerds who activated the resist fingerprinting option?
sugar_in_your_tea@sh.itjust.works 2 days ago
Just use Tor browser if you want to blend in. Some sites will probably not work, and I don’t suggest accessing banks with it, but it works well for regular browsing.
Ulrich@feddit.org 3 days ago
I mean it doesn’t hurt but as far as I can tell, it doesn’t actually block fingerprinting, it blocks domains known to collect and track your activity. The entire web is run on Google domains so that would be nearly impossible to block.
ZiemekZ@lemmy.world 3 days ago
Privacy Badger anyone?
Bogasse@lemmy.ml 3 days ago
But does privacy badger also act on the canvas APIs & cie. ?
ookiiBoy@lemmy.blahaj.zone 3 days ago
It annoys me that this is not on by default…
perfectly_boiled_pizza@lemmy.world 3 days ago
It’s a nice feature for those that actively enable it and know that it’s enabled, but not for the average user. Most people never change the default settings. Firefox breaking stuff by default would only decrease their market share even further. And this breaks so much stuff. Weird stuff. The average user wants a browser that “just works” and would simply just switch back to Chrome if their favourite website didn’t work as expected after installing Firefox. Chrome can be used by people who don’t even know what a browser is.
roscoe@lemmy.dbzer0.com 3 days ago
Does ublock do this?
fossphi@lemm.ee 2 days ago
Please don’t enable this blindly. A lot of modern websites depend on a bunch of features which will simply not work with that flag enabled. Only do it, if you’re willing to compromise and debug things a bit
masterofn001@lemmy.ca 3 days ago
You can also use canvas blocker add-on.
Use their containers feature and make a google container so that all google domains go to that container.
If you want to get crazy, in either set in about:config or make yourself a user.is file in your Firefox profile directory and eliminate all communication with google.
:::spoiler google shit user_pref(“browser.safebrowsing.allowOverride”, false); user_pref(“browser.safebrowsing.blockedURIs.enabled”, false); user_pref(“browser.safebrowsing.downloads.enabled”, false); user_pref(“browser.safebrowsing.downloads.remote.block_dangerous”, false); user_pref(“browser.safebrowsing.downloads.remote.block_dangerous_host”, false); user_pref(“browser.safebrowsing.downloads.remote.block_potentially_unwanted”, > user_pref(“browser.safebrowsing.downloads.remote.block_uncommon”, false); user_pref(“browser.safebrowsing.downloads.remote.enabled”, false); user_pref(“browser.safebrowsing.downloads.remote.url”, “”); user_pref(“browser.safebrowsing.malware.enabled”, false); user_pref(“browser.safebrowsing.phishing.enabled”, false); user_pref(“browser.safebrowsing.provider.google.advisoryName”, “”); user_pref(“browser.safebrowsing.provider.google.advisoryURL”, “”); user_pref(“browser.safebrowsing.provider.google.gethashURL”, “”); user_pref(“browser.safebrowsing.provider.google.lists”, “”); user_pref(“browser.safebrowsing.provider.google.reportURL”, “”); user_pref(“browser.safebrowsing.provider.google.updateURL”, “”); user_pref(“browser.safebrowsing.provider.google4.advisoryName”, “”); user_pref(“browser.safebrowsing.provider.google4.advisoryURL”, “”); user_pref(“browser.safebrowsing.provider.google4.dataSharingURL”, “”); user_pref(“browser.safebrowsing.provider.google4.gethashURL”, “”); user_pref(“browser.safebrowsing.provider.google4.lists”, “”); user_pref(“browser.safebrowsing.provider.google4.pver”, “”); user_pref(“browser.safebrowsing.provider.google4.reportURL”, “”); user_pref(“browser.safebrowsing.provider.google4.updateURL”, “”); :::
Bluefruit@lemmy.world 3 days ago
This is why I like Lemmy, never knew canvas blocker was a thing. Thank you.
Krik@lemmy.dbzer0.com 3 days ago
Or you just switch to LibreWolf where all these settings are already set. It even comes with uBlock preinstalled.
Chulk@lemmy.ml 3 days ago
I’m still trying to wrap my head around fingerprinting, so excuse my ignorance. Doesn’t an installed plugin such as Canvas Blocker make you more uniquely identifiable? My reasoning is that very few people have this plugin relatively speaking.
RecallMadness@lemmy.nz 2 days ago
Iirc, Websites can’t query addons unless those addons manipulate the DOM in a way that exposes themselves.
They can query extensions.
Addons are things installed inside the browser. Like uBlock, HTTPS Everywhere, Firefox Containerr, etc.
Extensions are installed outside the browser. Such as Flashplayer, the Gnome extensions installer, etc.
RecallMadness@lemmy.nz 2 days ago
Further: the Canvas API doesn’t have any requirements on rendering accuracy.
By deferring to the GPU, font library, etc, tracking code can generate an image that is in most cases unique to your machine.
So blocking the Canvas API would return a 0. Which is less unique than what it would be normally.
happydoors@lemm.ee 3 days ago
Maybe if they can connect you to your other usage but it’s probably more of their resources and such a small % of the population that it isn’t worth the time to subvert? Idk just guessing here