Intent to Prototype: Canvas Randomization in private browsing windows in Nightly
Tim Huang
Summary: We intend to enable canvas randomization to provide stronger protection against canvas fingerprinting in private windows in Nightly. The canvas randomization introduces random noise to the canvas data extracted by the web content. The malicious websites that use canvas fingerprint won’t get a consistent canvas fingerprint over time, so they cannot use this technique to track users effectively.
The noises would differ for each canvas across private browsing sessions but remain the same within the same session to prevent fingerprinters from canceling the noise. The introduced noises won’t be noticeable to users because we only change the least amount of data, and it shouldn’t cause a drastic change to the canvas itself.
Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1816189
Specification: None
Standards Body: None
Platform coverage: Desktop platforms, including Windows, Mac, and Linux
Preference: The canvas randomization is behind the fingerprinting protection, which is controlled by the two prefs “privacy.fingerprintingProtection” and “privacy.fingerprintingProtection.pbmode”. The first pref controls the normal windows, and the second pref controls the private windows. We will include more fingerprinting protection mechanisms under the fingerprinting protection. Canvas randomization is the first protection that we enable in PBM.
DevTools Bug: None
Other browsers:
I am unaware that Blink and WebKit have done anything about canvas randomization.
Brave has implemented the Farbling protection, which provides random noises to canvas data.
Web-platform-tests: None.
Potential Breakages: We expect low website breakages because of canvas randomization. However, some canvas features could still be broken due to the mismatch between the expected canvas data and the actual canvas data seen by the website. For example, the emoji feature detection could break potentially, but we haven’t heard of any breakage like this.
--