Slashdot Mirror

← Back to Stories (view on slashdot.org)

Firefox Borrows From Tor Browser Again, Blocks Canvas Fingerprinting (bleepingcomputer.com)

Posted by EditorDavid on from the fingerprints-vs-Firefox dept.

An anonymous reader writes: Mozilla engineers have borrowed yet another feature from the Tor Browser and starting with version 58 Firefox will block attempts to fingerprint users using the HTML5 canvas element. The technique is widely used in the advertising industry to track users across sites. Firefox 58 is scheduled for release on January 16, 2018.

Canvas fingerprinting blocking is the second feature Mozilla engineers have borrowed from the Tor Project. Previously, Mozilla has added a mechanism to Firefox 52 that prevents websites from fingerprinting users via system fonts. Mozilla's efforts to harden Firefox are part of the Tor Uplift project, an initiative to import more privacy-focused feature from the Tor Browser into Firefox.

4 of 92 comments (clear)

  1. Borrowed from a derivative project? by FatdogHaiku · · Score: 5, Insightful

    OK, "Mozilla engineers have borrowed yet another feature from the Tor Browser" sounds like they are ripping off some projects better design features, but to be fair, the Tor Browser is BUILT on Firefox to begin with.
    That being the case, how is this not just common sense on the part of Mozilla to use features of the derivative to make their own browser better? Tor is still using the Mozilla Public License for their browser so I just don't get the slant of the headline...

    https://en.wikipedia.org/wiki/Tor_(anonymity_network)#Tor_Browser

    --
    You have the right to remain sentient. If you give up the right to remain sentient, you will be elected to public office
  2. Re:good! by Noah+Haders · · Score: 4, Insightful

    I agree, summary has a snotty tone. Is it a good for cutting edge security features to be expanded to mainstream browsers? I’m happy for it.

  3. Re:Addons by Anonymous Coward · · Score: 3, Insightful

    At this point it's become clear that anything more transformative than basic UI stuff is not something that can be properly supported while keeping the core product tenable. I too went through a denial phase where I presumed that it was possible to keep every addon working while fixing the core browser, if Mozilla just magically put in even more effort and didn't care what it actually cost, but we have to acknowledge reality sooner or later. We're not the ones doing the work, we're just complaining that we can't hack it with the same tools anymore. All of our bickering about what we personally "need" isn't helping make Firefox any better, and if Firefox dies we won't have these addons anyway. Time to get seriously involved again and figure out a new way to do these things that works better for everyone, rather than just ourselves.

  4. Re:Addons by Anonymous Coward · · Score: 1, Insightful

    The problem here isn't that Mozilla chose to not replace everything, but that they chose a timeline that doesn't work for you. You expected them to miraculously have everything ready for you on a silver platter before they shipped an improved core browser, and when they decided they couldn't do everything before they *had* to ship a core browser, you found yourself in a pickle.

    Anyone complaining that they're "not listening" is honestly just full of themselves at this point. Mozilla clearly are listening: there are dozens of API tweaks and fixes they put into WebExtensions already, including full-blown APIs that people need for their addons to be ported, many approved and sitting in a backlog waiting for someone to implement them, even while more contentious requests are still being investigated. But because your pet bugs aren't addressed yet, "they aren't listening".

    We as a userbase now have to collectively share in a bit of introspection, before we lose all perspective. We're not entitled to sitting around until someone does everything for us. Others have volunteered fixes for their pet bugs, or found people who could do it for them. I've even seen Mozilla employees waste their time off fixing bugs and making APIs they don't have any personal investment in. And yet, "they aren't listening".

    Case in point: why hasn't someone fixed your environment variable bug after all this time, instead opting to hack around it until the hack no longer works, and then merely complaining? If 50,000 people care about something, they should invest the time to making sure it will work, not just expect the red carpet rolled out for them and pretend it's something somebody else should do for them. The core engineers have been focusing on things that help far more than 50,000 users, and those kinds of improvements never end. Hence why 50,000 users may be left forever waiting, unless they do something themselves.