Firefox Borrows From Tor Browser Again, Blocks Canvas Fingerprinting (bleepingcomputer.com)

← Back to Stories (view on slashdot.org)

Firefox Borrows From Tor Browser Again, Blocks Canvas Fingerprinting (bleepingcomputer.com)

Posted by EditorDavid on Saturday November 4, 2017 @03:34AM from the fingerprints-vs-Firefox dept.

An anonymous reader writes: Mozilla engineers have borrowed yet another feature from the Tor Browser and starting with version 58 Firefox will block attempts to fingerprint users using the HTML5 canvas element. The technique is widely used in the advertising industry to track users across sites. Firefox 58 is scheduled for release on January 16, 2018.

Canvas fingerprinting blocking is the second feature Mozilla engineers have borrowed from the Tor Project. Previously, Mozilla has added a mechanism to Firefox 52 that prevents websites from fingerprinting users via system fonts. Mozilla's efforts to harden Firefox are part of the Tor Uplift project, an initiative to import more privacy-focused feature from the Tor Browser into Firefox.

47 of 92 comments (clear)

Min score:

Reason:

Sort:

Re:maybe a dumb question by Desler · 2017-11-04 03:51 · Score: 3, Informative

Yeah it’s for generating 2D graphics.
Awesome by Anonymous Coward · 2017-11-04 03:52 · Score: 1

Web browsers should add these kind of features, not other silly stuff.
Addons by markdavis · 2017-11-04 04:05 · Score: 1

Fingerprint blocking is a good feature, unlike the last unnecessary "screen print" or whatever feature. However, I won't be "upgrading" because half the addons I need won't work. :( I suspect a lot of us will be stuck on older versions of Firefox for quite a while...
1. Re:Addons by serviscope_minor · 2017-11-04 04:21 · Score: 5, Informative
  
  I've actually spoken informally to some firefox people in person regarding addons.
  They do know it's a problem, but they feel that the temporary disruption was worth it. They also know the new webextension system is not yet up to the task of replacing the old extensions, but neither is the old one is severely holding up the browser in terms of both security and performance.
  The idea is that they get the first version up and running, then work on improving the extension system to put back as many of the missing bits as they can, but in a manner which doesn't break performance or security. With luck, by the time the last pre change LTS goes out of support, the new extension will be able to support the kind of things that people need. Apparently there are quite a lot of heavy extension users at Mozilla so there's internal pressure to get firefox to be as good as it always was in this regard.
  Personally I'm optimistic that they can achieve their goal.
  
  --
  SJW n. One who posts facts.
2. Re:Addons by markdavis · 2017-11-04 04:36 · Score: 4, Interesting
  
  I understand their reason and desire to switch to webextension, but the issue is that there are some things that many of us need to do that NO "webextension" addon is going to be allowed to do. This is because these new addons will not be allowed to modify the UI or underlying operation of the browser. Three such examples:
  FlashStopper (stops html5 video autoplay)
  ClassicThemeRestorer (makes the UI bearable)
  EnvironmentProxy (sets proxy based on environment variables)
  I am confident other important addons will be retained- I already see that UblockOrigin, Adblock Plus (as "AdBlock 57+"), and NukeAnything all work. But I can't bear to use the browser without certain other things.
3. Re:Addons by Anonymous Coward · 2017-11-04 05:20 · Score: 3, Insightful
  
  At this point it's become clear that anything more transformative than basic UI stuff is not something that can be properly supported while keeping the core product tenable. I too went through a denial phase where I presumed that it was possible to keep every addon working while fixing the core browser, if Mozilla just magically put in even more effort and didn't care what it actually cost, but we have to acknowledge reality sooner or later. We're not the ones doing the work, we're just complaining that we can't hack it with the same tools anymore. All of our bickering about what we personally "need" isn't helping make Firefox any better, and if Firefox dies we won't have these addons anyway. Time to get seriously involved again and figure out a new way to do these things that works better for everyone, rather than just ourselves.
4. Re:Addons by 0100010001010011 · 2017-11-04 05:23 · Score: 1
  
  Refusing to break backwards compatibility is how you end up in the situation Microsoft is in.
  Sometimes you need to clean out the attic. I've tested betas and am fairly impressed. Anything that is used will get ported or someone will make something to do something similar.
5. Re:Addons by Anonymous Coward · 2017-11-04 05:44 · Score: 1
  
  It's not a terrible idea to get WebExtensions running and ramp up to a better feature set. It's turning off the old extension system while the new API implementation is still bare-bones which is causing the problem.
6. Re:Addons by markdavis · 2017-11-04 06:17 · Score: 5, Interesting
  
  Well said. I think the main issue was and has been, however, that Mozilla hasn't really been listening to what the users (and often developers) are saying. We wouldn't complain about the loss of addons that modify the UI had Mozilla not taken away the native ability for user to control the UI. A classic example is "tabs on bottom." It was HUGELY unpopular when Firefox finally removed that single option. And there was really no good reason to remove it. Addons saved the day, and now that will be gone too. And they added insult to injury by adding stuff that users didn't care about or want, things like screenprint, hello, pocket... things that could have easily been optional or even included addons. Development resources that could have gone to filling that UI-control that users do want, and/or performance, and/or bug fixing.
  My example of the "Flash Stopper" addon really is a perfect example of the jam in which people find themselves. It is something the browser should be able to do, natively and correctly. Autoplay of video is a HUGE annoyance to many users. And the built-in feature that Firefox offers to supposedly help control the problem is just broken. Here is the bug report: https://bugzilla.mozilla.org/s... 2 years and still broken! And now the addon that fixed the problem for perhaps 50,000 users (who managed to find it) will be forever gone because WebExtensions won't allow even third-parties to fix it.
  My other example- the Environment Proxy is another perfect example. Up to version XX (forget which), Firefox honored the environment variables for simple proxy control. And one day- BAM, it is just broken. An addon came out to work around the problem, and many years later, there is STILL no native fix. And WebExtensions will take away that solution, too.
  So please understand why I am complaining so loudly. It isn't just about not liking change, there are real issues that leave me and others in a real pickle.
7. Re:Addons by MrL0G1C · 2017-11-04 06:45 · Score: 1
  
  https://www.waterfoxproject.or...
  A fork that continues 'legacy' support.
  
  --
  Waterfox - a Firefox fork with legacy extension support, security updates and better privacy by default.
8. Re:Addons by Anonymous Coward · 2017-11-04 06:55 · Score: 1, Insightful
  
  The problem here isn't that Mozilla chose to not replace everything, but that they chose a timeline that doesn't work for you. You expected them to miraculously have everything ready for you on a silver platter before they shipped an improved core browser, and when they decided they couldn't do everything before they *had* to ship a core browser, you found yourself in a pickle.
  Anyone complaining that they're "not listening" is honestly just full of themselves at this point. Mozilla clearly are listening: there are dozens of API tweaks and fixes they put into WebExtensions already, including full-blown APIs that people need for their addons to be ported, many approved and sitting in a backlog waiting for someone to implement them, even while more contentious requests are still being investigated. But because your pet bugs aren't addressed yet, "they aren't listening".
  We as a userbase now have to collectively share in a bit of introspection, before we lose all perspective. We're not entitled to sitting around until someone does everything for us. Others have volunteered fixes for their pet bugs, or found people who could do it for them. I've even seen Mozilla employees waste their time off fixing bugs and making APIs they don't have any personal investment in. And yet, "they aren't listening".
  Case in point: why hasn't someone fixed your environment variable bug after all this time, instead opting to hack around it until the hack no longer works, and then merely complaining? If 50,000 people care about something, they should invest the time to making sure it will work, not just expect the red carpet rolled out for them and pretend it's something somebody else should do for them. The core engineers have been focusing on things that help far more than 50,000 users, and those kinds of improvements never end. Hence why 50,000 users may be left forever waiting, unless they do something themselves.
9. Re:Addons by Hognoxious · 2017-11-04 09:37 · Score: 1
  
  Good comeback, Cal!
  
  --
  Confucius say, "Find worm in apple - bad. Find half a worm - worse."
10. Re:Addons by CrashNBrn · 2017-11-04 11:44 · Score: 1
  
  This is because these new addons will not be allowed to modify the UI or underlying operation of the browser.
  
  Not so much. Firefox's UI can be modified with CSS. Just like when Australis was first introduced.
  Tree Style Tab is running in a customizable sidebar; normal tabs at the top can be hidden - with CSS. Try that in Chrome... The least useless SideTabs for Chrome is Sidewise, and it has to run in a completely separate window.
  There's also Tab Center Redux - a continuation of Mozilla's Tab Center (Test Pilot experiment), which completely replaces top tabs with side tabs.
  And for all the curmudgeons that reject change, there's the Basilisk browser which is "created and maintained by the team behind Pale Moon, and is a fully independent fork of the Mozilla/Firefox code".
  There's also a hard-fork of Mozilla's XUL platform UXP - Unified XUL Platform.
  More info over at ghacks (in the comments): https://www.ghacks.net/2017/08...
  Re Waterfox, etc.
11. Re:Addons by theweatherelectric · 2017-11-04 16:42 · Score: 1
  
  long live pale moon
  How does Pale Moon perform in benchmarks and real world usage (like, say, an HTML5 game) versus Firefox 57? Do you have concrete numbers you can show me?
12. Re:Addons by Waccoon · 2017-11-04 18:40 · Score: 1
  
  There's also the problem that defining a new API is something that's been put off for way too long, because they wasted so much time with marketing gimmicks and UI redesigns.
  It's an extensive change and certainly not easy, but it's clear to the Mozilla community that many things in the browser have been broken and essentially ignored for the better part of 10 years (freezes due to cycle collections, for example, which IMO is a bigger problem than raw performance). Once Chrome launched, Mozilla had an, "Oh, shit!" moment in the same vein of Netscape when IE stopped being terrible. Mozilla is still in panic mode, and had they been on the ball, the rollout would have been more graceful and there would be more emulation options.
Speaking of Firefox by wjcofkc · 2017-11-04 04:18 · Score: 5, Informative

If like me you gave up on it years ago because it became bloated and slow, try out the latest beta. It's really fast even under a heavy load.

--
Brought to you by Carl's Junior.
1. Re:Speaking of Firefox by antdude · 2017-11-04 16:43 · Score: 1
  
  OK, but what about the old extensions? :P
  
  --
  Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
2. Re:Speaking of Firefox by ayesnymous · 2017-11-04 19:51 · Score: 1
  
  Memory usage got really bad in a recent release. Previously I'd have 10 windows open with around 100 tabs total, and that took up about 2 GB of RAM. For the last few weeks though, those same 10 windows/100 tabs causes Firefox to get up to 6 GB memory usage.
Borrowed from a derivative project? by FatdogHaiku · 2017-11-04 04:33 · Score: 5, Insightful

OK, "Mozilla engineers have borrowed yet another feature from the Tor Browser" sounds like they are ripping off some projects better design features, but to be fair, the Tor Browser is BUILT on Firefox to begin with.
That being the case, how is this not just common sense on the part of Mozilla to use features of the derivative to make their own browser better? Tor is still using the Mozilla Public License for their browser so I just don't get the slant of the headline...

https://en.wikipedia.org/wiki/Tor_(anonymity_network)#Tor_Browser

--
You have the right to remain sentient. If you give up the right to remain sentient, you will be elected to public office
1. Re:Borrowed from a derivative project? by Freshly+Exhumed · 2017-11-04 07:07 · Score: 2
  
  Tor and Mozilla folks work together on these things. That's what they themselves say.
  
  --
  I deny that I have not avoided attaining the opposite of that which I do not want.
2. Re:Borrowed from a derivative project? by FatdogHaiku · 2017-11-04 07:17 · Score: 1
  
  That only makes sense. My problem was with the confusing headline, the way it reads, there is something wrong with their arrangement, and I just don't see that...
  
  --
  You have the right to remain sentient. If you give up the right to remain sentient, you will be elected to public office
Re:maybe a dumb question by Desler · 2017-11-04 04:36 · Score: 2

Browsers were able to display graphics long before HTML 5 existed.
Cool story, bro. Canvas is for procedurally generating graphics not just displaying something.
Re:good! by Noah+Haders · 2017-11-04 04:37 · Score: 4, Insightful

I agree, summary has a snotty tone. Is it a good for cutting edge security features to be expanded to mainstream browsers? I’m happy for it.
Re:Posted via Palemoon... apk by Noah+Haders · 2017-11-04 04:41 · Score: 1

Good man, I’m glad. I will always think of you as the HOSTS guy.
Re:Wouldnt I need to run Javascript from advertise by Noah+Haders · 2017-11-04 04:53 · Score: 1

Yeah, i’ll meme that
https://imgur.com/a/85dq7
Re:Unfortunately blocking is self identifying by maestroX · 2017-11-04 05:44 · Score: 2

Unfortunately this sounds good on paper but in practice it's not going to make any difference for now. Until a sizable portion of browsers do this, blocking is actually going to be an identifying characteristic. The advertisers are going to get a line up of victims and instead of you being the one with Arial and Roboto on their hat, you're going to be the one wearing the tin foil one. That's still a unique, identifying feature until enough of us are wearing tin-foil that they can't tell us apart (by our hats).

Firefox usage is still above 5% nowadays. Not much, but enough to ensure improvement over identification through font fingerprinting.
Blocking at least hides software (OS)/hardware details, which make targeting vulnerabilities a lot harder.
Firefox by beep54 · 2017-11-04 05:51 · Score: 1

Hope this trickles out as I have given up on Firefox and now use Pale Moon.
Re:maybe a dumb question by tepples · 2017-11-04 06:44 · Score: 1

Canvas is for procedurally generating graphics not just displaying something.
Then have the server procedurally generate the graphics, compress them, and send them to the browser. Servers have been procedurally generated graphics long before HTML5.
The impression that I get from a lot of comments lately is that if an application wants to do more than Web 1.0 (navigation and form submission) allows, it ought to be native instead of a web application.
Ctrl+Q by tepples · 2017-11-04 06:53 · Score: 1

At this point it's become clear that anything more transformative than basic UI stuff is not something that can be properly supported
Even the UI isn't malleable enough.
I tried Firefox 57 during the first few days of beta. When reaching for Ctrl+W, Ctrl+Tab, or Ctrl+Shift+Tab while researching sources to cite in a Slashdot comment, I would often accidentally press the adjacent Ctrl+Q, causing data loss in forms that neither the browser nor the website knows how to save. Firefox's Restore Previous Session doesn't save script-built forms, such as Slashdot's inline reply form. Nor does Slashdot save them at Preview.
The Keybinder extension worked through Firefox 56, but the attempt to make an analogous WebExtension is blocked on bug 1325692, which is marked as not to be fixed in time for the release of Firefox 57. From the AMO page of one such attempt:

This add-on does not work as expected in Linux, until bug 1325692 is fixed.
Once Firefox 57 becomes the stable release, I'll be downgrading to Firefox ESR 52 and staying there as long as bug 1325692 remains unfixed.
Re:maybe a dumb question by DontBeAMoran · 2017-11-04 07:00 · Score: 2

I use canvas for a custom grayscale image conversion tool I made. It has to be real-time when the user moves the sliders, constant communication and server-side rendering and uploading just wouldn't be good enough.

--
#DeleteFacebook
Blocking is the Wrong Approach by Anonymous Coward · 2017-11-04 07:30 · Score: 1

I like the idea that Mozilla is working with the Tor guys, they have a lot in common.
But not this. Tor users want to blend together to appear indistinguishable because that's what Tor itself does. But normal browser users aren't behind Tor. They don't have the same use case. What's the point of looking exactly like every other browser if you continue to use the same IP address for days at a time?
Instead of just trying to block fingerprinting outright, Mozilla should be looking at ways to corrupt fingerprinting. They are sort of doing that with their contextual identities through containers work. The idea is that depending on what task you are doing, you should appear as a different (unique) identity. So browse facebook with one "identity" browse ESPN with another "identity" and if ESPN includes facebooky stuff on their site, it reads as your ESPN identity not your facebook identity.
Instead of outright blocking canvas fingerprinting, they should corrupt the canvas fingerprint such that if facebook reads the canvas they get your facebook fingerprint and if ESPN reads the canvas they get your ESPN fingerprint. And if you are using Tor, they get a generic Tor fingerprint that all Tor users share.
A related problem is that this is all an arms race. Canvas fingerprinting is just the easiest current method (just like 3rd party cookies used to be the easiest method). There are lots of other methods too, like timing 3d rendering speeds, looking at battery levels, etc. Each time Mozilla shuts down one fingerprinting method, the trackers will look for something else. In the end, the only way to make *widespread* fixes is to outlaw tracking.
So to that end I wish Mozilla would show an alert of some sort every time a site tries to do a fingerprint or otherwise track the user. They get away with all this sneaky shit today because few regular people have any idea of how much they are being tracked. If all the tracking was constantly in their face, it would make people angry. And that anger could be translated into support for laws making tracking illegal. That wouldn't stop criminals and spy agencies. But it would stop the vast majority of legal businesses. And the are the ones driving the tracking industry with their billions of dollars.
Pale Moon by Paronymous_Coward · 2017-11-04 07:50 · Score: 3, Informative

Pale Moon, a Firefox fork, has had this for ages in about:config
Just set "canvas.poisondata" to "true"
1. Re:Pale Moon by Anonymous Coward · 2017-11-04 08:17 · Score: 1
  
  And the benefits for the feature there are rendered nonexistent, because you're one of a few thousand people using Pale Moon, and one of the ever fewer subset of those users who have toggled that feature.
Re:maybe a dumb question by tepples · 2017-11-04 07:51 · Score: 1

I use canvas for a custom grayscale image conversion tool I made. It has to be real-time when the user moves the sliders, constant communication and server-side rendering and uploading just wouldn't be good enough.
You could instead make it available as source code and as a Windows executable.
You're right! by Anonymous Coward · 2017-11-04 08:20 · Score: 1

You just won a FREE T-shirt!
Re:Unfortunately blocking is self identifying by fahrbot-bot · 2017-11-04 08:27 · Score: 4, Interesting

Unfortunately this sounds good on paper but in practice it's not going to make any difference for now. Until a sizable portion of browsers do this, blocking is actually going to be an identifying characteristic. The advertisers are going to get a line up of victims and instead of you being the one with Arial and Roboto on their hat, you're going to be the one wearing the tin foil one. That's still a unique, identifying feature until enough of us are wearing tin-foil that they can't tell us apart (by our hats).
Firefox usage is still above 5% nowadays. Not much, but enough to ensure improvement over identification through font fingerprinting. Blocking at least hides software (OS)/hardware details, which make targeting vulnerabilities a lot harder.
Though I can't attest to the validity of the argument, here's an article I thought was interesting describing how blocking canvas fingerprinting on a low-adoption scale may make one more easily trackable (as the blocking can be used as an identifier): How Canvas Fingerprint Blockers Make You Easily Trackable If the argument is valid, then adding the capability to Firefox and having blocking enabled by default will help eceryone.

--
It must have been something you assimilated. . . .
Re:good! by Anonymous Coward · 2017-11-04 08:41 · Score: 1

I agree, summary has a snotty tone. Is it a good for cutting edge security features to be expanded to mainstream browsers? I’m happy for it.
'Borrow'. As if there is a debt to be repaid. That isn't how FOSS works. The whole point of FOSS is the Free part. No debt, no 'borrowing'. Just 'sharing' good ideas to be used by anyone for whatever they like (so don't tell people how to build pocket nukes please)
Re:maybe a dumb question by DontBeAMoran · 2017-11-04 10:05 · Score: 1

"A windows executable" would be of zero use to me.

--
#DeleteFacebook
Re:maybe a dumb question by barbariccow · 2017-11-04 10:10 · Score: 1

I think he was suggesting that NOT EVERYTHING is appropriate for the web. And surely that is true, web 2.0 and such only really gained momentum because of how crappy windoze is that the only trusted way to run applications on business computers was in a sandbox..
Block all 3rd party cookies by madbrain · 2017-11-04 10:51 · Score: 2

Hey Mozilla engineers, if you really want to lower tracking for your users, you should change the default 3rd party cookies setting from "allow from visited" to "never". No more seeing ads for the things you have searched for, after doing that, among other things.
It breaks a few low-value sites like some message boards, but screw those. Privacy is more important.

--
-- Julien Pierre http://www.madbrain.com/blog
Re:maybe a dumb question by tepples · 2017-11-04 13:26 · Score: 1

You could instead make it available as source code and as a Windows executable.
"A windows executable" would be of zero use to me.
Then compile the source code.
Re:maybe a dumb question by DontBeAMoran · 2017-11-04 16:38 · Score: 1

And how do you compile PHP, HTML, CSS and Javascript into a cross-platform application?

--
#DeleteFacebook
Re:I find this hard to believe by theweatherelectric · 2017-11-04 16:40 · Score: 1

the damned browser is allowing ad companies to shovel mountains of video onto the local drive
So use an ad blocker. Problem solved. uBlock Origin is a good one.
Re:maybe a dumb question by Carewolf · 2017-11-04 22:19 · Score: 2

Does this canvas element in HTML5 have legitimate uses, or was it included specifically to help advertisers covertly track users?
Yes, but reading from it is much more questionable. Not only do a website rarely have use of encoded pixels, and if they want to copy a block they could just paint the commands again.
Re:maybe a dumb question by tepples · 2017-11-05 07:46 · Score: 1

Translate the PHP into Node and use Electron.
Disabled by default by CaffeinatedTech · 2017-11-05 18:13 · Score: 1

Just read the bugzilla thread. https://bugzilla.mozilla.org/s... This is part of the `privacy.resistFingerprinting` preference which is disabled by default for all users. So developers who actually legitimately use canvas shouldn't be hit too hard. Just another post on the FAQ page.
Re:Thank-You... apk by WallyL · 2017-11-06 05:38 · Score: 1

See subject. It's people like you that keep me coming back, for the giggles. Oh, and learning things on occasion.