My apologies to the Bugzilla team for wasting their time holding my hand on this one. Would have honestly never noticed the little “HTML5” info icon to the left of the URL bar though without their help.
Surely this is a user experience that could be improved, no? Awesome feature but confusing solution.
The resist fingerprinting mode scrambles canvas read out to prevent sites from using it to create a fingerprint. Because of that, any site that needs to read the canvas back for legitimate purposes will also receive scrambled data. You get more privacy for the minor inconvenience of having to manually allow canvas usage for the sites that actually need it.
And very few sites actually need it.
On librewolf I just get a popup asking to allow canvas
A popup sounds like an annoyance you must deal with on every webpage. Not just the ones that use the canvas for useful things
Canvas is rarely on a web page or at least it rarely affects me
I’ve actually seen that had no idea what it was!
How do u do fingerprinting with a canvas
https://en.m.wikipedia.org/wiki/Canvas_fingerprinting
When a user visits a page, the fingerprinting script first draws text with the font and size of its choice and adds background colors (1). Next, the script calls Canvas API’s ToDataURL method to get the canvas pixel data in dataURL format (2), which is basically a Base64 encoded representation of the binary pixel data. Finally, the script takes the hash of the text-encoded pixel data (3), which serves as the fingerprint …
Variations in which the graphics processing unit (GPU), or the graphics driver, is installed may cause the fingerprint variation. The fingerprint can be stored and shared with advertising partners to identify users when they visit affiliated websites. A profile can be created from the user’s browsing activity, allowing advertisers to target advertise to the user’s inferred demographics and preferences.
By January 2022, the concept was extended to fingerprinting performance characteristics of the graphics hardware, called DrawnApart by the researchers.
Hmm seems like their would be ways to mitigate this. Why not just introduce some random human undetectable changes to every pixel ie change breightness color alpha etc by 1 or something so every time u call the ToDataURL it returns different data? Might break some things but since canvases dont seem to be predictable systems anyway whats the harm?
Different graphics stacks (graphics hardware, their drivers (of which there are different ones for all major OSes), the display server (on Linux)) draw things slightly differently. As I remember this especially applies to text rendering using different fonts, but slightly tilted lines, bent lines, and color blending is probably also part of it, and more.
Yarp I’ve had this also.