How can I support CanvasBlocker?
The best way to support CanvasBlocker is to give feedback. If something is not working like it should or something could be improved please open an issue. Reviews at addons.mozilla.org can also help to increase the user base but it is a very bad platform to communicate issues and improvements.
If you want to contribute with your own spare time you can help to improve the translations. Code contributions can also be done in form of pull requests but will be reviewed very thoroughly.
Why does CanvasBlocker need permission X?
Here is the list of permission that CanvasBlocker needs and the reason why it's needed:
- <all_urls> and tabs: CanvasBlocker needs to be able to interact with all possible urls and tabs as fingerprinting attempts could be done everywhere.
- storage: to store the settings the storage.local API is used.
- webRequest and webRequestBlocking: to insert the CSR headers in a request in order to protect the data-URLs. Once this bug has been fixed I can completely remove the data-URI protection (see here for further information).
- contextualIdentities and cookies: for support of browser containers. I would like to make this optional for only the people that use containers but I cannot (see here for further information).
- privacy: this permission is needed to read if the user has privacy.resistFingerprinting enabled. A notice about a slightly changed behaviour of CanvasBlocker is displayed in the settings page in that case.
How is CanvasBlocker funded?
There is no steady monetary funding of CanvasBlocker. Donations are accepted and help to cover some expenses. But since these are not that high it is not sure if a steady funding with any obligations will be accepted.
There is also no plan to monetize CanvasBlocker in any way.
All the development work is done by kkapsner in their spare time and no salary or compensation is paid for it.
So it's all done voluntarily for fun and free.
reCAPTCHA is not working!
It's a known fact that the window API protection breaks reCAPTCHAs. They use the window.name API to store information about the captcha. The protection is designed to mitigate exactly such techniques of passing information from one domain to another. But in this case the information is shared with an embedded HTML page (an <iframe> tag). As the information gets lost when the top level page navigates somewhere the tracking potential is quite limited in such a scenario.
So in conclusion you can enable "Allow window.name in frames" to make reCAPTCHA work and still don't have to worry too much about tracking with window.name.
How do I remove URL specific settings?
If one URL specific setting is set for a URL it shows up at every setting that can have URL specific values. So if you click on the little "x" to reset the value the line for the URL may not disappear. But the input field will appear a little bit gray to indicate that the "normal" value is still used for this URL.
To get rid of this URL line you have to remove all specific settings for this URL. The easiest way to get to know which settings are still set you can go to General > Settings > Export settings > Inspect. There the entry "urlSettings" stores the url specific values.
Page X claims my fingerprint is unique.
Having a unique fingerprint is fine as long as it changes. With the default settings of CanvasBlocker the fingerprint should change all the time. But also with other settings (e.g. the stealth preset) that do not change the fingerprint all the time the fingerprint should be unique per domain and therefore prevent tracking. To test this you can check the different fingerprints on canvasblocker.kkapsner.de and canvasblocker2.kkapsner.de.
My fingerprint does not change when I reload page X.
Some pages do not recalculate the fingerprint upon reload. Make sure you force the recomputation.
But also some CanvasBlocker settings make it to not change the fingerprint upon reload (e.g. the stealth preset).
If you have privacy.resistFingerprinting enabled the fingerprints also may stay the same. But in this case you are not trackable as the fingerprint does not leak any information about your system. See here and here for further information.
PayPal transactions started with "Buy now" button not working!
It's a known fact that the window API protection hinders the completion of all transaction processes initiated via PayPal's "Buy now" button. You have to whitelist paypal.com for that API for it to work properly.
I do not find setting X.
Some settings are not always visible. There are three reasons why settings might be hidden:
- Some require other settings to be a certain value to be displayed because they are not useful without the other setting. E.g. the whole "Asking" section is only displayed when the block mode is set to "ask for permission".
- Other settings are hidden behind the "expert mode" because they need a certain level of understanding of CanvasBlocker to be used correctly.
- Finally you can hide settings. To show these settings you have to enable "display hidden settings".
So if you search for a setting and do not find it you should first enable the "expert mode" and "display hidden settings". If you then still do not find it it's not relevant for your current setup of CanvasBlocker.