Talk about code development, features, specific bugs, enhancements, patches, and similar things.
Forum rules
Please keep everything here strictly on-topic.
This board is meant for Pale Moon source code development related subjects only like code snippets, patches, specific bugs, git, the repositories, etc.
This is not for tech support! Please do not post tech support questions in the "Development" board!
Please make sure not to use this board for support questions. Please post issues with specific websites, extensions, etc. in the relevant boards for those topics.
Please keep things on-topic as this forum will be used for reference for Pale Moon development. Expect topics that aren't relevant as such to be moved or deleted.
-
dark_moon
Unread post
by dark_moon » 2015-06-05, 19:44
Supernova wrote:superA wrote:I also think its impossible to prevent fingerprinting unless..you brake the whole web,or believing that you can achive that by using..an addon.
In fact,you can,but then we talking about ''solutions born from paranoia..''.
Blablabla
Such posts without ANY point (or wrong to the point of absurd "impossible to prevent unless you break the whole web") but just attacks on others are terribly infuriating.
Totaly agree with Supernova.
So btt: Many settings can break the web. For example disable JavaScript. Anyway users still use this (Or NoScript) and it is nice to have it. Thats the same argument for blocking canvas tracking in a hidden pref so no normal user have problems but privacy guys like us can use it.
Maybe a teamwork with the canvas addon dev would be nice to build such a thing.
-
_Poke_
Unread post
by _Poke_ » 2015-06-06, 05:27
There's a difference between disabling something to be secure, and actively skewing data. For that reason, I don't think disabling javascript is a fair comparison to what's proposed.
Perhaps instead you could use that programmable button extension to have a toggle for completely enabling/disabling canvas. This way you can browse without any tracking canvas running at all, until you wish to use one.
-
dark_moon
Unread post
by dark_moon » 2015-06-06, 09:38
Sorry _Poke_ but your arguments are invalid for me.
Please only post if you have knowledge about how to block/ stop sniffing canvas, because thats the topic about. Thanks
-
Moonchild
- Pale Moon guru
- Posts: 35649
- Joined: 2011-08-28, 17:27
- Location: Motala, SE
Unread post
by Moonchild » 2015-06-06, 11:30
dark_moon wrote:Sorry _Poke_ but your arguments are invalid for me.
Please only post if you have knowledge about how to block/ stop sniffing canvas, because thats the topic about. Thanks
Since you're in your ivory tower, why don't you look through your cabinet of magical scrolls for a solution and share it with us?
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
-
squarefractal
Unread post
by squarefractal » 2015-06-06, 15:49
I believe that whatever had to be said has been already said, however, I fail to understand why there is no official response about the points that actually discuss implementation details and use scenario.
Off-topic:
Cryptography is essentially bullshit **rubs eyes vigourously** Solutions born from paranoia are never the best solutions - MC
-
megaman
Unread post
by megaman » 2015-06-06, 15:57
Off-topic:squarefractal wrote:I believe that whatever had to be said has been already said, however, I fail to understand why there is no official response about the points that actually discuss implementation details and use scenario.
Regardless of your state in this topic, try not to let out expletives. Expletives aren't necessary, even when you have a tantrum.
-
Moonchild
- Pale Moon guru
- Posts: 35649
- Joined: 2011-08-28, 17:27
- Location: Motala, SE
Unread post
by Moonchild » 2015-06-07, 06:20
Off-topic:squarefractal wrote:Cryptography is essentially BS
I resent that statement, implying that I would think that way.
But... fanatics about these things will always draw it in the extreme, like fanatics in any field, so I'm not offended. Just understand that it's not a black and white business. The same way you can't enforce strict security measures with entry checks on a shopping mall even if it would be "better".
I'm also not going to waste my breath on trying to explain otherwise or counter it. Let's just say if I thought cryptography was BS then I would not go out of my way to adhere to tighter standards than the big players do. The facts speak for themselves.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
-
squarefractal
Unread post
by squarefractal » 2015-06-07, 07:21
This thread has veered way offtopic, but I'd still like to discuss this feature.
I don't see the problem behind placing it behind a pref, privacy conscious users can enable it. This way, it's a win-win situation.
If you are indeed so concerned about this breaking functionality despite the above, do not outright mangle the data, just manipulate the rgba channels by small values, so that the general appearance and function are preserved.
Moonchild wrote:Just understand that it's not a black and white business.
This statement is absolutely on-topic here: some people have do have a need for near perfect privacy (I myself do not currently face such dangerous situations, but there are people who do need it). But, let's not veer the topic any more.
Also, it was meant as a rather lighthearted comment, but well...
-
Moonchild
- Pale Moon guru
- Posts: 35649
- Joined: 2011-08-28, 17:27
- Location: Motala, SE
Unread post
by Moonchild » 2015-06-07, 08:03
If you want me to place it behind a pref and not use it by default, then you may as well use an extension... That is exactly what extensions are for.
As stated before, modifying the rgb channels slightly is not going to fool fuzzers, only very simple hashers.
But congratulations, you've nagged me so much now that I'm sick of it, and will see about adding a poisoning routine to the getImageData() function in the core. Please be aware that there will be a performance tradeoff, but all in all you wouldn't use this function in rapid succession anyway
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
-
intofix
Unread post
by intofix » 2015-06-07, 08:27
Canvas Fingerprinting > the same people who said the worst about Adobe with Flash crying to have html5 in native in their browser now wondering how to get rid of this html5 feature, too laughable.
-
Moonchild
- Pale Moon guru
- Posts: 35649
- Joined: 2011-08-28, 17:27
- Location: Motala, SE
Unread post
by Moonchild » 2015-06-07, 12:38
Proponents of data poisoning can shut up now.
https://github.com/MoonchildProductions ... b52a2c193b
Be aware that enabling this option has a large performance drawback (in addition to not getting the exact representation as-rendered) because every pixel needs to be adjusted. JSPerf test results are a slowdown of a factor 3x-4x on toDataURL() and getImageData() when poisoning is enabled.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
-
squarefractal
Unread post
by squarefractal » 2015-06-07, 16:05
Thank you for implementing this option
-
squarefractal
Unread post
by squarefractal » 2015-06-16, 11:57
That paper just analyses the societal and institutional aspects of such tracking and surveillance, and not technical methods themselves.
-
Moonchild
- Pale Moon guru
- Posts: 35649
- Joined: 2011-08-28, 17:27
- Location: Motala, SE
Unread post
by Moonchild » 2015-06-17, 00:11
Why would I install an extension that gathers my browsing data? Besides it's not even compatible with us
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
-
intofix
Unread post
by intofix » 2015-06-17, 02:32
Moonchild wrote:Why would I install an extension that gathers my browsing data? Besides it's not even compatible with us
Because today this is still an extension but tomorrow as always this algorithm will be used by sites to trace you. Ok when the time comes i'll make a new thread to know if you found the countermeasure... working for who these sites you think? > follow my eyes
-
hayc59
Unread post
by hayc59 » 2015-12-19, 01:35
ok so may I but in?? thank you...just kidding
so since the newer version of palemoon has an option(ie..true or false) in the aboutconfig section
what should one do? leave it or change it to 'true"? thank you
Gordon
-
satrow
- Forum staff
- Posts: 1885
- Joined: 2011-09-08, 11:27
Unread post
by satrow » 2015-12-19, 01:49
True = poisoned, default is off = false.