Reviews for Canvas Defender
Canvas Defender by Multilogin
Review by VanguardLH
Rated 3 out of 5
by VanguardLH, 7 years agoVisit https://panopticlick.eff.org or https://browserleaks.com/canvas. It lists the current canvas fingerprint for its image test. Exit Firefox (and check Task Manager there are no remnant processes for Firefox), reload Firefox, and visit the site again. The same Canvas hash is identified as before.
While a Canvas hash should remain stable within a session (to avoid getting fingerprinted as a Canvas blocking user), it does NOT have to remain stable between web browser sessions. A site that checks that a different hash is returned for multiple tries upon a visit can detect if a blocker is used. Those sites won't test upon a revisit of the page in a new browser session which could be from a different computer, different config, or different user.
Another Canvas blocker, CanvasBlocker, defaults on install to creating a new unique hash on every Canvas read. That isn't the best way to avoid Canvas fingerprinting. Repeated testing by a site when you visit them can detect you are blocking (changing) the Canvas hash so they know you are in a small populace of Canvas blocking users. However, CanvasBlocker has the option to change its random hashing on a per-session option. The hash remains stable within a web browser session but a different random rehashing is used in the next web browser session. Alas, CanvasBlocker is not a Web Extension add-on, there doesn't seem to be any movement to make it one, so it will die as of Firefox version 57. Already in Firefox 55 that add-on is getting flagged as "Legacy" meaning it is not a WebExt add-on and will cease to function shortly when Firefox 57 gets released.
So I was looking at an alternative. Canvas Defender has some nice features but the timer is deficient. The timer should function only *within* a web browser session, not at some wall-clock interval between web sessions. When the web browser is loaded, the timer should start anew (reset) with a new rehash or noise injection. The user might want to manually change the hash during a web browser session or let a timer do that during a web browser session but a NEW web browser session should start with a new random noise rehash of the Canvas reads. Every reset of the timer, which includes when loading the add-on in a new web browser session, should generate a new random noise injection.
Canvas Defender should reset and generate a new random rehash noise injection when the timer resets. When set to an interval, the timer resets when the interval is reached (and the timer starts measuring a new interval). When the add-on is freshly loaded (because it loads with a new instance of the web browser in a new browsing session), that is also a timer reset and the add-on should begin with a new random rehash noise injection.
While a Canvas hash should remain stable within a session (to avoid getting fingerprinted as a Canvas blocking user), it does NOT have to remain stable between web browser sessions. A site that checks that a different hash is returned for multiple tries upon a visit can detect if a blocker is used. Those sites won't test upon a revisit of the page in a new browser session which could be from a different computer, different config, or different user.
Another Canvas blocker, CanvasBlocker, defaults on install to creating a new unique hash on every Canvas read. That isn't the best way to avoid Canvas fingerprinting. Repeated testing by a site when you visit them can detect you are blocking (changing) the Canvas hash so they know you are in a small populace of Canvas blocking users. However, CanvasBlocker has the option to change its random hashing on a per-session option. The hash remains stable within a web browser session but a different random rehashing is used in the next web browser session. Alas, CanvasBlocker is not a Web Extension add-on, there doesn't seem to be any movement to make it one, so it will die as of Firefox version 57. Already in Firefox 55 that add-on is getting flagged as "Legacy" meaning it is not a WebExt add-on and will cease to function shortly when Firefox 57 gets released.
So I was looking at an alternative. Canvas Defender has some nice features but the timer is deficient. The timer should function only *within* a web browser session, not at some wall-clock interval between web sessions. When the web browser is loaded, the timer should start anew (reset) with a new rehash or noise injection. The user might want to manually change the hash during a web browser session or let a timer do that during a web browser session but a NEW web browser session should start with a new random noise rehash of the Canvas reads. Every reset of the timer, which includes when loading the add-on in a new web browser session, should generate a new random noise injection.
Canvas Defender should reset and generate a new random rehash noise injection when the timer resets. When set to an interval, the timer resets when the interval is reached (and the timer starts measuring a new interval). When the add-on is freshly loaded (because it loads with a new instance of the web browser in a new browsing session), that is also a timer reset and the add-on should begin with a new random rehash noise injection.