unless I'm missing something with this PoC ... Using a known pixel test to determine that randomizing is happening is expected and nothing new. A known pixel test holds no real entropy. In a closed set of users, such as Firefox FPP users - it can reveal if it is per execution or persistent, and it can reveal degrees of randomizing (what channels, % of pixels, range of shift in values) - but all users are the same so this is equivalency. By reverting the altered pixels with the known ones to return what you already know is **not** achieving anything - all you did was determine that canvas is protected (and other equivalency of FPP canvas). A canvas test that exposes entropy would not be a known canvas - it would be compiled with e.g. css named colors, math (transforming), shapes/curves, fonts, text etc so as to produce different results with hopefully maximum (the whole point of fingerprinting) What pixels and what channels (rgb) are altered, and by how much is protected by a seed per first party partitioning, and is applied per canvas - so knowing that pixels a, b, and c are changed in one canvas, does not translate to the next canvas. If you want to revert the randomizing, you will have to average, which can be expensive for fingerprinting scripts - and in terms of commercial/advertising tracking is simply not going to happen with all the low hanging fruit (the 95% of users who lack protection) and given Firefox's threat model this is not an issue (yet) +1 INVALID or WONTFIX
Bug 1962412 Comment 5 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
unless I'm missing something with this PoC ... Using a known pixel test to determine that randomizing is happening is expected and nothing new. A known pixel test holds no real entropy. In a closed set of users, such as Firefox FPP users - it can reveal if it is per execution or persistent, and it can reveal degrees of randomizing (what channels, % of pixels, range of shift in values) - but all users are the same so this is equivalency. By reverting the altered pixels with the known ones to return what you already know is **not** achieving anything - all you did was determine that canvas is protected (and other equivalency of FPP canvas). A canvas test that exposes entropy would not be a known canvas - it would be compiled with e.g. css named colors, math (transforming), shapes/curves, fonts, text etc so as to produce different results with hopefully maximum entropy (the whole point of fingerprinting) What pixels and what channels (rgb) are altered, and by how much is protected by a seed per first party partitioning, and is applied per canvas - so knowing that pixels a, b, and c are changed in one canvas, does not translate to the next canvas. If you want to revert the randomizing, you will have to average, which can be expensive for fingerprinting scripts - and in terms of commercial/advertising tracking is simply not going to happen with all the low hanging fruit (the 95% of users who lack protection) and given Firefox's threat model this is not an issue (yet) +1 INVALID or WONTFIX