The problem here is Canvas fingerprinting - that's what I found the most surprising and interesting.
How do you prevent that, apart from working on 'fixing' browsers to create pixel-perfect renders across different browsers/platforms/configurations. Would that even be possible?
Edit:
> Tor Browser notifies the user for canvas read attempts and provides the option to return blank image data to prevent fingerprinting.
Huh. I guess that's one attempt, but being able to read pixel data out of a canvas is completely reasonable.
> […] but being able to read pixel data out of a canvas is completely reasonable.
Not for every website. Most websites don't need canvas at all. One option would be to ask users to activate canvas support for a website that does need it, so users can judge for themselves if the request is legitimate. This is how the geo-location API works after all.
I am not convinced that this will work very well though.
It seems possible to add heuristics like 'the canvas element has requested more than X fonts within about Y seconds' and then treat that as a tracking script and do something like prompt the user, or return the default font from then on.
If the "fingerprint" really is a checksum/crypto hash, an ever so slight random element in rendering output could help. Of course, together with other techniques, it might just identify your somewhat obfuscating browser.
How do you prevent that, apart from working on 'fixing' browsers to create pixel-perfect renders across different browsers/platforms/configurations. Would that even be possible?
Edit:
> Tor Browser notifies the user for canvas read attempts and provides the option to return blank image data to prevent fingerprinting.
Huh. I guess that's one attempt, but being able to read pixel data out of a canvas is completely reasonable.