Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RFP/FPP CanvasBlocker and Smart Referer #1775

Closed
DjKilla2 opened this issue Nov 26, 2023 · 3 comments
Closed

RFP/FPP CanvasBlocker and Smart Referer #1775

DjKilla2 opened this issue Nov 26, 2023 · 3 comments

Comments

@DjKilla2
Copy link

I seem to have fallen behind some recent Arkenfox changes. So I have some quick questions. CanvasBlocker and Smart Referer used to be recommended in the Arkenfox Wiki. I don't use RFP so I used the recommeneded CanvasBlocker. I see now that the latest Firefox versions use FPP in Strict mode. So even though I don't use RFP, I now no longer need to use CanvasBlocker because fallback Firefox FPP now takes the place of it?

I also no longer see Smart Referer in the Wiki either. I definitely need to hide, alter, spoof my referrer. Did a setting in Arkenfox replace Smart Referer or should I continue to use it? I have Smart Referer set to 'Send the URL you're going to as referer' in Strict mode.

I've read the Wiki, searched through Issues, both open and closed, also red the Overrides section and have gone through the user.js but haven't found the answers to my questions or perhaps I didn't quite understand the changes. I'm following your recommendations and have only the following minimum extensions:

Bitwardin
CanvasBlocker
Skip Redirect
Smart Referer
uBlock Origin

Some additional info:
Arkenfox user'js
Firefox 120.0 (64-bit)
Windows 10 22H2 (64-bit)
@Thorin-Oakenpants
Copy link
Contributor

Thorin-Oakenpants commented Nov 26, 2023
edited

I removed any mentions of CanvasBlocker just a few days ago now we are on FF120 - and yes, since we are on ETP strict, if you disable RFP you get FPP

https://arkenfox.github.io/TZP/tzp.html#canvas

  • subtle randomization, persistent (different randomization per-canvas, per-window-type (normal/private) per-ELTD+1 and per-scheme) - edit and per-session
  • it also doesn't randomize solid colors (better compat in edge cases)
  • you can also test here - feel feel to toggle solid color

fpp canvas

This is robust and performant, and as per the wiki, about all you need (for now) to beat naive scripts - so CB is basically redundant (and a worse performance)

Part of FPP but then applied to all users - audio is also "normalized" - FPP will eventually also get the math trigonometric protections, and hopefully the audioContext RFP measures. FPP will ramp up over time. It also limits your fonts to windows system ones (so no leaking MS outlook font or adobe fonts etc) - it's not super tight, because there is a lot of variance with users and optional supplemental windows fonts - but it's a start

@Thorin-Oakenpants
Copy link
Contributor

smart referer see #1707

I am also going to remove any reference to Smart Referer, as I consider it abandoned. Plus it's not a good idea re CSRF see #1433 and for this reason I will not be recommending ANY referer extensions

@DjKilla2
Copy link
Author

Thank you for taking the time to answer my questions. This is a big help and I'll make the changes immediately. All hail Thorin-Oakenpants!.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Thorin-Oakenpants @DjKilla2