Firefox finally adding resistFingerprinting outside of about:config?

I was looking at the release notes for Firefox 120 (in beta right now), and I noticed that they’re adding Canvas API protections to private windows and when Strict mode is enabled.

Firefox’s private windows and ETP-Strict privacy configuration now enhance the Canvas APIs with Fingerprinting Protection, thereby continuing to protect our users’ online privacy.

from: Firefox Beta 120.0beta, See All New Features, Updates and Fixes

Is this the start of resistFingerprinting finally getting actual UI implementation? I know that canvas protection is just one part of it, but could this be signalling a full implementation of fingerprinting protection in the GUI by Mozilla?

1 Like

FFP is a less aggressive version of RFP.

Have you (or anyone else reading this) come across any good explainers/high level comparisons between RFP (‘Resist Fingerprinting’) and FPP (‘Fingerprinting Protection’?

Bonus points for a comparison between RFP, FPP, Canvas Blocker, as well as Brave’s randomization based approach.

1 Like

Oh, so would it be using a lesser implementation of canvas randomization, maybe like Brave Shields set to standard for example?

Why only in private windows?

looks like Thorin has already answered that here:

this entire github issue pretty much solves my question so I’ll mark this as the solution. thanks @sha123 for linking to an older discussion where Thorin first explained the difference between FPP and RFP.

So does that mean with Firefox 120 we don’t need the CanvasBlocker addon if we have Enhancing Tracking Protection set to Strict?

Yes based on what what was said in the github discussions, it does seem like FPP will entirely replace the need for CanvasBlocker. Right now it’s only getting canvas randomization but, based on the first github page linked, there should also be audio protections coming as well.

Phase 1 includes fonts at vis level 2 (i.e only allow os system fonts), subtle canvas randomizing (excluding IsPoinInPath and isPointInStroke), and I think window positions = 0. Last but not least, removing math entropy in audio for all FF users - note this does not remove all entropy, and RFP has additional protections which should then make all RFP users the same per platform (because Hrtz etc affect results but RFP sets those).

Having those built into the browser would make CanvasBlocker redundant and would likely make you stand out a lot more (since the pool of FF users with Strict mode on is going to be significantly larger than the pool of CanvasBlocker users).

1 Like