PSA: Changes to Firefox and Arkenfox make Canvas Blocker and Smart Referer unnecessary for Arkenfox users who previously used those extensions

I Noticed today that the recommendation to use Canvas Blocker (for those who override RFP) and Smart Referer (for those who override 1601) have disappeared from the Wiki.

After doing some digging I see that the old advice of:

  • Use RFP, or if not use Canvas Blocker

Has been changed to:

  • Use RFP, or if not use FPP

I’d suggest reviewing the fingerprinting page of the wiki which has been revised, as well as this ongoing discussion if you want further context on fingerprinting changes in Firefox and Arkenfox.

Its less clear why Smart Referer was removed, I believe it has to do with the relaxing of an Arkenfox preference, making the override of 1601 no longer necessary

The TL;DR is Arkenfox users who have not reviewed their overrides or installed extensions in the last few months should review their user-overrides and, make changes if necessary, and consider removing canvas blocker and smart referer extensions if you were previously using them.


More context on the Smart Referrer change:

referer.XOriginPolicy - make inactive move to optional hardening

I plan to relax this. I don’t see any real benefit for value 1, it will unbreak fuck all IMO. So I am going to make the pref inactive. Those who want to harden can do so in their overrides. At the end of the day, most navigational “tracking” is harmless (i.e the same for everyone) and effectively blocking cross site referers just breaks “everything”

I am also going to remove any reference to Smart Referer, as I consider it abandoned. Plus it’s not a good idea re CSRF see #1433 and for this reason I will not be recommending ANY referer extensions

I believe this should be broken down into two questions:

  1. Is it possible?
  2. Is it wise?

Unfortunately I don’t have an answer to either question, but I am currently looking into #1, I’ll let you know if I find an answer.

1 Like