Changes between Initial Version and Version 10 of Ticket #42428
- Timestamp:
- 03/02/2018 01:42:43 AM (7 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #42428
-
Property
Version
changed from
trunk
to4.1.2
-
Property
Milestone
changed from
Awaiting Review
toFuture Release
-
Property
Version
changed from
-
Ticket #42428 – Description
initial v10 3 3 wp-emoji uses a technique that’s often used by trackers for fingerprinting clients: reading canvas pixel data. For them, differences in OS and graphics drivers can lead to subtle differences when text is rendered to a canvas. This means that when they hash data read out of the canvas with text on they have another datapoint to identify a client. 4 4 5 To work around this, Firefox has recently uplifted a technique from TOR Browser. If you visit a site that tries to do this it’ll pop open a hanger asking for the user’s permission. You can test this by downloading a copy of Firefox Nightly, going to about:config and setting privacy.resistFingerprinting to true. Which brings us on to Word press…5 To work around this, Firefox has recently uplifted a technique from TOR Browser. If you visit a site that tries to do this it’ll pop open a hanger asking for the user’s permission. You can test this by downloading a copy of Firefox Nightly, going to about:config and setting privacy.resistFingerprinting to true. Which brings us on to WordPress… 6 6 7 7 Unfortunately the default wp-emoji package also uses this technnique, which triggers a browser warning on a large number of sites I visit on a daily basis. While I doubt that Wordpress is using this for user tracking, it means that sites that are being nefarious get lost in the Wordpress noise. This is a shame, but also I would imagine that it would be hard for Firefox to turn this on by default given the number of sites out there using Wordpress.