CanvasFingerprintBlock
重要提示:如果扩展不适用于特定站点,请在“支持”部分发布详细信息,因为这将帮助我修复它。抱怨不公布细节就行不通是毫无意义的。谢谢您。 释放 版本1.5(2016-3-06) •..
基本信息
- 更新日期:
- 包名:
- ipmjngkmngdcdpmgmiebdmfbkcecdndc
- 版本:
- 1.5
- 大小:
- 11.93KiB
- 类型:
- Chrome
- 平台:
- Chrome
- 评分:
- 发布日期:
- 2016-03-06
- 价格:
- 免费
- 开发者:
- appodrome.net
CanvasFingerprintBlock插件截图
CanvasFingerprintBlock插件简介
Protect your privacy. Prevent webpages from tracking you by your browser’s HTML canvas fingerprint. 保护你的隐私。阻止网页通过浏览器的HTML画布指纹跟踪您。
IMPORTANT: If the extension does not work on a specific site, please post the details in the SUPPORT section, as this will help me fix it. It is pointless to complain that it doesn’t work without posting the details. Thank you.
RELEASES
Version 1.5 (2016-Mar-06)
• Updated script-injection technique so that it works also on pages with strict CSP.
Version 1.4 (2016-Mar-05)
• Extension was (unnecessarily) trying to patch functions in a cross-origin frame (like Hangouts frame in GMail, Disqus frame in several sites, etc.) from within the outer window. This was breaking the sites’ functionality; now this is avoided.
Version 1.3 (2016-Feb-28)
• Blocked iframe[@sandbox] canvas reads are now shown properly inside popup
• More detailed information per blocking
Version 1.2 (2016-Feb-27)
• Now also blocks read attempts from canvas inside a sandboxed iframe element
DETAILS
Canvas Fingerprinting is one of latest technologies being adopted by websites to track visitors without using cookies. Such websites do this by painting an image on a hidden HTML <canvas> element and then taking a snapshot of it and posting the snapshot back to themselves. Because the exact pixel values in the drawn canvas can differ subtly from one set of hardware to another, these websites can use those differences to distinguish between visitors as well as to recognize specific visitors from one visit to the next. Which is what tracking cookies are normally used for, except that cookies may be disabled or deleted or avoided by browsing in Incognito mode, whereas to avoid Canvas Fingerprinting you need to use a tool like CanvasFingerprintBlock.
The HTML <canvas> element exposes two types of JavaScript functions: functions to draw to the canvas, and functions to export data from the canvas (for the nerds, these are toDataURL() and getImageData()). The canvas-drawing functions are not affected by CanvasFingerprintBlock, so websites that use the canvas for basic drawing will not be affected. On the other hand, when a website tries to export data from the canvas, CanvasFingerprintBlock will “fool” the website by showing it a blank canvas instead of the canvas containing the actual pixels. If the website is reading the canvas data to generate a fingerprint, the generated fingerprint will be useless because CanvasFingerprintBlock makes everyone’s fingerprint look the same.
If a little red fingerprint icon appears in the address bar beside the Bookmark ☆ icon, it means that the website you are visiting has tried to access the data of at least one canvas, and CanvasFingerprintBlock has blocked it. You will be surprised to discover how many websites employ Canvas Fingerprinting! Most websites are quite sneaky in how they create the fingerprint; the canvas is always hidden, and usually the canvas would have already been created, read and removed by the time the website has finished loading! Of course you will be curious to inspect what was being drawn right under your nose, and CanvasFingerprintBlock will let you see it by clicking on the little red fingerprint icon.
Lastly, it is noteworthy to mention that not all websites that are trying to export data from a canvas are doing it maliciously. For example, some photo uploaders will let you edit your photo on a canvas and when you are ready will export the edited photo and upload it to the server. Or some other websites will use a “rough” canvas to draw a gradient or pattern, and will then export the canvas to use that pattern somewhere else on the page. When you see the little red fingerprint icon, by clicking on it it is usually easy to tell whether the blocked canvas was drawn for fingerprinting purposes or not. However it is not so simple to detect this automatically. So for the time being, CanvasFingerprintBlock will block all canvas data exports, and the only way of allowing a canvas read is to disable the extension temporarily. This will be fixed in a future update of CanvasFingerprintBlock.
You may test CanvasFingerprintBlock on this website: http://www.browserleaks.com/canvas
Note: If you are a user of Chrome’s Incognito mode, then to be fully protected it is advisable to enable the CanvasFingerprintBlock extension also in Incognito mode (check “Allow in Incognito”).
中文翻译
重要提示:如果扩展不适用于特定站点,请在“支持”部分发布详细信息,因为这将帮助我修复它。抱怨不公布细节就行不通是毫无意义的。谢谢您。
释放
版本1.5(2016-3-06)
•更新了脚本注入技术,使其也能在具有严格CSP的页面上工作。
版本1.4(2016-3-05)
•Extension试图(不必要地)从外部窗口修补跨源框架中的函数(如GMail中的Hangouts框架、多个站点中的disks框架等)。这破坏了网站的功能;现在这是避免的。
版本1.3(2016年2月28日)
•阻止的iframe[@sandbox]画布读取现在正确显示在弹出窗口中
•每个模块的更详细信息
版本1.2(2016年2月27日)
•现在还阻止了从沙盒iframe元素内的画布读取尝试
细节
画布指纹是一种最新的技术被网站采用,以跟踪访客而不使用cookies。这样的网站通过在隐藏的HTML<;canvas>;元素上绘制一个图像,然后对其进行快照并将快照发布回它们自己来实现这一点。由于绘制画布中的精确像素值在不同硬件集之间可能存在细微差异,因此这些网站可以使用这些差异来区分访问者,并在一次访问到下一次访问时识别特定的访问者。这就是跟踪cookie通常的用途,除了cookie可能会被禁用或删除,或者通过在匿名模式下浏览来避免,而为了避免画布指纹,您需要使用一个工具,如画布指纹块。
HTML<;canvas>;元素公开了两种类型的JavaScript函数:绘制到画布的函数和从画布导出数据的函数(对于nerd,这些函数是toDataURL()和getImageData())。画布绘图功能不受画布指纹块的影响,因此使用画布进行基本绘图的网站将不受影响。另一方面,当一个网站试图从画布导出数据时,CanvasFingerprintBlock将通过显示一个空白画布而不是包含实际像素的画布来“愚弄”该网站。如果网站正在读取画布数据以生成指纹,则生成的指纹将无用,因为画布指纹块使每个人的指纹看起来相同。
如果书签☆图标旁边的地址栏中出现一个红色指纹图标,则表示您正在访问的网站已尝试访问至少一个画布的数据,而CanvasFingerprint块已将其阻止。你会惊讶地发现有多少网站使用画布指纹!大多数网站在如何创建指纹方面相当狡猾;画布总是隐藏的,通常在网站完成加载时画布已经被创建、读取和删除了!当然,你会好奇地检查你鼻子下面画的是什么,而画布指纹块会让你通过点击红色的小指纹图标看到它。
最后,值得注意的是,并非所有试图从画布导出数据的网站都在恶意地这样做。例如,一些照片上载程序将允许您在画布上编辑照片,当您准备好后,将导出编辑的照片并将其上载到服务器。或者其他一些网站将使用一个“粗糙”的画布来绘制渐变或图案,然后将画布导出到页面上其他地方使用该图案。当你看到红色的小指纹图标时,通过点击它,通常很容易判断被屏蔽的画布是否是为了指纹而绘制的。然而,要自动检测到这一点并不是那么简单。因此目前,CanvasFingerprintBlock将阻止所有画布数据导出,允许画布读取的唯一方法是暂时禁用扩展。这将在以后的画布指纹块更新中修复。
您可以在以下网站上测试CanvasFingerprintBlock:http://www.browserleaks.com/canvas
注意:如果您是Chrome的隐名模式的用户,那么为了得到完全保护,建议在隐名模式下也启用canvaskinfingerblock扩展(选中“允许隐名”)