Firefox 58 warns if websites use canvas image data
Mozilla plans to display permission prompts if websites or services attempt to use HTML5 Canvas Image Data in the Firefox web browser.
Canvas fingerprinting is a byproduct of the HTML5 Canvas technology that all browser makers added to their browsers.
As is the case with many technologies, it can be used for good or bad, and in the case of canvas fingerprinting it is to track users.
While there is no native option available to turn off the Canvas functionality in Firefox, add-ons are available that block sites from using Canvas. These add-ons, CanvasBlocker and Canvas Defender come to mind, display notifications or block requests outright depending on how they are configured.
Mozilla plans to integrate a permissions prompt natively in the Firefox web browser. The new feature is part of efforts to introduce Tor security features or hardening into Firefox.
Firefox displays a permission prompt when you visit a site that uses HTML5 canvas image data. This is the case for GitHub for instance, and also on eBay and many other sites.
The message that Firefox displays is (subject to change):
Will you allow [site] to use your HTML5 canvas image data? This may be used to uniquely identify your computer.
You may allow access or block it, and also use the “always remember my decision” checkbox to enforce the rule on future visits as well.
The feature is live in Firefox Nightly already currently. Please note that it appears incomplete in the browser version. While you do get a prompt to allow or deny site access to HTML5 canvas, options to manage permissions appears to be missing right now.
When you click on the informational icon — the i — next to the address for instance, permissions does not reflect the choice that you have made.
The permissions preferences in the Firefox options furthermore don’t list canvas as a permission that you can control there.