Thorin-Oakenpants
commented
9 months ago there is no RFP for webgl except for
- 1217290 + 1409677
- without digging, among other things it sets Minimal-Capabilities mode - see https://bugzilla.mozilla.org/show_bug.cgi?id=1684230#c8 and thus controls some parameters and values
- 1337157 - disable WebGL debug renderer info
- this is AFAIK the
VENDOR,RENDERER,UNMASKED_VENDOR_WEBGL+UNMASKED_RENDERER_WEBGL - see https://canvasblocker.kkapsner.de/test/webGL-Test.html
- this is AFAIK the
RFP does not protect against fingerprinting via readPixels(), which is why as a default, we disable webgl altogether
/* 4520: disable WebGL (Web Graphics Library)
* [SETUP-WEB] If you need it then override it. RFP still randomizes canvas for naive scripts ***/
user_pref("webgl.disabled", true);excluding the entropy from parameters, their values, and other info such as vendor etc - all of which is not insignificant - the actual rending itself is like canvas - i.e you can draw shapes, add colors, blend, stroke, add text, transform, use math .. and so on - i.e exploit the GPU - to get entropy
IDK what it is the browserleaks test is doing and what makes you think forbid-hardware makes your webgl FP safe
Dmaker13
My WebGL image is being read on browserleaks until I turn "webgl.forbid-hardware" to "true". Then the fingerprinting resistance works. I didn't see anybody else talk about this, so I thought to post. Is it a bad idea to set "webgl.forbid-hardware" to "true" for any reason? I am a newbie, so its prob me.
Oh yea, I noticed the webgl.diabled setting is off and locked. When I try to reverse it in my user overrides, it doesn't work.