Is it necessary to disable canvas from the browser if it offers to disable or allow them on the site? As well as browser security settings presets

[Demon12377]

🟥 https://github.com/arkenfox/user.js/wiki/5.2-Troubleshooting

• [x] I have read the troubleshooting guide, done the checks and confirmed this is caused by arkenfox
  • unchecked issues may will be closed as invalid

🟪 REQUIRED INFO

• Browser version & OS: Firefox 127.0 64bit. Windows 10
• Steps to Reproduce (STR): Go to a site where canvas can be retrieved and a pop-up window will appear about the use of canvas, there is a choice of allowing or disabling or doing nothing.
• Expected result: In the settings there are presets of protection; the default is maximum, but not custom. Why can't I use a custom one by default so that there is no warning about canvas? Should all canvas be blocked, or is this not necessary?
• Actual result: Unknown choice, if you do not allow or block, will the canvas be blocked by default or not?
• Console errors and warnings: None
• Anything else you deem worth mentioning: I don't understand if my canvases are blocked if I haven't chosen to block or allow them? Is it possible to set a custom setting in the preset settings so that it is always blocked or not?

---

[Thorin-Oakenpants]

Are you using RFP? open about:config, type in resist .. if privacy.resistFingerprinting is true then you're using it. Are you in PB mode?

AFAIK the canvas permission is RFP only

here is a choice of allowing or disabling or doing nothing.

there are only two choices - doing nothing is the same as continuing to block

well, there is a third in a sense - you can use the checkbox to allow the site exception for the session only or permanently

In the settings there are presets of protection

https://github.com/arkenfox/user.js/wiki/3.3-Overrides-[To-RFP-or-Not]#-rfp

RFP is not part of ETP or any of those settings There are no settings for RFP canvas. Are you using FPP or RFP?

[Demon12377]

Are you using RFP? open about:config, type in resist .. if privacy.resistFingerprinting is true then you're using it. Are you in PB mode?

Yes, I have "true"

I’m still learning your work and don’t understand well between FRP and RFP and their relationship. So I completely read your wiki and didn’t fully understand. No, this appears in regular windows, not only in private ones. I installed your preset out of the box and didn't change anything. I would like full-fledged full protection

That is, if this sentence pops up, it also immediately blocks it? Or do I need to confirm the blocking by clicking "Block"?

I would also like to know if it’s better not to touch the ETP settings block?

[Thorin-Oakenpants]

So RFP (if true) overrides everything else. It is built for Tor Browser to Resist FingerPrinting - and it has side effects (breakage, usability issues - understandable when you disable APIs and break web standards). RFP is all or nothing - you don't get to choose what you want - the only exception here is Canvas which you can add a per site exception to. This does not apply to FPP (see next paragraph). RFP covers a LOT of stuff - 100 or so metrics (things that can be used to build a fingerprint). Canvas is randomized.

FPP (FingerPrinting Protection) comes bundled with Firefox in Private Browsing mode, or if you have ETP Strict enabled. FPP currently only ships with a couple of metric protections (canvas, fonts and soon math). The key here is that it randomizes canvas, but subtlely so almost nothing breaks (and the human eyeball can't tell the difference). This is likely enough to thwart most fingerprinting scripts, but no-one really knows (scripts if they wanted to can tell this is random). And FPP can ship interventions to unbreak sites. Canvas does not have a per site exception.

Arkenfox, which is a template, currently uses RFP. Arkenfox also currently uses ETP Strict. When arkenfox 128 is released, it will no longer have RFP enabled and users will fall back to using FPP - as long as users run prefsCleaner. The reason for this is to provide a more usable default user.js (which, again, is a template) - and those who are more tech minded can add RFP and related prefs as overrides (if it suits them)

I would like full-fledged full protection

RFP is about fingerprinting, and you'll get pretty much the same result with RFP and FPP on Firefox, in my opinion (because both randomize canvas). RFP does have protection against timing and many side channel attacks, and covers a lot more metrics - but those extra metrics don't mean as much (they still mean something though) when there isn't a large crowd of RFP-on-Firefox users to hide in (RFP is not default or front facing in Firefox, unlike say in Tor Browser or Mullvad Browser).

Leave ETP at Strict - if you have a site issue you can always click the blue shield in the urlbar and change it per site