kkapsner / CanvasBlocker

A Firefox extension to protect from being fingerprinted.
https://canvasblocker.kkapsner.de
Mozilla Public License 2.0
1.17k stars 87 forks source link

LinkedIn icons missing, message text field pre-filled with "undefined" & doesn't work. #709

Open RainyCityCoder opened 6 months ago

RainyCityCoder commented 6 months ago

Expected Behaviour

Current Behaviour

Imgur

Possible Solution

Unknown. Open to changing my settings, as I'm comfortable messing around.

Steps to Reproduce (for bugs)

  1. Navigate to LinkedIn.com and login.
  2. Open the messaging page (linkedin.com/messaging/...) & attempt to enter text into the text entry field of a message with a contact.
  3. Navigate to nearly any part of the website and observe missing icons.

Context

Your Environment

Your Settings

{
    "logLevel": 1,
    "urlSettings": [],
    "hiddenSettings": {},
    "expandStatus": {},
    "displayHiddenSettings": false,
    "whiteList": "",
    "sessionWhiteList": "",
    "blackList": "",
    "blockMode": "fake",
    "protectedCanvasPart": "readout",
    "minFakeSize": 1,
    "maxFakeSize": 0,
    "rng": "nonPersistent",
    "protectedAPIFeatures": {},
    "useCanvasCache": true,
    "ignoreFrequentColors": 0,
    "minColors": 0,
    "fakeAlphaChannel": false,
    "webGLVendor": "",
    "webGLRenderer": "",
    "webGLUnmaskedVendor": "",
    "webGLUnmaskedRenderer": "",
    "persistentRndStorage": "",
    "persistentIncognitoRndStorage": "",
    "storePersistentRnd": false,
    "persistentRndClearIntervalValue": 0,
    "persistentRndClearIntervalUnit": "days",
    "lastPersistentRndClearing": 1715109078865,
    "sharePersistentRndBetweenDomains": false,
    "askOnlyOnce": "individual",
    "askDenyMode": "block",
    "showCanvasWhileAsking": true,
    "showNotifications": true,
    "highlightPageAction": "none",
    "highlightBrowserAction": "color",
    "displayBadge": true,
    "storeNotificationData": false,
    "storeImageForInspection": false,
    "ignoreList": "",
    "ignoredAPIs": {},
    "showCallingFile": false,
    "showCompleteCallingStack": false,
    "enableStackList": false,
    "stackList": "",
    "protectAudio": true,
    "audioFakeRate": "100",
    "audioNoiseLevel": "minimal",
    "useAudioCache": true,
    "audioUseFixedIndices": true,
    "audioFixedIndices": "2",
    "historyLengthThreshold": 2,
    "protectWindow": false,
    "allowWindowNameInFrames": false,
    "protectDOMRect": true,
    "domRectIntegerFactor": 4,
    "protectSVG": true,
    "protectTextMetrics": true,
    "blockDataURLs": true,
    "protectNavigator": false,
    "navigatorDetails": {},
    "protectScreen": true,
    "screenSize": "",
    "fakeMinimalScreenSize": true,
    "displayAdvancedSettings": false,
    "displayDescriptions": false,
    "theme": "auto",
    "showPresetsOnInstallation": true,
    "dontShowOptionsOnUpdate": false,
    "disruptSessionOnUpdate": false,
    "updatePending": false,
    "isStillDefault": false,
    "storageVersion": 1
}
rajacs50 commented 6 months ago

Facing the same problem and behaviour.

pushing-boulders commented 6 months ago

Hello everyone! Same here. Just noticed it yesterday, but didn't have time to report.

If I disable CanvasBlocker, the names and icons return as expected.

UsmanAhmadSaeed commented 6 months ago

+1 CanvasBlocker Version used: 1.10.1 Firefox version: 125.0.3 (64-bit) Operating System and version (desktop or mobile): Windows 11 (Desktop/Laptop) I too have tested add-on by add-on to identify CB being the cause. The icons of reactions below posts, descriptions of posts etc appear as undefined when CB is active.

Screenshot 2024-05-13 231330

verchalent commented 5 months ago

Same issue. Only solution so far is disabling canvasblocker for the site and I really don't want to do that.

kopach commented 5 months ago

whitelist linkedIn.com domain and that should fix the problem. As an option - experiment with what exactly to whitelist by using "whitelist temporarily" which works until browser restart. This way you can enable only Real api, which otherwise breaks linkedIn

DoulosTrieste commented 5 months ago

canvas1 canvas2 canvas3

It seems that either History or Screen API is the culprit. History API cannot be whitelisted individually, and Screen API has its whitelist section but unchecking linkedin.com does not actually work, the API continues to be active.

Also noticed a strange situation with the whitelist settings. When all APIs are selected in the whitelist section, CanvasBlocker displays only DOMRect API to be blocked. So when I unticked DOMRect in the whitelist section and reload LinkedIn, Canvasblocker displays 4 APIs: History, Screen, Canvas, Audio. After unticking every single API in the whitelist but allowing Canvasblocker to work on LinkedIn, a reload of that page continues to show History and Screen APIs being blocked.

spodermenpls commented 5 months ago

@verchalent Since one can use LinkedIn (with a few, surface-level exceptions) only while being logged-in, CanvasBlocker being inactive for that site changes next to nothing in terms of one's privacy. Microsoft already knows who you are, if you are registered and logged-in, no real point in trying to blur some of one's fingerprints in that scenario. The issue is however a nuisance, and hopefully will be fixed (so as the other ones) by @kkapsner once he is hopefully soon back from his current hiatus.

@kopach The "temporary whitelist" feature is only able to whitelist a domain as a whole, not API protections individually, so it's not suited to be used for such a "culprit-finding" mission. This can only be done by using the site-specific settings at the specific API one wants to test (which is made a lot easier by the fact that once one domain is added to one site-specific valueset of one API, the domain gets displayed on all site-specific value lists, one just has to remove the checkmark and observe the difference it makes on the website [the API protection being active/not active]).

@DoulosTrieste The History API protection can't be whitelisted on a per-site basis, but one can set the browser history length (which gets communicated to the website, and is the "protection" that is at work here) individually for each website. Also notice how it's called "protection" and not "blockage", only the Canvas API can be outright blocked (if one sets the setting like that, which is not recommended), the other APIs get more so "spoofed" in a privacy-friendly manner but still remain active (otherwise it would break websites left and right and make them unusable). The addon name and description may suggest otherwise, but those are remnants of a time when "CanvasBlocker" still was only dealing with the Canvas API, before it grew into a whole "anti-fingerprinting" suite.

Hovering your cursor over the CanvasBlocker icon is not sufficient to find out which API protection gets called by which domain, click on the fingerprint icon inside the address bar instead to see the proper list. Modern websites often times call APIs from more than just their original domain, so having whitelisted one for the Screen API and CB still showing Screen protection activity nevertheless on that website is not a direct sign of malfunction.

My gut feeling regarding this is that it's another general problem with CanvasBlocker, independent of individual API protections being active or not (I don't have a LinkedIn account, therefore can't test it myself). @verchalent I see you mentioned "disabling CanvasBlocker", do you mean by that having to disable CB as a whole in the addon manager, or did you simply whitelist linkedin.com to get rid of the display issues?

WebworkrNet commented 4 months ago

Maybe related to LinkedIn page not usable after login #697.

nkapila6 commented 1 month ago

Struggling for months on this and realized that the extension blocking was causing it. Whitelisted LinkedIn and all's gucci now.