Canvas fingerprinting warning.

[konark-cliqz]

When whotracks.me is opened with privacy.resistFingerprinting or in Tor browser (with JS allowed), it throws a warning related to canvas fingerprinting.

[ecnmst]

@konark-cliqz We use the html canvas to generate the tag cloud on a tracker's profile, which is the only kind of page you will get the warning in. Everything is done on the client, I can't see any privacy implications of this. Here's the implementation: https://github.com/cliqz-oss/whotracks.me/blob/master/templates/components/tag_cloud.html

I'm afraid there is not much we can do here except exploring different ways for generating something similar to what we have. Temporarily leaving the issue open for suggestions or PRs.

[acatarineu]

Just for reference, according to https://github.com/mozilla/pdf.js/issues/7026 this gets triggered when one of these canvas APIs get used (potentially allowing fingerprinting):

• getImageData
• isPointInPath
• isPointInStroke
• toBlob
• toDataURL
• mozFetchAsStream
• mozGetAsFile

It seems there is usage in d3.layout.cloud.js and plotly.js, not sure how feasible/worth is it to avoid using these functions.