We talked about a fingerprinting technique using Canvas before and explained how companies make use of the feature supported by all modern web browsers to track users across the Internet.
The most recent update of Pale Moon, a Firefox spin-off, introduces a native option in the browser that should make it a lot harder for others to use Canvas to fingerprint the browser.
Tip: If you want to check if a fingerprint may be created of your browser to track you online, check out this online test.
The new Poison Data option is not enabled by default in Pale Moon due to its impact on performance when Canvas is being used in the browser.
Pale Moon users can enable it in the following way:
- Type about:config in the browser's address bar and hit enter.
- Search for canvas.poisondata
- A double-click on the preference toggles its state.
To undo the change at any point in time, repeat the process described above.
So how do you know it is working? Simple, you visit the test page linked above and reload it a couple of times. You should get a new signature with every reload after you enable the Poison Data option in Pale Moon while the signature should not change at all without the preference (provided you don't use other defensive measures to protect your browser).
Anti-fingerprinting is definitely the core new feature of Pale Moon 25.6.0 but it is not the only one. Firefox users may recognize some of the features as Mozilla implemented them in Firefox in the past.
Here is a short rundown of the most important feature additions and changes in Pale Moon 25.6.0:
- Icon fonts are now loaded by default even if font loading is disabled. The feature will land in Firefox 41. The preference gfx.downloadable_fonts.enabled defines whether Firefox will download icon fonts automatically or not.
- The parameter autocomplete="off" is ignored by Pale Moon so that authentication information can be saved regardless of website preference. Users who want to disable the feature need to set signon.ignoreAutocomplete to false. A similar feature landed in Firefox 29.
- Screensavers are blocked automatically by Pale Moon if HTML5 video is played in fullscreen mode.
- CSP "nonce" keywords are now supported.
- Chrome://../skin/ overrides are supported now allowing users to customize browser icons.
- Several security fixes.
Details are provided by the official release notes. Existing users may use the browser's automatic update feature to update to Pale Moon 25.6.0 while new users find downloads for their operating system at the official project website.