Stories
Slash Boxes
Comments

SoylentNews is people

Alternative Browser Pale Moon Releases Version 25.6.0 With Privacy, Security Fixes

posted by janrinok on Monday July 27 2015, @08:30PM   Printer-friendly
from the doing-what-FF-promised-to-do dept.

AndyTheAbsurd writes:

Pale Moon, an alternative browser that forked from Firefox around the time that Firefox went to the "Australis" interface and is a favorite of many Soylentils, has released version 25.6.0 as of today. So what's new in Pale Moon? Let's check the changelog (I'll abbreviate to give you a quick runthrough):

  • Canvas anti-fingerprinting option: Pale Moon now includes the option to make canvas fingerprinting much more difficult.
  • Added a feature to allow icon fonts to be used even when users disallow the use of document-specified fonts (no more dreaded "boxes" with hex codes).
  • Added a feature to prevent screen savers from kicking in when playing full-screen HTML5 video. (Windows only for now)
  • The "autocomplete=off" parameter for signon forms is now completely ignored by default, to keep the user in control of their browser's behavior
  • Added the option to use Chrome://../skin/ overrides, in effect allowing the use of "Icon themes"
  • Added a count for the number of matches in the find bar

Plus many others that seems less significant to me (but click through for the full list if you'd like to make your own decisions about what's "significant").

There's also a number of security fixes, which I won't quote here but can be found after the list of non-security-related changes.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Alternative Browser Pale Moon Releases Version 25.6.0 With Privacy, Security Fixes | Log In/Create an Account | Top | 35 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by MrNemesis on Tuesday July 28 2015, @08:27AM

    by MrNemesis (1582) on Tuesday July 28 2015, @08:27AM (#214756)

    Just upgraded my portable instance to test the new privacy features; canvas.poisondata set to true. Same addons as usual; ghostery, adblock latitude, requestpolicy, self-destructing cookies, flashblock, betterprivacy.

    Panopticlick [eff.org]

    Your browser fingerprint appears to be unique among the 5,651,305 tested so far.

    Browser Leaks [browserleaks.com]

    Fingerprint not found in DB

    Results are unique but non-persistent; it seems to generate a random fingerprint each time I visit. Nice work Moonchild et al.

    --
    "To paraphrase Nietzsche, I have looked into the abyss and been sick in it."
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 0) by Anonymous Coward on Tuesday July 28 2015, @12:46PM

    by Anonymous Coward on Tuesday July 28 2015, @12:46PM (#214814)

    can anyone explain the Canvas fingerprinting thing?

    (When you set about:config canvas.poisondata true
    any data read back from canvas surfaces will have "humanly-imperceptible" data changes.
    default off because performance impact on routines reading this data)

    But I suppose I have to read up about canvas use first.

    • (Score: 2) by MrNemesis on Tuesday July 28 2015, @01:08PM

      by MrNemesis (1582) on Tuesday July 28 2015, @01:08PM (#214824)

      Was just reading up on canvas myself - I'd read about fingerpriting some years back but never really figured out how it worked. This is all just from half an hours worth of reading bits so if there are any people with better knowledge please feel free to correct.

      https://en.wikipedia.org/wiki/Canvas_fingerprinting [wikipedia.org]

      Here's me paraphrasing how it works as I understand it - HTML5 canvas is a new-fangled HTML doohickey that allows drawing/rendering of geometry elements - something that apparently varies (minutely) depending on how it's drawn (e.g. things like the GPU and driver version will alter how objects are drawn on a system with GPU acceleration enabled, etc - e.g. nvidia GPUs will draw differently to intel which will draw differently to CPU-only for instance). Apparently there's enough variation there to add quite a few more bits of information to other fingerprinting techniques (cookies, LSO cookies, DOM storage etc). A hash can then be taken of that element (the browserleak example uses canvas to render a small PNG and shows you the SHA256 hash of it). It seems what PM is doing is artificially introducing its own, pseudo-random, bits of variation in these draw routines to ensure that the canvas-drawn elements are minutely different each time they're rendered. I suspect it's not on by default because, for things like maybe browser games or somesuch, generating all those random imperfections might add up to a large amount of CPU time - which is already at a premium in a single-threaded browser.

      From the link above https://www.browserleaks.com/canvas, [browserleaks.com] with canvas.poisondata set back to false, browser detection started working again (it couldn't previously determine I was running PM via canvas alone) there are apparently 24 other people using the same configuration as me (I don't have HW acceleration turned on in this instance).

      I really need to learn to tone down my use of brackets...

      --
      "To paraphrase Nietzsche, I have looked into the abyss and been sick in it."