Pale Moon, an alternative browser that forked from Firefox around the time that Firefox went to the "Australis" interface and is a favorite of many Soylentils, has released version 25.6.0 as of today. So what's new in Pale Moon? Let's check the changelog (I'll abbreviate to give you a quick runthrough):
Plus many others that seems less significant to me (but click through for the full list if you'd like to make your own decisions about what's "significant").
There's also a number of security fixes, which I won't quote here but can be found after the list of non-security-related changes.
(Score: 2) by MrNemesis on Tuesday July 28 2015, @08:27AM
Just upgraded my portable instance to test the new privacy features; canvas.poisondata set to true. Same addons as usual; ghostery, adblock latitude, requestpolicy, self-destructing cookies, flashblock, betterprivacy.
Panopticlick [eff.org]
Browser Leaks [browserleaks.com]
Results are unique but non-persistent; it seems to generate a random fingerprint each time I visit. Nice work Moonchild et al.
"To paraphrase Nietzsche, I have looked into the abyss and been sick in it."
(Score: 0) by Anonymous Coward on Tuesday July 28 2015, @12:46PM
can anyone explain the Canvas fingerprinting thing?
(When you set about:config canvas.poisondata true
any data read back from canvas surfaces will have "humanly-imperceptible" data changes.
default off because performance impact on routines reading this data)
But I suppose I have to read up about canvas use first.
(Score: 2) by MrNemesis on Tuesday July 28 2015, @01:08PM
Was just reading up on canvas myself - I'd read about fingerpriting some years back but never really figured out how it worked. This is all just from half an hours worth of reading bits so if there are any people with better knowledge please feel free to correct.
https://en.wikipedia.org/wiki/Canvas_fingerprinting [wikipedia.org]
Here's me paraphrasing how it works as I understand it - HTML5 canvas is a new-fangled HTML doohickey that allows drawing/rendering of geometry elements - something that apparently varies (minutely) depending on how it's drawn (e.g. things like the GPU and driver version will alter how objects are drawn on a system with GPU acceleration enabled, etc - e.g. nvidia GPUs will draw differently to intel which will draw differently to CPU-only for instance). Apparently there's enough variation there to add quite a few more bits of information to other fingerprinting techniques (cookies, LSO cookies, DOM storage etc). A hash can then be taken of that element (the browserleak example uses canvas to render a small PNG and shows you the SHA256 hash of it). It seems what PM is doing is artificially introducing its own, pseudo-random, bits of variation in these draw routines to ensure that the canvas-drawn elements are minutely different each time they're rendered. I suspect it's not on by default because, for things like maybe browser games or somesuch, generating all those random imperfections might add up to a large amount of CPU time - which is already at a premium in a single-threaded browser.
From the link above https://www.browserleaks.com/canvas, [browserleaks.com] with canvas.poisondata set back to false, browser detection started working again (it couldn't previously determine I was running PM via canvas alone) there are apparently 24 other people using the same configuration as me (I don't have HW acceleration turned on in this instance).
I really need to learn to tone down my use of brackets...
"To paraphrase Nietzsche, I have looked into the abyss and been sick in it."