Firefox expands fingerprint protections

Original Article ↗ Hacker News Discussion ↗

Add-ons, Breakage, and Usability Tradeoffs

  • Several commenters run heavy privacy stacks (NoScript/uMatrix, CanvasBlocker, Decentraleyes, uBlock Origin, Temporary Containers, etc.).
  • Common pattern: most sites work, but video, payments, and JS-heavy docs often need manual whitelisting; some resort to a “if it breaks I don’t need it” mindset or fall back to Chrome for one-off sites.
  • JS-required documentation and Cloudflare “unblock challenges.cloudflare.com” walls are particular pain points.

Do Privacy Add-ons Increase Fingerprint Uniqueness?

  • One camp argues extra extensions add entropy (unique combo of blockers, JS/CSS disabled, canvas behavior), making users more trackable; Tor explicitly warns against extra extensions.
  • Others counter that blocking third-party scripts/hosts removes major tracking vectors and that many fingerprinting methods (fonts, TLS, network behavior) exist regardless.
  • Disagreement over NoScript vs uBlock: some say uBlock in advanced mode makes NoScript redundant and fewer extensions are better; others report NoScript measurably improves their fingerprint “commonness” in tests.

Canvas Noise and Developer Concerns

  • Adding noise to canvas/image data is seen by some as dangerous: could corrupt web photo editors or any JS image processing.
  • Firefox ties this to “Suspected Fingerprinters” / ETP, but there’s confusion over the granularity of per-site controls.

Effectiveness of Firefox’s Fingerprinting Protections

  • Mixed reports from fingerprint.com tests: older resistFingerprinting used to change hashes per restart; newer behavior sometimes yields stable hashes, implying trackers have improved heuristics.
  • Some note that even identical browser fingerprints don’t hide network-level differences (TLS, routing, behavior).
  • Others insist partial defenses still matter: making tracking more costly and less reliable, even if impossible to fully defeat.

Ethics, Threat Models, and Analogies

  • Motivations differ: some want to avoid ads/marketing; others worry about broad surveillance and data aggregation.
  • Multiple commenters reject the “it’s just like a shopkeeper recognizing you” analogy, stressing:
    • scale (billions, not dozens),
    • cross-site/cross-company correlation,
    • hidden/automated nature,
    • potential harms and secondary uses.

Browser Market Share and Ecosystem Power

  • Firefox’s small share makes its users easier to isolate statistically, even with protections.
  • Debate over Chromium forks: convenient and feature-rich but seen as reinforcing Google’s control of web standards; some argue independent engines (Gecko, WebKit) are needed to counter this.

Containers, Profiles, and Isolation Strategies

  • Profiles and container extensions (Multi-Account Containers, Temporary Containers, Auto Containers, Cookie AutoDelete) are popular for compartmentalizing login states and reducing cross-site tracking.
  • “Every-tab-new-container” approaches can significantly disrupt tracking but often break logins and require per-site tuning.

CAPTCHAs, Cloudflare, and Publisher Behavior

  • Strong fingerprinting resistance (and VPNs) can break Cloudflare and similar bot checks; some users report unsolvable CAPTCHAs.
  • Example: NYTimes repeatedly flagging a paying user as a bot, leading to canceled subscriptions or paywall workarounds.

Firefox Features and Configuration Friction

  • Some dislike Firefox’s new AI/ML UI elements and want simpler, non-intrusive controls; others note they can be hidden via settings or toolbar/context menus, but discoverability is poor.
  • Letterboxing and resistFingerprinting help standardize viewport/canvas size, but at least one user finds their unusual layout still yields a unique canvas.