Tor Browser's HTML5 canvas fingerprinting dialogue could use a "Revoke" button
Currently when a website tries to access an HTML5 canvas, Tor Browser displays a little XUL dialogue near the URL bar which asks if you would like to give permission for that site to access the canvas. The options are "Allow in the Future", "Never Allow", and "Not Now". To see an example, just go look at someone's Github profile or view one of Riseup's Etherpads.
The problem is that after users pick one of these choices, the permission is stored via the NSIPermissionsManager
and is only accessible to an end user by going to about:permissions
. There really should be an easier way to access this, and at the very least, users should be able to easily revoke permissions later.