ESR128: canvas exceptions trigger FPP canvas [1896175]
edit: https://bugzilla.mozilla.org/show_bug.cgi?id=1896175
FPP is on by default in pb mode. When RFP canvas is relaxed (temporary site exception), FPP's subtle randomization kicks in
- see pic of TB-dev using FF126: where persistent subtle randomization is applied to getImageData, toBlob and toDataURL
Note: that all FPP protections (aside from android fonts when/if landed) have an equivalent RFP protection. And if FPP ever added something that RFP doesn't have (fonts is a little weird since we use whitelists not RFP and do nothing for android so yes android would be affected), we would expect it to be added to RFP and it would require a RFPTarget.
As tom said
Yeah... I think we should have a bug on file for this. Canvas is just unusual because there's 4 behaviors to account for across the 2 different modes and then 2 ways of exempting a site that affect the modes differently.
I kinda like this and mooted the idea in costa rica under the gazebo, as we wouldn't leak the real canvas even when relaxed ... but it also means the end-user has no means to totally disable canvas protections, and TBH, I don't think this was ever intended.
So we should decide if we want this or not .. or can we add another site exception permission level?
PS: setting privacy.fingerprintingProtection.pbmode
= false
(and restarting) did not mitigate this, so we'll probably need a patch somewhere