Mozilla is planning to block it (and the APIs it relies on) by default for all content, I think, regardless of how many apps it breaks. That seems like a reasonable countermeasure since people with canvas fingerprinting blocked will not be a small identifiable group.
Yeah, that's great. Blocking/spoofing fingerprinting is a bit like wearing a mask. If it's only a handful of people, it may even be worse from a privacy/tracking perspective -> look, the guy with the mask
Well, if Canvas Defender actually worked, you could change fingerprints daily or weekly or whatever. So you'd still have a valid fingerprint. Just not invarient.
Still, you'd get a pretty unique fingerprint, so even if it changes, it can help reduce the entropy bits if the trackers are half smart (hey, this is the guy with the Nixon mask, now he's wearing an Obama mask instead). You don't need to just hide your real fingerprint, you need to make it look like everybody else's.
It doesn't seem like canvas defender replaces HTMLCanvasElement.prototype.getImageData anyway, so one could simply use that to generate a hash.
Hiding the fact that the function in non-native requires replacing Function.prototype.toString with something that will return a fake result if the function being tested is one of the modified ones. If an userscript replaces that toString prototype before you can grab it, I'm unaware of any other way to test if a function is native.
I mean, we know that simply blocking it doesn't work.[0]
0) https://multiloginapp.com/how-canvas-fingerprint-blockers-ma...