Firefox's protection against fingerprinting

Revision Information
  • Revision id: 199356
  • Created:
  • Creator: AliceWyman
  • Comment: note on ETP for fx72+ , new image, other edits (see discussion)
  • Reviewed: No
  • Ready for localization: No
Revision Source
Revision Content

Like other browsers, Firefox’s functionality is influenced by your operating system, hardware, graphics cards, additional software, and even the fonts you install. Some website technologies, like HTML5 Canvas, can even uniquely identify you based on how your computer draws images.

Some websites, particularly those using HTML5 Canvas, look at this unique combination of factors and assign you a number, or a “fingerprint”, which makes you identifiable across the Web. This “fingerprint” is potentially used to profile you for targeted content without the use of cookies.

Currently, Fingerprinting Protection is an experimental feature that is under heavy development in Firefox. It is likely that it may degrade your web experience, so we recommend it only for those willing to test experimental features.

How am I protected?

If a website tries to extract your data, Firefox will warn you with a prompt in the address bar. You can choose whether to allow the website to extract your data. This is the most common way to observe this protection.

fingerprint promptFx75-HTML5Canvas

However, the Canvas Permission Prompt is not the only thing that Fingerprinting Protection is doing. Fingerprinting Detection also looks at other factors:

  • Your timezone is reported to be UTC
  • Not all fonts installed on your computer are available to webpages
  • The browser window prefers to be set to a specific size
  • Your browser reports a specific, common version number and operating system
  • Your keyboard layout and language is disguised
  • Your webcam and microphone capabilities are disguised
  • The Media Statistics Web API reports misleading information
  • Any Site-Specific Zoom settings are not applied
  • The WebSpeech, Gamepad, Sensors, and Performance Web APIs are disabled
This is not an exhaustive list - other features may be altered or disabled.

How do I enable or disable this protection?

Currently, Fingerprinting Protection is an experimental feature enabled by a confirmation flag set in about:config. It can also be enabled by Web Extensions.

Warning: These instructions are for experienced Firefox users. Changing settings in the Configuration Editor (about:config) can have serious effects on your browser’s stability, security and performance.
Only proceed if you are comfortable with advanced settings and understand the potential impacts.

  1. Type about:config in the address bar and press EnterReturn.
    A warning page may appear. Click Accept the Risk and Continue to go to the about:config page.
  2. Search for privacy.resistFingerprinting and see if it is bolded and set to true. If so, you, or an extension you installed, has enabled this preference. You can double-click the preference or click the Toggle Fx71aboutconfig-ToggleButton button to toggle the setting to false.

If you discover the setting has become re-enabled, it is likely a Web Extension you have installed is setting it for you.

Note: Firefox also has an Enhanced Tracking Protection feature that blocks a list of domains known to serve fingerprinting scripts by default (see this article to learn more). This is not the same as Fingerprinting Protection, which disguises and misreports Firefox to websites to resist fingerprinting (for example, by showing a different user agent and time zone and by disguising microphone and camera capabilities).