Hacker News new | ask | show | jobs
by capitainenemo 1045 days ago
[EDIT] If anyone is wondering why it is rendering poorly in Firefox with Resist Fingerprinting enabled, that's because this page seems to serve the game from a random CDN on a different host. https://v6p9d9t4.ssl.hwcdn.net/html/8469963/index.html in my case.

Because the canvas is attempting to read pixels, which can be used for fingerprinting, Firefox is blocking this. But because it is being done in an iframe, there is no prompt until you open the iframe in a new tab at which point you can whitelist it, and it will work ok in the original iframe too. Unfortunately reloading it in the original may give you a totally different host to whitelist, repeating the problem. So, probably best to just play outside the iframe.

In order to do that I had to inspect the page and copy the url since I can't right click on the game iframe to choose open in new tab, probably because it is capturing that.

Oh, you can also allow canvas fingerprinting, but that seems like a bad idea - maybe in a separate firefox profile just for sites like this one..
7 comments
nemetroid 1045 days ago
It sounds like you have privacy.resistFingerPrinting enabled, an experimental feature which is disabled by default:

https://support.mozilla.org/en-US/kb/firefox-protection-agai...

link
LoganDark 1045 days ago
> an experimental feature which is disabled by default

Good luck trying to figure out that is the issue if you don't keep it in mind at all times. (No matter how obvious it seems - hindsight will never not be 20/20.)

link
gpspake 1045 days ago
Random coincidence... This is the second post this has popped up in today. Another frontpage post mentioned this in regard to getting blocked by Cloudflare. https://news.ycombinator.com/item?id=37049016
link
capitainenemo 1045 days ago
Yep! Sorry, didn't mean to imply it wouldn't work at all. I'll edit my post if HN still allows me to.

I'll note that apart from a handful of sites where it causes additional checks and occasional breakage (noted them in another comment below), I'm really happy with that setting. I leave it on by default and only have to break out a fingerprinted Firefox profile on rare occasion.

link
llui85 1045 days ago
Tip: In Firefox you can use Ctrl-Shift click to bypass context menu blocking.
link
jempo 1045 days ago
Woah, thank you. I have always set dom.event.contextmenu.enabled to False, which does the job permanently and for every website. But some websites require you to en-/disable it again and this shortcut is a nice little QoL improvement. I wish there was a complete list of "hidden" features like that.
link
schemescape 1045 days ago
iPad/iPhone also don’t allow localStorage to persist in this scenario (iframe with unrelated domain). Even worse, there’s no way to detect the failure because it’s to resist fingerprinting.

Adtech and mitigations are ruining the internet…

link
vmfunction 1045 days ago
>Oh, you can also allow canvas fingerprinting, but that seems like a bad idea - maybe in a separate firefox profile just for sites like this one..

No it won't help. That is big problem with finger printing. It basically logs your computer hardward with the profile.

So no matter how many times you make new profiles. This can be mitigated via VM. However with bugs such as zenbleed, VM may not be enough.

Nothing is private has a good demo. https://github.com/gautamkrishnar/nothing-private That is reason why we need to not allow WEI or anything like that on massive scale.

link
capitainenemo 1045 days ago
I meant, use a dedicated Firefox profile that you only use for a small handful of websites where you don't want Resist Fingerprinting enabled, and your regular profile for the 99.99% of other sites. You can run both at once even.
link
burkaman 1045 days ago
What issues are you seeing? It works fine for me, and I'm pretty sure I have all the fingerprinting protections turned on.
link
capitainenemo 1045 days ago
Resist Fingerprinting was enabled. I updated my comment to note that.
link
ladyanita22 1045 days ago
It renders just fine for me
link
solardev 1045 days ago
It feels like there's one of these "doesn't work on FF" threads any time there's a post about a halfway interesting web app.

Intentional or not, they really contribute (in my mind at least) to the overall perception that Firefox is truly dead. Nobody even tests for it anymore, or worse, accepts that it's fine to be broken on FF.

link
burkaman 1045 days ago
Counterpoint: I use Firefox with every privacy setting maximized and several extensions installed, and I can't remember the last time I had an issue with something posted here. This game works fine for me as well.

The only apps that are noticeably worse in Firefox for me are Google Docs and Google Meet.

link
sph 1045 days ago
I use Google Docs and Google Meet (calling, webcam, screensharing) and it's perfectly fine on Firefox Linux. What do you mean?

I honestly do not know a single site that is broken with Firefox. What breaks sites is my strict DNS filtering setup, not the browser I use.

link
donatj 1045 days ago
I think part of the reason nobody tests for it anymore is just because web standards have largely gotten so good. I don't often test in FireFox these days myself largely in part because it just hasn't been a problem in years.

I'm old enough to remember the days when every change I made I had to roll through multiple versions of IE all the way back to 6, and different things would be broken in different versions.

link
butz 1045 days ago
It makes me shudder to remember when we had to include some outlandish workarounds just to make shadows work on IE6, not to mention custom web fonts.
link
donatj 1045 days ago
Transparent PNGs using CSS filter:progid:DXImageTransform.Microsoft.AlphaImageLoader is my shudder. Flat design would have made life so much easier back then.
link
LoganDark 1045 days ago
Remember the Line25 "realistic shadows" pack??

(I cringe when I look at some of the emails I had with them back when I was 11, though...)

link
mikepurvis 1045 days ago
The ghost of sIFR looms large in the memories of some.
link
NikolaNovak 1045 days ago
I feel first we need to validate the original premise that there's something wrong with this game in Firefox.

I'm running Firefox, with containers enabled, with ublock origins (and as such "somewhat privacy conscious over and above the defaults"), and this works fine for me.

There could be any number of things that cause an individual issue, which may or may not be related to Firefox itself :-/

link
chungy 1045 days ago
Indeed, I have strict mode enabled, uBlock Origin, containers, and the game works completely fine.
link
capitainenemo 1045 days ago
Resist Fingerprinting was enabled. I updated my comment to note that.

BTW, Resist Fingerprinting's main impact (for me) has been to increase triggering of "Click and Hold to prove you are not a bot" on sites relying on fingerprinting as an anti-bot measure (Drupal, Walmart, Kickstarter). On some of those, the developer doesn't even realise that measure can trigger, and it triggers in a background XHR (Kickstarter does this sometimes).

This is still better than some other sites like Lowes and Fedex where the entire site (Lowes) or backend API (Fedex package tracking) simply errors due to an Akamai block without any option to prove yourself. For those, you pretty much just have to use another Firefox profile with fingerprinting allowed (or another website).

.. oh, and none of the stuff above is due to Firefox blocking anything (like in the situation of this game where you have to click in the URL bar on the image icon) it's entirely due to the setting working too well, and making the user suspiciously generic :)

link