Canvasblocker: Can not create New Google account after new 1.6 update

Created on 20 Jun 2021  路  21Comments  路  Source: kkapsner/CanvasBlocker

Thanks for taking time to release new update.
I am having issue with 1.6 installed + New google account signup.
Google just deny and says " you can not signup for google account right now, try again"
When I downgrade to 1.5 with exactly same setting. I do not get this error.

bug

Most helpful comment

I also assume it's the proxy.

Version 1.6 has been deactivated for the moment until I know what's the problem.

All 21 comments

image

image

I'm currently not able to create a google account without having CanvasBlocker installed (even in a VM)... so either they blocked my IP (because of my many tries) or they have a problem on their side. Can you try again?

I'm currently not able to create a google account without having CanvasBlocker installed (even in a VM)... so either they blocked my IP (because of my many tries) or they have a problem on their side. Can you try again?

Thanks, On same OS and Firefox browser and IP address. I upgraded and then this error/block hit. I removed 1.6 and then installed version 1.5, Block is gone. I think newer version is blocking something from Google Signup Page. Could you check Browser Console log above.

This is not an error from Google, But response to some of element blocked in 1.6 version.

I seem to be able to confirm this issue. Though not when creating an account, but rather when just logging in.

image

Downgrading to 1.5 fixes the issue.

Just want to confirm this issue on new v1.6 update.Google account login say "this browser or app may not be secure". I tried to reset canvas blocker back to its default setting but the problem still persist. Using back v1.5 fixed this issue rite now.

I've observed the "browser may be insecure, use another browser" prompt too one time, while using the Beta version, but erroneously didn't expect it to be related to CanvasBlocker.
Whitelisting "accounts.google.com" as a whole seems to be sufficient for the time being, to get the password mask to load again, however just deactivating the API protection for DOMRects and Screen (+ Data-URL, for good measure) - the two APIs getting spoofed by CB - is not. I would suspect that Google is picking up that the site has been tampered with somewhere along the chain, maybe through the new CB proxy?

I also assume it's the proxy.

Version 1.6 has been deactivated for the moment until I know what's the problem.

I found the problem with the login (no solution yet...).
But I'm still unable to test the account creation as it does not work at all (even in a different browser).

Google does weird stuff with toString()...

unable to test the account creation

I'd assume the fix for the login will fix this too.

Google does weird stuff with toString()

Want to share?

Can anybody check the account creation with the new alpha (https://canvasblocker.kkapsner.de/versions/)? It's still not working for me in any browser.

Want to share?

Did not investigate in detail, but the issue is that they store the toString function from an empty iframe and use it much later. Until then Firefox already triggered some garbage collection and I end up with a "Dead Object".
And the call toString on everything... I think they do some fingerprinting about that.

Can anybody check the account creation with the new alpha (https://canvasblocker.kkapsner.de/versions/)? It's still not working for me in any browser.

Want to share?

Did not investigate in detail, but the issue is that they store the toString function from an empty iframe and use it much later. Until then Firefox already triggered some garbage collection and I end up with a "Dead Object".
And the call toString on everything... I think they do some fingerprinting about that.

I will check it now, Thanks.
Yes they do fingerprinting to avoid multiple accounts posts.

Can anybody check the account creation with the new alpha (https://canvasblocker.kkapsner.de/versions/)? It's still not working for me in any browser.

Want to share?

Did not investigate in detail, but the issue is that they store the toString function from an empty iframe and use it much later. Until then Firefox already triggered some garbage collection and I end up with a "Dead Object".
And the call toString on everything... I think they do some fingerprinting about that.

Can this stored function made available later on with change to CB? How can we see toString value stored?

Can this stored function made available later on with change to CB? How can we see toString value stored?

Not 100% sure what you mean. I store the function itself in a variable. It can only be seen in the debugger if you set a breakpoint in the extension.js on line 154. But for what purpose do you want to see it. It's just a core javascript function.

Can this stored function made available later on with change to CB? How can we see toString value stored?

Not 100% sure what you mean. I store the function itself in a variable. It can only be seen in the debugger if you set a breakpoint in the extension.js on line 154. But for what purpose do you want to see it. It's just a core javascript function.

Google is definitely checking this function later on. Its value.

I just checked Alpha version. canvasblocker_beta-1.7Alpha20210621-an+fx.xpi

It works. Thank you.

Can the problem of "Dead Object". resolved?

The Alpha version resolved the "Dead Object" problem (you can look at the commit to see what I changed for it). When the account creation now works with it this issue is solved.

The Alpha version resolved the "Dead Object" problem (you can look at the commit to see what I changed for it). When the account creation now works with it this issue is solved.

Excellent, I will check it with one more test and then close it. Thanks for help and support.

Thanks for bringing this to my attention.

Logins and account creation are both working now, thanks for your swift work.

Was this page helpful?
0 / 5 - 0 ratings