Overriding Browser API's

Question

I am developing a webextension in javascript for Firefox, Chrome etc.

It is designed to prevent the users browser from being fingerprinted.

Since the majority of information used to build browser fingerprints comes from javascript API's in the browser itself, is it possible to change/spoof the values that common API's might return from within a webextension/addon?

If this is not directly possible then is there any way to control what values these API's return to the website doing the fingerprinting to protect the users privacy?

Examples of API's I am talking about are:

user agent
screen print
color depth
current resolution
available resolution
device XDPI
device YDPI
plugin list
font list
local storage
session storage
timezone
language
system language
cookies
canvas print

Answer 1

You can try using Object.defineProperty():

The Object.defineProperty() method defines a new property directly on an object, or modifies an existing property on an object, and returns the object.

console.log(window.screen.colorDepth); // 24

Object.defineProperty(window.screen, 'colorDepth', {
  value: 'hello world',
  configurable: true 
});

console.log(window.screen.colorDepth); // hello world

In the above we're using Object.defineProperty to change the value of the property window.screen.colorDepth. This is where you would spoof the values using whatever method you want. You can use this same logic for modifying whichever properties you want to spoof (navigator.userAgent for example)

But there is a separation between the page's global object and the plugins global object. You should be able to overcome that by injecting the script into the document:

var code = function() {
    console.log(window.screen.colorDepth); // 24

    Object.defineProperty(window.screen, 'colorDepth', {
      value: 'hello world',
      configurable: true 
    });

    console.log(window.screen.colorDepth); // hello world
};

var script = document.createElement('script');
script.textContent = '(' + code + ')()';
(document.head||document.documentElement).appendChild(script);

See here and here for more info. You can download a working chrome extension using the above code here (unzip the folder, navigate to chrome://extensions in chrome and drop the folder into the window)