On subito.it I can upload pictures, but they are finally not being displayed

Hi.
I’m uploading pics for some ads on subito.it
When I add the picture, the thumbnail gets shown. Then, when I apply the change, the picture seems to be uploaded, but it does not appear as it is: instead, a one-color square is displayed, like this:
image
Can anyone help?
Thanks!

Hi @OxygeN, could you change your Tor Browser security level from “safer” to “standard” and try again?

See here how to change your security level:

1 Like

Hi and thanks for the suggestion - the security level is already set to “standard” :frowning: Any other thing I might check/try?

I believe you’re running into this issue because Tor Browser is blocking the website’s attempt to HTML5 Canvas Image Extraction.
(For more information about this, I’m quoting this particular section from the Tor Browser Design and Implementation Doc)

HTML5 Canvas Image Extraction

After plugins and plugin-provided information, we believe that the HTML5 Canvas is the single largest fingerprinting threat browsers face today. Studies show that the Canvas can provide an easy-access fingerprinting target: The adversary simply renders WebGL, font, and named color data to a Canvas element, extracts the image buffer, and computes a hash of that image data. Subtle differences in the video card, font packs, and even font and graphics library versions allow the adversary to produce a stable, simple, high-entropy fingerprint of a computer. In fact, the hash of the rendered image can be used almost identically to a tracking cookie by the web server.

In some sense, the canvas can be seen as the union of many other fingerprinting vectors. If WebGL is normalized through software rendering, system colors were standardized, and the browser shipped a fixed collection of fonts (see later points in this list), it might not be necessary to create a canvas permission. However, until then, to reduce the threat from this vector, we have patched Firefox to prompt before returning valid image data to the Canvas APIs, and for access to isPointInPath and related functions. Moreover, we put media streams on a canvas behind the site permission in that patch as well. If the user hasn’t previously allowed the site in the URL bar to access Canvas image data, pure white image data is returned to the JavaScript APIs. Extracting canvas image data by third parties is not allowed, though.

I think you might get a prompt to “Allow HTML5 image extraction” (wording can vary) and/or click on the small icon (depicting that canvas fingerprinting is blocked) on the extreme left of your URL bar to disable this feature. But, of course, that makes your browser fingerprint more unique.

Many thanks for your suggestion - I tried disabling the “HTML5 image extraction” feature, but it did not help either :frowning:
Anything more I could try/do? I’m not concerned about tracking/fingerprinting, I just need to use an Italian IP (I’m abroad) to modify my ads… :-/