Homepage

Detect Canvas Fingerprint

Do I have a canvas fingerprint spoofer installed in my browser
Logo

Advertisement

About

This page uses different techniques to recognize whether a browser extension is installed to spoof the canvas fingerprint result or not. Sometimes to protect browser identity, a browser extension adds random noise to the canvas and this noise alters the fingerprint result (hash code). Although the actual identity might be protected, there are still methods to detect whether the canvas result is manipulated or not. For instance, if manipulation is identified, the server may decide to ignore the canvas identity and uses a different approach to identify the browser session.

Fingerprint Spoofed

Is browser canvas fingerprint spoofedLoading...

Canvas Support in Your Browser

Canvas (basic support)Loading...
Text API for CanvasLoading...
Canvas toDataURLLoading...

Fingerprint Results

Fingerprint ID
Method: red solid box
Loading...
Is fingerprint spoofed by persistent noiseLoading...
Fingerprint ID
When: before DOM load
Method: random image with color mixing
Loading...
Fingerprint ID
When: after DOM load
Method: random image with color mixing
Loading...
Is fingerprint spoofed by random noiseLoading...
Description

What is canvas fingerprinting?

It is a technique used to identify a browser. This method can be used to distinguish a browser, for instance, display personalized advertisements or uniquely identify a browser on the next visit(s) even though a user has no login details available. This technique uses your browser "Canvas" element which is basically a painting box. JavaScript engine can create a new Canvas element and write custom shapes or texts into this area. To perform fingerprinting, a custom shape is printed in this area and then the result is converted to a unique id (hash code). Since the printing buffer relies on the capabilities of the graphical card and monitor resolution, it provides a pretty good unique id.

How can I protect my browser to prevent canvas fingerprinting

Some browsers have internal modules where the user can activate to protect against canvas fingerprinting. Some others do not offer such a capability. In these browsers, you can install a browser extension to simulate the native behavior. A module needs to alter the canvas property so that the fingerprint data would be altered and not unique. There are two popular methods to achieve this. Some browsers or extensions add random noise (i.e. nearly invisible pixels) into the canvas area which would result in an invalid identification hash code. Some others insert these pixels in random positions to make sure each fingerprint is different from the previous one. The former method generates a unique id, but this id is "new" and hence browser information is protected. According to our tests, the second method protects the user even more by generating random id on each visit.

If I have canvas fingerprint protection enabled, is it still possible to identify my browser?

The short answer is Yes, but, it is much harder to identify your browser comparing to when you don't have any protection method. Read below to get more info about browser identification.

There are many methods to identify a browser. The canvas fingerprinting is a popular and simple one which is used frequently. Note that even if you have the fingerprint protection enabled, still, most likely, it is possible to detect that there is a protection method active. In this page, there are two methods used for protection detection.

1. Detect fixed canvas manipulation: in this technique, a fixed image is printed on the canvas area and then the hash code is generated. If there is no protection in place, a determined value for the hash code is expected. If not, then the browser uses the first protection method.

2. In this method, the hash code is generated twice once before the DOM is ready and once after it is fully loaded on the exact same image. If hash codes differ, then the fingerprinting is protected. Note that it is possible to identify protection and use an alternative method if the ID that is generated by this method is unreliable.

Related Blog Posts

  1. Privacy Concerns in Browsers: With some extensions spying on people and Firefox getting ads, is there a better browser than others for privacy? Should one use something such as...
  2. The Best Privacy and Security-Focused Web Browsers: The truth is that the web browser which one uses knows a lot about them. For example, it knows which sites one visits. However, the question is which are the best browsers for privacy...
Comments and feedback