Detect WebGL Fingerprint

This page uses different techniques to recognize whether a browser extension is installed to spoof the webgl fingerprint result or not. Sometimes to protect browser identity, a browser extension adds random noise to the canvas image (which is rendered in the GPU) and this noise alters the fingerprint result (hash code). Although the actual identity might be protected, there are still methods to detect whether the webgl result is manipulated or not. For instance, if manipulation is identified, the server may decide to ignore the webgl identity and uses a different approach to identify the browser session.

What is webgl fingerprinting?

It is a technique used to identify a browser. This method can be used to distinguish a browser, for instance, display personalized advertisements or uniquely identify a browser on the next visit(s) even though a user has no login details available. This technique uses your browser "Canvas" element which is basically a painting box and renders an image in the GPU (graphics card). JavaScript engine can create a new Canvas element and write custom shapes or texts into this area. To perform fingerprinting, a custom shape is printed in this area and then the result is converted to a unique id (hash code). Since the printing buffer relies on the capabilities of the graphical card and monitor resolution, it provides a pretty good unique id.

How can I protect my browser to prevent webgl fingerprinting

Some browsers have internal modules where the user can activate to protect against webgl fingerprinting. Some others do not offer such a capability. In these browsers, you can install a browser extension to simulate the native behavior. A module needs to alter the webgl property so that the fingerprint data would be altered and not unique. There are two popular methods to achieve this. Some browsers or extensions add random noise (i.e. nearly invisible pixels) into the canvas area which would result in an invalid identification hash code. Some others insert these pixels in random positions to make sure each fingerprint is different from the previous one. The former method generates a unique id, but this id is "new" and hence browser information is protected. According to our tests, the second method protects the user even more by generating random id on each visit.

If I have webgl fingerprint protection enabled, is it still possible to identify my browser?

The short answer is Yes, but, it is much harder to identify your browser comparing to when you don't have any protection method. Read below to get more info about browser identification.

There are many methods to identify a browser. The webgl fingerprinting is a popular and simple one which is used frequently. Note that even if you have the fingerprint protection enabled, still, most likely, it is possible to detect that there is a protection method active. In this page, there are two methods used for protection detection.

1. Detect fixed webgl manipulation: in this technique, a fixed image is printed on the canvas area (which will be rendered in the GPU) and then the hash code is generated. If there is no protection in place, a determined value for the hash code is expected. If not, then the browser uses the first protection method.

2. In this method, the hash code is generated twice once before the DOM is ready and once after it is fully loaded on the exact same image. If hash codes differ, then the fingerprinting is protected. Note that it is possible to identify protection and use an alternative method if the ID that is generated by this method is unreliable.

Related Blog Posts

1. Privacy Concerns in Browsers: With some extensions spying on people and Firefox getting ads, is there a better browser than others for privacy? Should one use something such as...
2. The Best Privacy and Security-Focused Web Browsers: The truth is that the web browser which one uses knows a lot about them. For example, it knows which sites one visits. However, the question is which are the best browsers for privacy...