Detect WebGPU Fingerprint

Do I have a webgpu fingerprint spoofer installed in my browser



This page uses different techniques to recognize whether a browser extension is installed to spoof the webgpu fingerprint result or not. Sometimes to protect browser identity, a browser extension adds random noise to the Canvas image (which is rendered in the GPU) and this noise alters the fingerprint result (hash code). Although the actual identity might be protected, there are still methods to detect whether the webgpu result is manipulated or not. For instance, if manipulation is identified, the server may decide to ignore the webgpu identity and uses a different approach to identify the browser session.

Fingerprint Spoofed

Is browser webgpu fingerprint spoofedLoading...

WebGPU Support in Your Browser

WebGPU (basic support)Loading...

Fingerprint Results

Fingerprint ID
Method: red solid box
Fingerprint ID
Method: WebGPU specs
Is fingerprint spoofed by persistent noiseLoading...
Fingerprint ID
When: before DOM load
Method: random image with color mixing
Fingerprint ID
When: after DOM load
Method: random image with color mixing
Is fingerprint spoofed by random noiseLoading...
WebGPU adapter info
WebGPU adapter features
WebGPU adapter limits
WebGPU device limits
WebGPU texture formats

What is webgpu fingerprinting?

It is a technique used to identify a browser. This method can be used to distinguish a browser, for instance, display personalized advertisements or uniquely identify a browser on the next visit(s) even though a user has no login details available. This technique uses your browser GPU API (WebGPU), which is basically an API to access the graphical processing unit that renders graphics content in the graphics card. JavaScript engine can create a graphic container with Canvas (or similar) element and write custom shapes or texts into this area via the WebGPU. To perform fingerprinting, a custom shape is printed in this area and then the result is converted to a unique id (hash code). Since the printing buffer relies on the capabilities of the graphical card and monitor resolution, it provides a pretty good unique id.

How can I protect my browser to prevent webgpu fingerprinting

Some browsers have internal modules that the user can activate to protect against webgpu fingerprinting. Some others do not offer such a capability. In these browsers, you can install a browser extension to simulate the native behavior. A module needs to alter the webgpu function so that the fingerprint data would be altered and not unique. There are two popular methods to achieve this. Some browsers or extensions add random noise (i.e. nearly invisible pixels) into the GPU calculations which would result in an invalid identification hash code. Some others insert pixels in random positions or (add noise to the current pixel positions) to make sure each fingerprint is different from the previous one. The former method generates a unique ID, but this ID is "new" and hence browser information is protected. According to our tests, the second method protects the user even more by generating random IDs on each visit.

If I have webgpu fingerprint protection enabled, is it still possible to identify my browser?

The short answer is Yes, but, it is much harder to identify your browser comparing to when you don't have any protection method. Read below to get more info about browser identification.

There are many methods to identify a browser. The webgpu fingerprinting is a popular and new method. Note that even if you have the fingerprint protection enabled, still, most likely, it is possible to detect that there is a protection method active. In this page, there are two methods used for protection detection.

1. Detect fixed webgpu manipulation: in this technique, a fixed image is printed on the Canvas area (which will be rendered in the GPU) and then the hash code is generated. If there is no protection in place, a determined value for the hash code is expected. If not, then the browser uses the first protection method.

2. In this method, the hash code is generated twice, once before the DOM is ready and once after it is fully loaded on the exact same image. If hash codes differ, then the fingerprinting is protected. Note that it is possible to identify protection and use an alternative method if the ID that is generated by this method is unreliable.

Related Blog Posts

  1. Privacy Concerns in Browsers: With some extensions spying on people and Firefox getting ads, is there a better browser than others for privacy? Should one use something such as...
  2. The Best Privacy and Security-Focused Web Browsers: The truth is that the web browser which one uses knows a lot about them. For example, it knows which sites one visits. However, the question is which are the best browsers for privacy...
Comments and feedback