Clicky

Hardware: Canvas

Updated 5 days ago by Yana Shch

Related articles

Canvas is an HTML5 API that is used to draw 2D graphics and animations on a web page.

Apart from its intended functions, Canvas can also be used as additional entropy in browser fingerprinting. According to Englehardt and Narayanan (2016), a study done by Princeton University, more than 5% of websites use canvas for fingerprinting purposes.

In summary, canvas fingerprinting works by asking the browser to draw a hidden canvas image. This image will be drawn slightly differently on various machines, but will be the same if machines are identical. After the image is drawn, it is converted into a hash string, which is further used as additional entropy in identification. A more detailed overview on how Canvas Fingerprinting works can be found on our blog here.

Fingerprints test

You can check what information about your canvas the websites can retrieve from Browserleaks' test.

Canvas modes

Multilogin allows you to control the canvas fingerprints of your browser profiles by providing three different modes of operation: Noise, Off, and Block.

Off Mode (default setting)

When Canvas masking is set to Off, websites will see the real canvas fingerprint of your machine.

Setting the mode to Off can be advantageous in cases where websites react badly to 100% unique or blocked canvas read-outs.  

Remember! In the real world, canvas fingerprint hashes are not unique, since multiple copies of your machine setup exist elsewhere in the world. So by revealing your real canvas fingerprint, you only fall within the same segment of users who have the same hardware setup. Furthermore, by altering other fingerprints, you increase the entropy by which websites will be able to see your browser profiles as separate identities.

A way to further decrease the entropy of your browser profiles, and thus make them better blend-in within the normal distribution of users is to run Multilogin on Mac computers. Because Macs are very similar in their build nature, their Canvas fingerprints are very similar. In most cases, same models will have identical hashes.

Noise mode

When websites request a Canvas function read-out from your browser, the Canvas masking algorithm on Noise mode intercepts it in the middle of the way and adds a random but consistent noise to the read-out. The best analogy to understand how it works would be a voice modifier. When you apply voice modifier with a particular preset, it changes your voice, making it significantly different from your original voice but consistent over time.

Since random noise is applied to the read-out, websites may perceive the fingerprint as being 100% unique, if statistical analysis is applied.

Block mode

Block mode completely disables the ability of the website to read canvas. When a website tries to perform the read-out on a browser profile, where Canvas is set to Block, the returned value will be blank.

How this kind of situation may be treated is entirely up to the website's discretion. However, such events can even happen with users who are not intently trying to hide their canvas fingerprint, in cases where a browser error occurs in the process of retrieving the data of the canvas object.

Opening browser profiles on multiple machines

Don't forget! If you've created a browser profile with Canvas set to Noise and open it on various machines with different hardware installed, the website will see that the Canvas hash is not persistent across multiple launches.

The added noise is persistent. However, it is added as a filter on top of the existing machine fingerprint. So, if the machine has changed, then the read-outs also change. 

The Canvas hash with added Noise is not persistent

Below is a screenshot example. The same browser profile is opened on 2 different machines. Although the noise is persistent for that profile, the Canvas read-out is still different.

Solutions if non-changing read-outs are required on multiple devices

  1. Run Multilogin on identically configured Virtual Machines (VM) or Virtual Private Servers (VPS) with Hardware fingerprints set to Noise mode. Since these machines will be set up the same way, the masked Canvas fingerprints will remain consistent on multiple machines.
  2. Run Multilogin on identical PC models with the same hardware, driver and OS setup. Since these machines have the same hardware setup, the masked hardware prints will remain consistent on multiple machines.
  3. Run Multilogin on the same Mac computers. The same logic applies, but also helps with blending in better, as described above.
Video on the topic

Check out our latest news, research and tutorials


Was this article helpful?