Hardware: Canvas
Updated 1 month ago
by
Yana Shch
Related articles
- Hardware: AudioContext
- Hardware: WebGL
- The great myth of canvas fingerprinting
- How canvas fingerprint blockers make you easily trackable
- Everything you need to know about canvas fingerprinting
- Checking Canvas fingerprint on 100+ devices (video)
- What to do with hardware fingerprints? Discussing Canvas, WebGL, and AudioContext (video)
Canvas is an HTML5 API that is used to draw 2D graphics and animations on a web page.
Apart from its intended functions, Canvas can also be used as additional entropy in browser fingerprinting. According to Englehardt and Narayanan (2016), a study done by Princeton University, more than 5% of websites use canvas for fingerprinting purposes.
In summary, canvas fingerprinting works by asking the browser to draw a hidden canvas image. This image will be drawn slightly differently on various machines, but will be the same if machines are identical. After the image is drawn, it is converted into a hash string, which is further used as additional entropy in identification. A more detailed overview on how Canvas Fingerprinting works can be found on our blog here.
Fingerprints test
You can check what information about your canvas the websites can retrieve from Browserleaks' test.
Canvas modes
Multilogin allows you to control the canvas fingerprints of your browser profiles by providing three different modes of operation: Noise, Off, and Block.
Off Mode (default setting)
When Canvas masking is set to Off, websites will see the real canvas fingerprint of your machine.
Setting the mode to Off can be advantageous in cases where websites react badly to 100% unique or blocked canvas read-outs.
A way to further decrease the entropy of your browser profiles, and thus make them better blend-in within the normal distribution of users is to run Multilogin on Mac computers. Because Macs are very similar in their build nature, their Canvas fingerprints are very similar. In most cases, same models will have identical hashes.
Noise mode
When websites request a Canvas function read-out from your browser, the Canvas masking algorithm on Noise mode intercepts it in the middle of the way and adds a random but consistent noise to the read-out. The best analogy to understand how it works would be a voice modifier. When you apply voice modifier with a particular preset, it changes your voice, making it significantly different from your original voice but consistent over time.
Block mode
Block mode completely disables the ability of the website to read canvas. When a website tries to perform the read-out on a browser profile, where Canvas is set to Block, the returned value will be blank.
How this kind of situation may be treated is entirely up to the website's discretion. However, such events can even happen with users who are not intently trying to hide their canvas fingerprint, in cases where a browser error occurs in the process of retrieving the data of the canvas object.
Opening browser profiles on multiple machines
The added noise is persistent. However, it is added as a filter on top of the existing machine fingerprint. So, if the machine has changed, then the read-outs also change.
The Canvas hash with added Noise is not persistent
Below is a screenshot example. The same browser profile is opened on 2 different machines. Although the noise is persistent for that profile, the Canvas read-out is still different.
Solutions if non-changing read-outs are required on multiple devices
- Run Multilogin on identically configured Virtual Machines (VM) or Virtual Private Servers (VPS) with Hardware fingerprints set to Noise mode. Since these machines will be set up the same way, the masked Canvas fingerprints will remain consistent on multiple machines.
- Run Multilogin on identical PC models with the same hardware, driver and OS setup. Since these machines have the same hardware setup, the masked hardware prints will remain consistent on multiple machines.
- Run Multilogin on the same Mac computers. The same logic applies, but also helps with blending in better, as described above.