1. What is canvas fingerprinting?
The term canvas fingerprinting appeared for the first time in 2012 in the document Pixel Perfect: Fingerprinting Canvas in HTML5 published by Keaton Mowery and Hovav Shacham from Department of Computer Science and Engineering University of California, San Diego La Jolla, California, USA.
Until the date of the document’s publication, tracking methods for visitors of a web page were the classic ones (e.g. IP address, user agent, browser language and operating system language, cookies, etc.).
To obtain this fingerprint, a website renders text and WebGL scenes to a <canvas> element, and then examines the pixels produced. Different systems produce different output, and therefore different fingerprints. Even very simple tests — such as rendering a single sentence in a widely distributed system font — produce surprising variation. (Pixel Perfect: Fingerprinting Canvas in HTML5)
Canvas fingerprinting has more advantages than other online tracking methods:
– It is consistent: because it is based mostly on hardware components of your device, so if you visit the site again, it will be the same.
– It is high-entropy: From the test made over time, the result was that there is a very large percentage of unique fingerprints (116 unique fingerprint/294 visitors).
– It is orthogonal to other fingerprints: measures graphics driver and GPU model, which is independent of other possible fingerprints.
– It is transparent to the user: the test lasts less than a second and the user will not see anything on the screen.
2. How we should not defend against canvas fingerprinting:
– Using portable browsers (e.g. Portable Mozilla Firefox)
– Changing the screen resolution
– Cleaning the browser’s history and cookies
– Restarting the device
– Using programs for disk freezing (as deep freeze)
3. How we should defend from canvas fingerprinting?
Blocking the Canvas function
It may be a productive method, but in this case your tracking would be an easy enough process for those sites with many visitors.
For a large number of visitors, they are split (for example) on the browser / operating system / screen resolution groups.
Perhaps a fairly small percentage of them will have the same browser / operating system / screen resolution as you do. From your group, quite small now, it is quite possible that you only block the canvas functions and so you can be tracked much easier.
Use Mozilla Firefox + plugin “Canvas Blocker“
Step 1 (install – how to install canvas blocker)
– Open Mozilla Firefox
– Write in address bar “about:addons” and press Enter
– Click on “Extensions” (in left side)
– Type in the search box (upper right) “Canvasblocker” and press Enter
– Click on the Install button from “Canvasblocker (Blocks the JS-API for modifying <canvas> […])”
– Click on “Add” and “Ok”
Step 2 (configure – how to use canvas blocker)
– Click on Extensions (left side on “about:plugins” page)
– Click on “Preferences” (on CanvasBlocker row)
– Go to the bottom of this plugin page and check “Expert mode” box
– Set “Random number generator” to “Persistent”
– Uncheck the “Use canvas cache” box
– Uncheck the “Show Notifications” box
– Close the browser
Open your browser and go to iptest.club and copy your Canvas fingerprinting string in notepad text.
Close the browser.
Open your browser again and go to iptest.club and copy your Canvas fingerprinting string in same notepad text.
Compare the two results in the text file. If they are different, canvas fingerprinting is gone.
Every time you want to have a new identity you need to close all Mozila Firefox tabs and open a new one.