Canvas Fingerprinting

PaleMoon browser has a <i>canvas.poisondata</i> config setting (also available in the Preferences GUI) which prevents such fingerprinting. However, note that these things are not used in isolation - browser fingerprinting is done by collecting various other data too, and when collated together, these can provide enough <i>uniqueness</i> to identify (or categorise) your browser into some specific group. We are fighting a losing battle for privacy.

You can test your browser here: <a href="https:&#x2F;&#x2F;coveryourtracks.eff.org&#x2F;" rel="nofollow">https:&#x2F;&#x2F;coveryourtracks.eff.org&#x2F;</a> Brave works super well for me. Chrome not so much.

If I open the website It says I have 99,9% uniqueness. So I&#x27;m trackable right ?<p>Yet when I open it again in another window, it says 100% uniqueness but it&#x27;s a different Signature than previously.<p>I think it&#x27;s saying it can&#x27;t track me, because signature would have to be the same for it to work yet I&#x27;m using regular Firefox, nothing fancy.<p>Is that technique really effective or I&#x27;m just wrong about the signature not being the same ?

Are there any browser extensions or tools that effectively prevent fingerprinting including canvas fingerprinting? Or is this one of those privacy battles we just have to accept as unwinnable?

I am not sure what it measures, but my privacy enhanced Firefox for browsing seems to show random numbers every time I load this URL and I always stay &quot;unique&quot;. Another browser shows &quot;signature stats&quot;. If I use my firefox, this won&#x27;t even show.<p>My Privacy Plug ins:<p>Plug ins:<p>Blend in and spoof most popular properties<p>BP Privacy block all font and glyph detection<p>Browser plugs fingerprint privacy randomizer<p>Canvas Blocker<p>Clear URLs<p>Cockie Auto delete<p>Decentral eyes<p>NoScript<p>Privacy Badger<p>Temporary Containers<p>uBlockOrigin

Some discussion in 2015 (47 points, 12 comments) <a href="https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=8887947">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;item?id=8887947</a>

I’m aware this is a naive question, but I find myself wondering why I care about being fingerprinted.<p>Seems like it can detect my browser, device, and OS. I kind of assumed it could do that anyways. What security concerns do I face if someone finds that information?

The safest way to browse the web in any browser is by disabling JavaScript or using a NoScript extension.<p>A lot of the web works surprisingly well still, and you can turn on just what you need when you need it, placing your most visited sites on an allow list, but still denying a lot of third party things on those sites.<p>The internet is a joy with js disabled virtually everywhere. And all the canvas fingerprinting, webrtc leak, font fingerprinting, super cookies, etc... are all defeated by simply not running JavaScript

There seems to be a lot of misconceptions about how fingerprinting and anti-fingerprinting techniques work.<p>I highly recommend reading this article, it is still WIP btw: <a href="https:&#x2F;&#x2F;github.com&#x2F;privacyguides&#x2F;privacyguides.org&#x2F;blob&#x2F;e81b8acc976f56e785c84de150784ea64191f87c&#x2F;docs&#x2F;advanced&#x2F;browser-fingerprinting.md">https:&#x2F;&#x2F;github.com&#x2F;privacyguides&#x2F;privacyguides.org&#x2F;blob&#x2F;e81b...</a>

This is a pain point when making browser games, as custom fonts break way too easily in some environments.

Currently use Safari and there&#x27;s no protection against canvas fingerprinting :(<p><a href="https:&#x2F;&#x2F;webkit.org&#x2F;tracking-prevention&#x2F;#anti-fingerprinting" rel="nofollow">https:&#x2F;&#x2F;webkit.org&#x2F;tracking-prevention&#x2F;#anti-fingerprinting</a>

What I find more interesting is how some sites can detect your OS even if you block JS and change the user agent to indicate something different. I assume it&#x27;s checking for known fonts or something similar.

I am on Safari and if I open two private windows with this websites it will give me two different signature values.<p>Chrome on the other hand will be give me two identical values.<p>So I guess Apple is doing something ...

I am confused.<p>You can already ask the browser what OS, CPU, device and browser it is without fingerprinting the canvas. You can get the version of the browser, and OS as well.<p>I use the popular US-Parser-JS library, works like a charm: <a href="https:&#x2F;&#x2F;www.npmjs.com&#x2F;package&#x2F;ua-parser-js" rel="nofollow">https:&#x2F;&#x2F;www.npmjs.com&#x2F;package&#x2F;ua-parser-js</a>. (I use it for <a href="https:&#x2F;&#x2F;web3dsurvey.com" rel="nofollow">https:&#x2F;&#x2F;web3dsurvey.com</a>.)<p>(Also the WebGL and WebGPU APIs will also tell you the GPU hardware you have.)

My Brave browser seems to be 100% unique.

Apple once disabled canvas for their devices for this reason and broke all my apps, haha.<p>80% of my projects use canvas

“It&#x27;s very likely that your web browser is Google Search App …”<p>It’s not. Do I win?

&gt;It&#x27;s very likely that your web browser is Chrome and your operating system is Android.<p>Android guess is correct. But the browser is Edge, not Chrome.

I know my priorities are questionable, but I&#x27;m more annoyed that I can&#x27;t expect consistent canvas rendering.