Search code examples
privacyfingerprinting

What is canvas fingerprinting? How to counter it?

I know about these methods and how to counter them:

  • WebGL fingerprinting
  • Navigator data collecting
  • Flash plugin fingerprinting
  • Java applets

    My questions:
  • What about Canvas Fingerprinting? How to counter it?
  • Are there any other methods of fingerprinting?
  • Is disabling webGL plugin in firefox through about:config tab has any drawbacks?
Solution

  • Canvas fingerprinting exploits the fact that rendered text varies and depends on the users operating system, browser, video card, video driver and installed fonts. Hidden text is rendered and the result is used to track a user with high reliability, although the fingerprint can change over time when additional fonts are installed (see also the Wikipedia article on canvas fingderprinting)

    It's hard to distinguish between legitimate use of the canvas object and malicious use thereof. The Tor-Browser for example shows a warning for every canvas object and leaves the decision to render it to the user.

    Counter measures include:

    • disabling JavaScript (rendering many sites unusable)
    • blacklisting known external tracker sites
    • adding random data to canvas elements

    In the end, everything that makes your user unique can be used for fingerprinting. For example if you are the only one that disabled WebGL in Firefox, you can be tracked.