Canvas fingerprinting leverages the Canvas API, a JavaScript and HTML tool for drawing graphics, for online user tracking. It exploits subtle differences in how browsers render images to generate unique 'fingerprints' for each user, bypassing traditional cookie-based tracking methods.
The technique hinges on the variability of image rendering across different browsers, operating systems, and graphics cards. Even slight variations in font rendering and anti-aliasing create distinctive fingerprints. A short animated GIF illustrates how seemingly identical JavaScript code produces different images across 35 user systems.
The process involves using the toDataURL() function to extract pixel data, creating a base64-encoded string. This string is then typically hashed (e.g., using MD5) to produce a concise fingerprint, although CRC checksums from PNG files can also be used. The provided JavaScript code snippet offers an example of how to generate the image and extract its data.
The Canvas API, which is designed for drawing graphics via JavaScript and HTML, can also be used for online tracking via browser fingerprinting. This technique relies on variations in how canvas images are rendered on different web browsers and platforms to create a personalized digital fingerprint of a user's browser.
JavaScript Disabled
Canvas Support Detection Canvas 2D API Text API for Canvas Canvas toDataURL Canvas Fingerprint Signature Uniqueness Signature Stats It's very likely that your web browser is Web Browser and your operating system is Operating System.The way an image is rendered on a canvas can vary based on the web browser, operating system, graphics card, and other factors, resulting in a unique image that can be used to create a fingerprint. The way that text is rendered on a canvas can also vary based on the font rendering settings and anti-aliasing algorithms used by different web browsers and operating systems.
This small animated GIF illustrates the variability of canvas images among 35 different users. Although the JavaScript code remains the same, each frame is distinct due to differences in how the images are rendered on different systems:
Here is the JavaScript code that creates our image:
To generate a signature from the canvas, we need to extract the pixels from the application's memory by calling the toDataURL() function. This function returns a base64-encoded string representing the binary image file. We can then compute an MD5 hash of this string to obtain the canvas fingerprint. Alternatively, we could extract the CRC checksum from the IDAT chunk, which is located 16 to 12 bytes from the end of every PNG file, and use it as our canvas fingerprint.
If you often open multiple tabs and struggle to keep track of them, Tabs Reminder is the solution you need. Tabs Reminder lets you set reminders for tabs so you can close them and get notified about them later. Never lose track of important tabs again with Tabs Reminder!
Try our Chrome extension today!
Share this article with your
friends and colleagues.
Earn points from views and
referrals who sign up.
Learn more