I thought I was fairly well up with the play, but this new-ish Firefox feature confuses me.
What information is gained by reading back a rendered canvas? Colour depth maybe?
2 Likes
The main problem is that different computers will render canvases slightly differently from each other based on their GPU (and also their OS, installed fonts, browser, & probably other factors), but the same computer will render the same canvas identically every time.
So: it is both very unique (not many people have the same exact setup as you), but very stable (doesn’t naturally change when you browse the web), which is exactly perfect for people wanting to fingerprint a specific user across sites or sessions.
Additionally, you can create canvases that only target one of these factors. So a fingerprinting vendor could make a canvas that mainly takes into account variations in GPUs, and then they could run the test with a lot of different GPUs and save the results. Then they can test you and compare against their dataset to see what GPU you have. It’s a very flexible tool.
That also means that even with canvas randomization while a website may no longer be able to get a unique fingerprint anymore, they can probably still use canvas techniques to determine more broad details about your hardware and/or software.
6 Likes