Canvas is an HTML5 API that is used to draw 2D graphics and animations on a web page.
Apart from its intended functions, Canvas can also be used as additional entropy in browser fingerprinting. According to Englehardt and Narayanan (2016), a study done by Princeton University, more than 5% of websites use canvas for fingerprinting purposes.
In summary, canvas fingerprinting works by asking the browser to draw a hidden canvas image. This image will be drawn slightly differently on various machines but will be the same if machines are identical. After the image is drawn, it is converted into a hash string, which is further used as additional entropy in identification. A more detailed overview on how Canvas Fingerprinting works can be found on our blog here.
Incogniton allows you to control the canvas fingerprints of your browser profiles by providing three different modes of operation: Noise, Off, and Block.
Noise mode #
When websites request a Canvas function readout from your browser, Canvas masking algorithm on Noise mode intercepts it in the middle of the way and adds a random but consistent noise to the readout. The best analogy to understand how it works would be a voice modifier. When you apply voice modifier with a particular preset, it changes your voice, making it significantly different from your original voice but consistent over time.Since random noise is applied to the readout, websites may perceive the fingerprint as being 100% unique, if statistical analysis is applied.
Off Mode #
When Canvas masking is set to Off, websites will see the real canvas fingerprint of your machine.
Setting the mode to Off can be advantageous in some cases, where websites react badly to 100% unique or blocked canvas readouts. Remember! In the real world, canvas fingerprint hashes are not unique, since multiple copies of your machine setup exist elsewhere in the world. So by revealing your real canvas fingerprint, you only fall within the same segment of users who have the same hardware setup. Furthermore, by altering other fingerprints, you increase the entropy by which websites will be able to see your browser profiles as separate identities.
A way to further decrease the entropy of your browser profiles, and thus, make them better blend-in within the normal distribution of users is to run Incogniton on Mac computers. Because Macs are very similar in their build nature, their Canvas fingerprints are very similar. In most cases, same models will have identical hashes.
Block mode #
Block mode completely disables the ability of the website to read canvas. When a website will try to perform the readout on a browser profile, where Canvas is set to Block, the returned value will be blank.
Whether how such situation may be treated is entirely up to the website’s discretion. However, such events can even happen with users, who are not intently trying to hide their canvas fingerprint, in cases where a browser error occurs in the process of retrieving the data of the canvas object.
Opening browser profiles on multiple machines #
Don’t forget! If you’ve created a browser profile with Canvas set to Noise and open it on various machines with different hardware installed, the website will see that the Canvas hash is not persistent across multiple launches.
The added noise is persistent. However, it is added as a filter on top of the existing machine fingerprint. So, if the machine has changed, then the readouts also change.
Bellow is a screenshot example. The same browser profile is opened on 2 different machines. Although the noise is persistent for that profile, the Canvas readout is still different.
If non-changing readouts are required on multiple devices, then there are few solutions:
- Run Incogniton on identically configured Virtual Machines (VM) or Virtual Private Servers (VPS) with Hardware fingerprints set to Noise mode. Since these machines will be set up the same way, the masked Canvas fingerprints will remain consistent on multiple machines.
- Run Incogniton on identical PC models with the same hardware, driver and OS setup. Since these machines have the same hardware setup, the masked hardware prints will remain consistent on multiple machines.
- Run Incogniton on the same Mac computers. The same logic applies, but also help better blend in as it’s described in above.